× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1ede8e9943daaee4184a362b2c16f3c47e8c3f622e50ff9579e4cd1d002358d8
File name: .
Detection ratio: 7 / 70
Analysis date: 2019-01-20 17:28:10 UTC ( 2 months ago ) View latest
Antivirus Result Update
Avast Win32:Trojan-gen 20190120
AVG Win32:Trojan-gen 20190120
Cylance Unsafe 20190120
ESET-NOD32 a variant of Win32/GenKryptik.CWOT 20190120
Malwarebytes Trojan.Banker 20190120
Panda Trj/GdSda.A 20190120
Rising Spyware.IcedId!8.F061/N3#86% (RDM+:cmRtazpcfHyMal2/cFi1IEESC1tI) 20190120
Acronis 20190119
Ad-Aware 20190120
AegisLab 20190120
AhnLab-V3 20190120
Alibaba 20180921
Antiy-AVL 20190120
Arcabit 20190120
Avast-Mobile 20190118
Avira (no cloud) 20190120
AVware 20180925
Babable 20180918
Baidu 20190118
BitDefender 20190120
Bkav 20190119
CAT-QuickHeal 20190120
ClamAV 20190120
CMC 20190120
Comodo 20190120
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190120
DrWeb 20190120
eGambit 20190120
Emsisoft 20190120
Endgame 20181108
F-Prot 20190120
F-Secure 20190120
Fortinet 20190120
GData 20190120
Ikarus 20190120
Sophos ML 20181128
Jiangmin 20190120
K7AntiVirus 20190120
K7GW 20190120
Kaspersky 20190120
Kingsoft 20190120
MAX 20190120
McAfee 20190120
McAfee-GW-Edition 20190120
Microsoft 20190120
eScan 20190120
NANO-Antivirus 20190120
Palo Alto Networks (Known Signatures) 20190120
Qihoo-360 20190120
SentinelOne (Static ML) 20190118
Sophos AV 20190120
SUPERAntiSpyware 20190116
Symantec 20190119
TACHYON 20190120
Tencent 20190120
TheHacker 20190118
TotalDefense 20190120
Trapmine 20190103
TrendMicro 20190120
TrendMicro-HouseCall 20190120
Trustlook 20190120
VBA32 20190118
ViRobot 20190120
Webroot 20190120
Yandex 20190118
Zillya 20190118
ZoneAlarm by Check Point 20190120
Zoner 20190120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2011 Doesperiod Amongdesert

Product AvidXchange Own Gashill
Original name Gashill.exe
Internal name AvidXchange OwnBelet Describeport
File version 11.4.81.37
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-15 11:34:52
Entry Point 0x00001E13
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
HeapSetInformation
GetCurrentProcess
GetCurrentDirectoryW
DecodePointer
GetCurrentProcessId
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
VirtualProtectEx
HeapSize
ExitProcess
GetFileTime
RaiseException
WideCharToMultiByte
GetModuleFileNameW
MoveFileExW
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
GetTempPathW
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TlsFree
TerminateProcess
GetWindowsDirectoryW
HeapCreate
WriteFile
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
SetupAdjustDiskSpaceListW
SetupRemoveFromDiskSpaceListW
SetupQueryDrivesInDiskSpaceListW
GetTopWindow
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 11
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
11.4.81.37

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
245248

EntryPoint
0x1e13

OriginalFileName
Gashill.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2011 Doesperiod Amongdesert

FileVersion
11.4.81.37

TimeStamp
2012:01:15 12:34:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AvidXchange OwnBelet Describeport

ProductVersion
11.4.81.37

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AvidXchange Own

CodeSize
74240

ProductName
AvidXchange Own Gashill

ProductVersionNumber
11.4.81.37

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 125138e24df4ab07f75ff8cec1bf6e56
SHA1 4cacfb25bbc8d240c646135291d6f57d8072de9c
SHA256 1ede8e9943daaee4184a362b2c16f3c47e8c3f622e50ff9579e4cd1d002358d8
ssdeep
3072:mkFCYv8Z4gFUdLkUyBDCp9ezN96v2hdySKfq/O5W1:mkFCYksdgUe3W2+om8

authentihash 42396fde52c00486e6c172544e159b26f23913cd0d692dfbbb93fbdbffcfb150
imphash c337027ed9d0e8060dd8c1a7a7dcc63f
File size 267.0 KB ( 273408 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-20 17:28:10 UTC ( 2 months ago )
Last submission 2019-01-20 17:28:10 UTC ( 2 months ago )
File names .
renpd.exe
AvidXchange OwnBelet Describeport
Gashill.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.