× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 22f8515b0466517aad784e144715c8bbb30dea36fb832ebb96c1b1c5dbb864f0
File name: 22f8515b0466517aad784e144715c8bbb30dea36fb832ebb96c1b1c5dbb864f0
Detection ratio: 23 / 69
Analysis date: 2018-12-13 13:45:56 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
AhnLab-V3 Malware/Gen.Generic.C2893470 20181213
Avast FileRepMalware 20181213
AVG FileRepMalware 20181213
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181022
Cybereason malicious.95db0c 20180225
Cylance Unsafe 20181213
Endgame malicious (high confidence) 20181108
GData Win32.Trojan-Stealer.FormBook.FKWJ4D 20181213
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20181213
K7GW Riskware ( 0040eff71 ) 20181213
Kaspersky HEUR:Trojan.Win32.Generic 20181213
Malwarebytes Trojan.Agent 20181213
McAfee RDN/Generic.hra 20181213
McAfee-GW-Edition BehavesLike.Win32.Generic.gh 20181213
Microsoft Program:Win32/Unwaders.C!ml 20181213
Palo Alto Networks (Known Signatures) generic.ml 20181213
Qihoo-360 Win32/Trojan.e6d 20181213
Rising Malware.Obscure/Heur!1.9E03 (CLOUD) 20181213
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181213
Trapmine malicious.moderate.ml.score 20181205
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181213
Ad-Aware 20181213
AegisLab 20181213
Alibaba 20180921
ALYac 20181213
Antiy-AVL 20181213
Arcabit 20181213
Avast-Mobile 20181213
Avira (no cloud) 20181213
Babable 20180918
Baidu 20181207
BitDefender 20181213
Bkav 20181213
CAT-QuickHeal 20181212
ClamAV 20181213
CMC 20181212
Comodo 20181213
Cyren 20181213
DrWeb 20181213
eGambit 20181213
Emsisoft 20181213
ESET-NOD32 20181213
F-Prot 20181213
F-Secure 20181213
Fortinet 20181213
Ikarus 20181213
Jiangmin 20181213
Kingsoft 20181213
MAX 20181213
eScan 20181213
NANO-Antivirus 20181213
Panda 20181213
Sophos AV 20181213
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181212
TACHYON 20181213
Tencent 20181213
TheHacker 20181210
TotalDefense 20181213
TrendMicro 20181213
TrendMicro-HouseCall 20181213
Trustlook 20181213
VBA32 20181212
ViRobot 20181213
Webroot 20181213
Yandex 20181213
Zillya 20181212
Zoner 20181213
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2000-2009 Heaventools Software

Product PE Explorer
Original name pexplorer.exe
Internal name PE Explorer
File version 1.99.6.1400
Description PE Explorer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-11-14 12:43:00
Entry Point 0x00008D1A
Number of sections 6
PE sections
PE imports
SetLayout
Polygon
TextOutW
Pie
Rectangle
GetCharacterPlacementW
GetCharWidthI
GetFontLanguageInfo
SetTextColor
SetTextAlign
RoundRect
GetTextAlign
GetRasterizerCaps
Chord
GetCharWidth32W
GetTextCharacterExtra
SetTextJustification
GetTextColor
GetCharWidthFloatW
GetFontData
SetTextCharacterExtra
PolyPolygon
Ellipse
GetStdHandle
ReleaseMutex
HeapAlloc
EncodePointer
CreateTimerQueue
GetPrivateProfileStructW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
_llseek
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
_hwrite
WriteFile
_lopen
GetSystemTimeAsFileTime
WritePrivateProfileStructW
GetStringTypeW
FreeLibrary
GetProfileIntW
FindClose
TlsGetValue
DeleteTimerQueue
GetFullPathNameW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetProfileSectionW
WritePrivateProfileSectionW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
DeleteTimerQueueTimer
WriteProfileStringW
GetPrivateProfileStringW
_lclose
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
ChangeTimerQueueTimer
ReadConsoleW
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetEvent
QueryPerformanceCounter
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
GetStartupInfoW
_hread
GetProcAddress
_lread
GetProcessHeap
GetProfileStringW
GetFileSizeEx
_lcreat
FindNextFileW
ResetEvent
IsValidLocale
FindFirstFileExW
GetUserDefaultLCID
GetPrivateProfileSectionW
GetPrivateProfileIntW
CreateEventW
CreateFileW
WriteProfileSectionW
GetFileType
TlsSetValue
DeleteTimerQueueEx
LeaveCriticalSection
GetLastError
LCMapStringW
GetShortPathNameW
VirtualAllocEx
GetConsoleCP
HeapReAlloc
GetEnvironmentStringsW
_lwrite
VirtualFreeEx
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
ReadFile
PulseEvent
CloseHandle
OpenMutexW
GetACP
GetModuleHandleW
SwitchToThread
GetLongPathNameW
IsValidCodePage
OpenEventW
VirtualFree
VirtualAlloc
GetOEMCP
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

InitializedDataSize
104960

ImageVersion
0.0

ProductName
PE Explorer

FileVersionNumber
1.99.6.1400

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
14.16

FileTypeExtension
exe

OriginalFileName
pexplorer.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.99.6.1400

TimeStamp
2011:11:14 13:43:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PE Explorer

ProductVersion
1.99.6.1400

FileDescription
PE Explorer

OSVersion
6.0

FileOS
Win32

LegalCopyright
Copyright 2000-2009 Heaventools Software

MachineType
Intel 386 or later, and compatibles

CompanyName
Heaventools Software

CodeSize
140288

FileSubtype
0

ProductVersionNumber
1.99.6.1400

EntryPoint
0x8d1a

ObjectFileType
Executable application

File identification
MD5 b0d52f7a62aadbcf9f42b785b5f00f53
SHA1 5aa075b95db0c969f099d99833abdb1d57b9e981
SHA256 22f8515b0466517aad784e144715c8bbb30dea36fb832ebb96c1b1c5dbb864f0
ssdeep
12288:vWmIs8aYDw8nQZ4puobB3XsCj6Qodo4/EPqVY:vsvnQs3XsdQYnEPCY

authentihash 8def6920761e90fb5e5517515a58b18dd1d2d699d06c91c9de15cf65bf922199
imphash 4310b910ed5033e2f0454f08810cf516
File size 460.0 KB ( 471040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-12 15:14:58 UTC ( 5 months, 1 week ago )
Last submission 2018-12-22 03:05:31 UTC ( 5 months ago )
File names b0d52f7a62aadbcf9f42b785b5f00f53
rdatacehck.bin
rdatacehck.exe
PE Explorer
pexplorer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!