× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 22e7528e56dffaa26cfe722994655686c90824b13eb51184abfe44d4e95d473f
File name: hidec.exe
Detection ratio: 1 / 61
Analysis date: 2017-03-30 16:32:45 UTC ( 1 year ago ) View latest
Antivirus Result Update
Endgame malicious (moderate confidence) 20170329
Ad-Aware 20170330
AegisLab 20170330
AhnLab-V3 20170330
Alibaba 20170330
ALYac 20170330
Antiy-AVL 20170330
Arcabit 20170330
Avast 20170330
AVG 20170330
Avira (no cloud) 20170330
AVware 20170330
Baidu 20170330
BitDefender 20170330
Bkav 20170330
CAT-QuickHeal 20170330
ClamAV 20170330
CMC 20170330
Comodo 20170330
CrowdStrike Falcon (ML) 20170130
Cyren 20170330
DrWeb 20170330
Emsisoft 20170330
ESET-NOD32 20170330
F-Prot 20170330
F-Secure 20170330
Fortinet 20170330
GData 20170330
Ikarus 20170330
Sophos ML 20170203
Jiangmin 20170330
K7AntiVirus 20170330
K7GW 20170330
Kaspersky 20170330
Kingsoft 20170330
Malwarebytes 20170330
McAfee 20170330
McAfee-GW-Edition 20170330
Microsoft 20170330
eScan 20170330
NANO-Antivirus 20170330
nProtect 20170330
Palo Alto Networks (Known Signatures) 20170330
Panda 20170330
Qihoo-360 20170330
Rising 20170330
SentinelOne (Static ML) 20170330
Sophos AV 20170330
SUPERAntiSpyware 20170330
Symantec 20170330
Symantec Mobile Insight 20170329
Tencent 20170330
TheHacker 20170330
TrendMicro 20170330
TrendMicro-HouseCall 20170330
Trustlook 20170330
VBA32 20170330
VIPRE 20170330
ViRobot 20170330
Webroot 20170330
WhiteArmor 20170327
Yandex 20170327
Zillya 20170329
ZoneAlarm by Check Point 20170330
Zoner 20170330
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-06-28 10:18:57
Entry Point 0x00001100
Number of sections 1
PE sections
PE imports
GetLastError
CreateProcessA
WaitForSingleObject
ExitProcess
CloseHandle
GetCommandLineA
MessageBoxA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:06:28 10:18:57+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1024

LinkerVersion
7.0

FileTypeExtension
exe

InitializedDataSize
0

SubsystemVersion
4.0

EntryPoint
0x1100

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 abc6379205de2618851c4fcbf72112eb
SHA1 1ed7b1e965eab56f55efda975f9f7ade95337267
SHA256 22e7528e56dffaa26cfe722994655686c90824b13eb51184abfe44d4e95d473f
ssdeep
24:eFGSPZMexrSoVjAL5jhsUnqzQhVJx+y/F/mnSBgZpwA:iJr7jALHqzPgESBg

authentihash f698c33565c3ec36f08eabf4eed6c2d08982ef3eb4d6d6702e081c0e080c97fe
imphash 0b9ca80ff295945b3cf5762a07ef3d50
File size 1.5 KB ( 1536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2006-05-27 08:18:23 UTC ( 11 years, 11 months ago )
Last submission 2018-03-30 14:52:00 UTC ( 3 weeks, 3 days ago )
File names sbs_ve_ambr_20160010040219.109_ 309711
bit83f.tmp
b3abdd80-3b6e-11e7-8db2-f04da22df4cd
bit5a6c.tmp
hidec.3xe
1ed7b1e965eab56f55efda975f9f7ade95337267
Hidec.exe
hidec.exe
explorer.exe
bit8881.tmp
Unconfirmed 49030.crdownload
tmp796c.tmp
hidec.exe
sbs_ve_ambr_20160009031215.904_ 1240917
9a132246-4c14-11e7-98af-b8ca3ab1face
hiderun.exe
f50_74_RunHiddenConsole.exe
1.exe
7.ura
hidec.3XE
tmp7814.tmp
0176db3e.tmp
tmp79bf.tmp
15629409
RunHiddenConsole.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!