× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 228e8d2b514ab722440452f75fdcb921cff84706144129c70df5b9bfae22e0fe
File name: a7b0f190-da75-71cb-1ccb-ae35102fc239.exe
Detection ratio: 13 / 64
Analysis date: 2018-04-12 08:24:40 UTC ( 1 year ago ) View latest
Antivirus Result Update
AVware Trojan.Win32.Generic.pak!cobra 20180412
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9726 20180411
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180412
ESET-NOD32 a variant of Win32/GenKryptik.BWSC 20180412
Sophos ML heuristic 20180120
Palo Alto Networks (Known Signatures) generic.ml 20180412
Qihoo-360 HEUR/QVM10.1.723B.Malware.Gen 20180412
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Lethic-L 20180412
Symantec ML.Attribute.HighConfidence 20180412
VIPRE Trojan.Win32.Generic.pak!cobra 20180412
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180412
Ad-Aware 20180412
AegisLab 20180412
AhnLab-V3 20180411
Alibaba 20180411
ALYac 20180412
Antiy-AVL 20180412
Arcabit 20180412
Avast 20180412
Avast-Mobile 20180411
AVG 20180412
Avira (no cloud) 20180411
BitDefender 20180412
Bkav 20180410
CAT-QuickHeal 20180411
CMC 20180411
Comodo 20180412
Cybereason 20180225
Cyren 20180412
DrWeb 20180412
eGambit 20180412
Emsisoft 20180412
F-Prot 20180412
F-Secure 20180412
Fortinet 20180412
GData 20180412
Ikarus 20180411
Jiangmin 20180412
K7AntiVirus 20180412
K7GW 20180412
Kingsoft 20180412
Malwarebytes 20180412
MAX 20180412
McAfee 20180412
McAfee-GW-Edition 20180411
Microsoft 20180412
eScan 20180412
NANO-Antivirus 20180412
nProtect 20180412
Panda 20180411
Rising 20180412
SUPERAntiSpyware 20180412
Tencent 20180412
TheHacker 20180410
TotalDefense 20180412
TrendMicro 20180412
TrendMicro-HouseCall 20180412
Trustlook 20180412
VBA32 20180411
ViRobot 20180412
Webroot 20180412
WhiteArmor 20180408
Zillya 20180411
Zoner 20180412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Gear Motors

Product Gear Motors
Original name Gear Motors
Internal name Gear Motors
File version 6, 22, 100, 1441
Description Gear Motors
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-12 03:21:18
Entry Point 0x000086F2
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegOpenKeyW
RegDeleteKeyW
RegQueryValueExW
GetCharABCWidthsFloatW
SetColorAdjustment
PtVisible
LPtoDP
PathToRegion
AbortDoc
FixBrushOrgEx
SetThreadLocale
GetStdHandle
SetEndOfFile
EncodePointer
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
GetFileInformationByHandle
InitializeSListHead
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
OutputDebugStringW
TlsGetValue
GetFullPathNameW
SetLastError
GetUserDefaultUILanguage
PeekNamedPipe
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
LoadLibraryExA
EnumSystemLocalesW
InterlockedDecrement
MultiByteToWideChar
SetFilePointerEx
MoveFileExW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
ReadConsoleW
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
SetProcessPriorityBoost
GetDateFormatW
GetStartupInfoW
GetProcAddress
CompareStringW
FreeEnvironmentStringsW
IsValidLocale
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
GetTimeFormatW
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
ReadFile
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SetFocus
MapWindowPoints
GetSysColor
GetParent
MapDialogRect
GetMessageA
IntersectRect
EndDialog
BeginPaint
DrawIcon
CreateDialogIndirectParamA
LoadImageA
ShowWindow
DefWindowProcA
GetDialogBaseUnits
PostThreadMessageA
GetPropA
SetWindowPos
SetWindowRgn
SendDlgItemMessageA
IsWindow
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
PostMessageA
MoveWindow
EnumChildWindows
GetDlgItemTextA
SetPropA
MessageBoxA
PeekMessageA
GetWindowDC
SetWindowLongA
TranslateMessage
IsWindowEnabled
GetWindow
UpdateWindow
CharUpperA
CheckDlgButton
LoadStringA
RegisterClassExA
SystemParametersInfoA
RemovePropA
SetWindowTextA
CopyRect
GetWindowLongA
ReleaseDC
ReplyMessage
GetWindowPlacement
SendMessageA
SetForegroundWindow
GetClientRect
GetDlgItem
CreateDialogParamA
CharLowerBuffA
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
GetWindowTextLengthA
CreateWindowExA
LoadIconA
DrawTextA
GetDC
FillRect
IsDlgButtonChecked
CharNextA
WaitForInputIdle
SetActiveWindow
GetDesktopWindow
InflateRect
CallWindowProcA
GetClassNameA
RealChildWindowFromPoint
IsDialogMessageA
MsgWaitForMultipleObjects
EnableWindow
GetWindowTextA
DrawFocusRect
IsChild
DialogBoxIndirectParamA
DestroyWindow
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
56.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.22.100.1441

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Gear Motors

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
320000

EntryPoint
0x86f2

OriginalFileName
Gear Motors

MIMEType
application/octet-stream

LegalCopyright
Gear Motors

FileVersion
6, 22, 100, 1441

TimeStamp
2018:04:12 05:21:18+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Gear Motors

ProductVersion
6, 22, 100, 1441

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Gear Motors

CodeSize
48128

ProductName
Gear Motors

ProductVersionNumber
6.22.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 197d16d5d4d01d67b9cb1a6bbb9ae1ff
SHA1 797955ea4db3f43047788839acf876583387e542
SHA256 228e8d2b514ab722440452f75fdcb921cff84706144129c70df5b9bfae22e0fe
ssdeep
6144:1b3dn32RJuefTgP/ge2P5h6587Qmgyaqg:dtn32RIwTgHH2V7QWap

authentihash f51b1fdcfb9f4d328459c298d22912252975a16605b95f2d80967119b94817d2
imphash bb546c1c4ed1c6d2e449c2bde70bdf12
File size 269.0 KB ( 275456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-12 08:24:40 UTC ( 1 year ago )
Last submission 2018-05-28 09:46:45 UTC ( 10 months, 3 weeks ago )
File names a7b0f190-da75-71cb-1ccb-ae35102fc239.exe
a7b0f190-da75-71cb-1ccb-ae35102fc239.exe
44d895dc0a58eb98f2688a4d5a3a7a63b48dd038
Gear Motors
a7b0f190-da75-71cb-1ccb-ae35102fc239.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.