× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f7ab9161edaf9c3995ec61843ed5b78ee0d9c7f8f9d3bcd6e03a13310bedc38
File name: fr5_d19.exe
Detection ratio: 1 / 57
Analysis date: 2016-04-01 22:13:11 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160401
Ad-Aware 20160401
AegisLab 20160401
AhnLab-V3 20160401
Alibaba 20160401
ALYac 20160401
Antiy-AVL 20160401
Arcabit 20160401
Avast 20160401
AVG 20160401
Avira (no cloud) 20160401
AVware 20160401
Baidu 20160331
Baidu-International 20160401
BitDefender 20160401
Bkav 20160401
CAT-QuickHeal 20160401
ClamAV 20160401
CMC 20160401
Comodo 20160401
Cyren 20160401
DrWeb 20160401
Emsisoft 20160401
ESET-NOD32 20160401
F-Prot 20160401
F-Secure 20160401
Fortinet 20160401
GData 20160401
Ikarus 20160401
Jiangmin 20160401
K7AntiVirus 20160401
K7GW 20160401
Kaspersky 20160401
Kingsoft 20160401
Malwarebytes 20160401
McAfee 20160401
McAfee-GW-Edition 20160401
Microsoft 20160401
eScan 20160401
NANO-Antivirus 20160401
nProtect 20160401
Panda 20160401
Qihoo-360 20160401
Sophos AV 20160401
SUPERAntiSpyware 20160401
Symantec 20160331
Tencent 20160401
TheHacker 20160330
TotalDefense 20160330
TrendMicro 20160401
TrendMicro-HouseCall 20160401
VBA32 20160401
VIPRE 20160401
ViRobot 20160401
Yandex 20160316
Zillya 20160401
Zoner 20160401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00065190
Number of sections 3
PE sections
Overlays
MD5 7b39ab9cbeee5607c37fd48bf7e0365b
File type data
Offset 144896
Size 28011760
Entropy 8.00
PE imports
LoadLibraryA
ExitProcess
GetProcAddress
RegCloseKey
InitCommonControls
BitBlt
CoInitialize
LoadTypeLib
ShellExecuteA
VerQueryValueA
Number of PE resources by type
RT_STRING 8
RT_ICON 4
RT_RCDATA 4
RT_DIALOG 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 20
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
139264

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x65190

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
274432

File identification
MD5 bf5e94328cf14b5bc7b8c5d188918a33
SHA1 8fbc5cc5153fc453a6dd7c827839a9faf5f41614
SHA256 1f7ab9161edaf9c3995ec61843ed5b78ee0d9c7f8f9d3bcd6e03a13310bedc38
ssdeep
786432:9pVei0PLelsGbOvDXklo5fCJsBy6kqWyeZJ7A7r:1eiU6bIXqyfZHk7yeZNA7r

authentihash a8e30ce38649e2f26a92d8eb522deef0d6c7c4ad570b7842a46766d4fd35e64f
imphash 47913b68f1b7d2f7585792df7a7249bc
File size 26.9 MB ( 28156656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (32.6%)
Win32 EXE Yoda's Crypter (32.0%)
DOS Borland compiled Executable (generic) (12.0%)
Win32 Dynamic Link Library (generic) (7.9%)
Win32 Executable (generic) (5.4%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2015-11-13 11:29:19 UTC ( 3 years ago )
Last submission 2018-08-19 09:54:55 UTC ( 3 months ago )
File names fr5_d19.exe
759225
fr5d19.exe
1F7AB9161EDAF9C3995EC61843ED5B78EE0D9C7F8F9D3BCD6E03A13310BEDC38
fr5_d19.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!