× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 214c0232e8543c80c7c6010319524231beab9d8689b8295f7e13296de886c15c
File name: 5.exe
Detection ratio: 6 / 55
Analysis date: 2016-02-19 13:27:23 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.5E07 20160219
McAfee Ransomware-Locky!7EE73D1CFF29 20160219
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20160219
Qihoo-360 QVM20.1.Malware.Gen 20160219
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160219
VBA32 Malware-Cryptor.Grygoryi.3 20160219
Ad-Aware 20160219
AegisLab 20160219
Yandex 20160217
AhnLab-V3 20160219
Alibaba 20160219
ALYac 20160219
Antiy-AVL 20160219
Arcabit 20160219
Avast 20160219
AVG 20160219
Avira (no cloud) 20160219
AVware 20160219
Baidu-International 20160219
BitDefender 20160219
ByteHero 20160219
CAT-QuickHeal 20160219
ClamAV 20160219
CMC 20160219
Comodo 20160219
Cyren 20160219
DrWeb 20160219
Emsisoft 20160219
ESET-NOD32 20160219
F-Prot 20160219
F-Secure 20160219
Fortinet 20160218
GData 20160219
Ikarus 20160219
Jiangmin 20160219
K7AntiVirus 20160219
K7GW 20160219
Kaspersky 20160219
Malwarebytes 20160219
Microsoft 20160219
eScan 20160219
NANO-Antivirus 20160219
nProtect 20160219
Panda 20160218
Sophos AV 20160219
SUPERAntiSpyware 20160219
Symantec 20160218
Tencent 20160219
TheHacker 20160217
TrendMicro 20160219
TrendMicro-HouseCall 20160219
VIPRE 20160219
ViRobot 20160219
Zillya 20160218
Zoner 20160219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Info-ZIP 1997 - 2008

Product Zip
Original name m1c2.dll
Internal name !2z
File version 5.2
Description Info-7Ij 2ij for 1inme 2qnjole
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-19 11:24:49
Entry Point 0x000062BA
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
CryptDestroyKey
RegOpenCurrentUser
RegCloseKey
RegDeleteKeyW
RegEnumValueA
RegQueryValueExA
CryptEncrypt
RegEnumKeyW
RegCreateKeyExA
CryptHashData
RegQueryValueExW
CryptCreateHash
CryptDeriveKey
IsTextUnicode
LsaClose
RegOpenKeyExW
RegOpenKeyW
RegOpenKeyExA
RegDeleteValueA
LsaOpenPolicy
CryptReleaseContext
CryptAcquireContextA
RegDeleteValueW
CryptDecrypt
CryptDestroyHash
LsaFreeMemory
RegSetValueExW
FreeSid
RegEnumValueW
RegSetValueExA
EqualSid
InitCommonControlsEx
_TrackMouseEvent
GetObjectA
SetPixel
CreatePolygonRgn
CreateRectRgn
GetTextColor
RectVisible
CreatePalette
BitBlt
PtVisible
TextOutA
CreateFontIndirectA
AbortPath
PtInRegion
Polyline
LPtoDP
CombineRgn
AngleArc
AbortDoc
SetRectRgn
DPtoLP
AreFileApisANSI
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
FreeLibrary
VirtualProtect
GetModuleFileNameA
LoadLibraryA
GetStartupInfoA
ActivateActCtx
lstrlenW
MultiByteToWideChar
GetProcAddress
CreateMutexA
WideCharToMultiByte
GetModuleHandleA
lstrcpyA
GetCurrentProcess
CloseHandle
lstrcpynA
GetACP
GetFullPathNameA
GetOEMCP
LocalFree
CreateProcessA
GlobalAlloc
InterlockedDecrement
OutputDebugStringA
SetLastError
GetModuleBaseNameA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHGetDesktopFolder
GetForegroundWindow
GetParent
UpdateWindow
OffsetRect
DefWindowProcA
GetDoubleClickTime
GetSystemMetrics
IsWindow
GetWindowRect
EnableWindow
SetCapture
ReleaseCapture
EnumChildWindows
GrayStringA
IsWindowEnabled
DrawTextA
GetDlgCtrlID
SetWindowTextA
IsWindowVisible
IsZoomed
SendMessageA
SetForegroundWindow
SetRect
TabbedTextOutA
GetKeyboardLayout
FillRect
IsWindowUnicode
GetSystemMenu
GetWindowTextA
PtInRect
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
__p__fmode
_acmdln
??1type_info@@UAE@XZ
__dllonexit
_except_handler3
?terminate@@YAXXZ
_mbscmp
_onexit
_strdup
_XcptFilter
exit
__setusermatherr
_adjust_fdiv
__CxxFrameHandler
_mbsicmp
_CxxThrowException
_exit
__p__commode
_splitpath
free
_CIcos
__getmainargs
calloc
_controlfp
_setmbcp
_vsnprintf
_initterm
__set_app_type
CLSIDFromProgID
CoInitialize
CoCreateInstance
StringFromCLSID
CoUninitialize
CoTaskMemFree
OleUIBusyW
Number of PE resources by type
RT_ICON 7
RT_BITMAP 2
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.0.5.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
111104

EntryPoint
0x62ba

OriginalFileName
m1c2.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright Info-ZIP 1997 - 2008

FileVersion
5.2

TimeStamp
2016:02:19 12:24:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
!2z

ProductVersion
5.5

FileDescription
Info-7Ij 2ij for 1inme 2qnjole

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Info-ZIP

CodeSize
58368

ProductName
Zip

ProductVersionNumber
5.0.6.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 7ee73d1cff292308227edfb2e4447062
SHA1 1fcb2bd04a937ecf027d75c97bca34f4258a20fd
SHA256 214c0232e8543c80c7c6010319524231beab9d8689b8295f7e13296de886c15c
ssdeep
3072:J7kWck9GOuiJc+gRz39ajwhZQg3azBlHAPYQhzK/BQT3zeBzd3An1YgCQSPH96P/:J7kVKy/ajHTBOds/Bc3zeBzJAn3ClH9d

authentihash 26c0177fc09592c8426c8939ea931bba384dc474ef0e9dc96e0275e5d2fb1852
imphash 95b8b3934aab86b9c0e592cc54168b4a
File size 162.0 KB ( 165888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-19 13:27:23 UTC ( 1 year, 9 months ago )
Last submission 2017-08-28 15:43:36 UTC ( 2 months, 3 weeks ago )
File names !2z
m1c2.dll
5.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections
UDP communications