× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2244fe4e712106f389f6dbe2991f764a67219681939480ca2c082f81484d2408
File name: 48f42530fc60.png
Detection ratio: 16 / 55
Analysis date: 2017-02-01 06:11:41 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Poweliks.Dropper.1 20170201
Arcabit Trojan.Poweliks.Dropper.1 20170201
Avast Win32:Malware-gen 20170201
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170125
BitDefender Gen:Variant.Poweliks.Dropper.1 20170201
Emsisoft Gen:Variant.Poweliks.Dropper.1 (B) 20170201
ESET-NOD32 a variant of Win32/GenKryptik.TCV 20170201
F-Secure Gen:Variant.Poweliks.Dropper.1 20170201
GData Gen:Variant.Poweliks.Dropper.1 20170201
Sophos ML virus.win32.sality.at 20170111
K7GW Hacktool ( 655367771 ) 20170201
Malwarebytes Trojan.Kovter 20170201
eScan Gen:Variant.Poweliks.Dropper.1 20170201
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20170201
Rising Malware.Generic!QKhANiweSWV@1 (thunder) 20170201
Symantec ML.Attribute.HighConfidence 20170131
AegisLab 20170201
AhnLab-V3 20170131
Alibaba 20170122
ALYac 20170201
Antiy-AVL 20170201
AVG 20170201
Avira (no cloud) 20170131
AVware 20170201
CAT-QuickHeal 20170201
ClamAV 20170201
CMC 20170131
Comodo 20170201
CrowdStrike Falcon (ML) 20170130
Cyren 20170201
DrWeb 20170201
F-Prot 20170201
Fortinet 20170201
Ikarus 20170131
Jiangmin 20170201
K7AntiVirus 20170131
Kaspersky 20170201
Kingsoft 20170201
McAfee 20170201
McAfee-GW-Edition 20170201
Microsoft 20170201
NANO-Antivirus 20170201
nProtect 20170201
Panda 20170131
Sophos AV 20170201
SUPERAntiSpyware 20170201
Tencent 20170201
TheHacker 20170129
TotalDefense 20170131
TrendMicro 20170201
TrendMicro-HouseCall 20170201
Trustlook 20170201
VBA32 20170131
VIPRE 20170201
ViRobot 20170201
WhiteArmor 20170123
Yandex 20170131
Zillya 20170131
Zoner 20170201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1991-2005 by Gougelet Pierre-e

Product XnView
Internal name XnView
File version 2.13
Description XnView SlideShow
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-01-28 04:25:20
Entry Point 0x000036D3
Number of sections 8
PE sections
Overlays
MD5 378e900eac86c67d452ec71f5184999e
File type data
Offset 341504
Size 619
Entropy 7.63
PE imports
DestroyPrivateObjectSecurity
GetLocalManagedApplicationData
LsaQuerySecret
CommandLineFromMsiDescriptor
LsaCreateAccount
SetServiceObjectSecurity
FreeEncryptionCertificateHashList
EnableTrace
AddAce
RemoveUsersFromEncryptedFile
AreAllAccessesGranted
CryptGenRandom
GetOverlappedAccessResults
GetTraceEnableLevel
CryptDestroyHash
LsaRetrievePrivateData
LsaDeleteTrustedDomain
SystemFunction009
SystemFunction020
SetThreadToken
SystemFunction006
SetSecurityDescriptorGroup
PtInRegion
BeginPath
GetStockObject
GetLastError
HeapFree
EnterCriticalSection
GlobalDeleteAtom
LoadLibraryA
GlobalFree
SetEvent
HeapDestroy
ExitProcess
GetThreadLocale
lstrcmpiW
GetFileAttributesW
FreeLibrary
DeleteCriticalSection
CreateDirectoryW
GetProcAddress
GetSystemPowerStatus
GetPrivateProfileStringW
GetModuleHandleA
WriteFile
ResetEvent
HeapReAlloc
OutputDebugStringA
HeapAlloc
CreateEventW
InitializeCriticalSection
OutputDebugStringW
GlobalAlloc
Sleep
GetTickCount
GetCurrentThreadId
GetEnvironmentVariableW
CloseHandle
SysStringLen
SysStringByteLen
VarBoolFromUI1
SysAllocStringLen
SysAllocString
VarBstrCmp
BSTR_UserFree
SysFreeString
SysAllocStringByteLen
DispInvoke
SHUpdateRecycleBinIcon
WOWShellExecute
SHGetFolderPathW
PathFileExistsW
PathRemoveFileSpecW
AssocCreate
SHReleaseThreadRef
StrCatW
PathAppendW
StrCmpIW
PathCombineW
StrRetToBSTR
SetFocus
RegisterClassExW
RegisterHotKey
wvsprintfW
UnregisterHotKey
DdeFreeStringHandle
wsprintfW
TranslateMessage
GetParent
SetTimer
DestroyCursor
PostQuitMessage
ScreenToClient
DestroyCaret
GetKeyboardType
SwapMouseButton
DispatchMessageW
SetCursor
mmioOpenW
mmioRead
mmioClose
timeGetTime
mmioDescend
CoQueryProxyBlanket
CoCreateInstance
OleConvertOLESTREAMToIStorageEx
CoSwitchCallContext
StringFromGUID2
CoDisableCallCancellation
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
FRENCH 2
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2009:01:28 05:25:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
73728

LinkerVersion
2.23

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit, No debug

EntryPoint
0x36d3

InitializedDataSize
267264

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
16384

File identification
MD5 7b596d98f1ea8151bbd8660d50995671
SHA1 76e7e9eb4063a16d1a0d9e0afa36581be5830395
SHA256 2244fe4e712106f389f6dbe2991f764a67219681939480ca2c082f81484d2408
ssdeep
6144:go1OB71rUVOGGtbtG8FjiQDLUPh+tgLk1H6IUUQPe8lqTd9wBDBNlsYYx+78GlEX:gcOlFs9Gt5G6jrDLUJ+ti8SU88d9w3N2

authentihash 367b9282e5685ba04b0fcdb1784308086ef3e06e64a8e5df3ca024016520f0ee
imphash 87d5068e807b5caad2e65dd12c082d82
File size 334.1 KB ( 342123 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (48.0%)
Microsoft Visual C++ compiled executable (generic) (25.4%)
Win32 Dynamic Link Library (generic) (10.1%)
Win32 Executable (generic) (6.9%)
OS/2 Executable (generic) (3.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-02-01 06:11:41 UTC ( 2 years ago )
Last submission 2018-10-19 11:50:09 UTC ( 4 months, 1 week ago )
File names 48f42530fc60.png
XnView
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications