× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 267bd9c01f3f70386bab9ef0f85b28396640914d6988979549aa1ff59ac8fe93
File name: 76.exe
Detection ratio: 3 / 55
Analysis date: 2015-12-02 20:09:26 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Malpacked6.Gen 20151202
Bkav HW32.Packed.AA4B 20151202
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20151202
Ad-Aware 20151130
AegisLab 20151202
Yandex 20151202
Alibaba 20151202
ALYac 20151202
Antiy-AVL 20151202
Arcabit 20151202
Avast 20151202
AVG 20151130
Avira (no cloud) 20151202
AVware 20151202
Baidu-International 20151202
BitDefender 20151202
ByteHero 20151202
CAT-QuickHeal 20151202
ClamAV 20151202
CMC 20151201
Comodo 20151202
Cyren 20151202
DrWeb 20151202
Emsisoft 20151202
ESET-NOD32 20151202
F-Prot 20151202
F-Secure 20151202
Fortinet 20151202
GData 20151202
Ikarus 20151202
Jiangmin 20151201
K7AntiVirus 20151202
K7GW 20151202
Kaspersky 20151202
Malwarebytes 20151202
McAfee 20151202
McAfee-GW-Edition 20151202
Microsoft 20151202
eScan 20151202
NANO-Antivirus 20151202
nProtect 20151202
Panda 20151202
Rising 20151202
Sophos AV 20151202
SUPERAntiSpyware 20151202
Symantec 20151202
Tencent 20151202
TheHacker 20151202
TrendMicro 20151202
TrendMicro-HouseCall 20151202
VBA32 20151202
VIPRE 20151202
ViRobot 20151202
Zillya 20151201
Zoner 20151202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-10-14 22:59:20
Entry Point 0x00008390
Number of sections 4
PE sections
PE imports
GetTrusteeFormA
MakeSelfRelativeSD
SetNamedSecurityInfoA
BuildExplicitAccessWithNameA
FreeSid
ImageList_Read
ImageList_DrawEx
ImageList_ReplaceIcon
Ord(13)
GetEnhMetaFileBits
OffsetWindowOrgEx
GetRegionData
SaveDC
BitBlt
HeapReAlloc
GlobalMemoryStatus
GetCurrencyFormatA
FillConsoleOutputCharacterA
GetProfileSectionW
GetConsoleCP
GlobalAddAtomA
GetSystemTimeAsFileTime
CreateFileA
GetProfileSectionA
CommConfigDialogA
CopyLZFile
WNetGetUniversalNameA
_mbsspnp
LPSAFEARRAY_UserSize
CreateIconFromResource
PrintDlgA
Number of PE resources by type
Struct(1000) 5
RT_ICON 5
RT_GROUP_ICON 5
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ARABIC EGYPT 18
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.125.221.37

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1998848

EntryPoint
0x8390

OriginalFileName
Likeliest.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

TimeStamp
2007:10:14 23:59:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Median

FileDescription
Isolators

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Kinetic (C) 2012

MachineType
Intel 386 or later, and compatibles

CompanyName
Relic Entertainment

CodeSize
73728

FileSubtype
0

ProductVersionNumber
0.238.118.188

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ffcb469ddf633d503a1cce9c98ec9b4a
SHA1 c74af21d0d8fae34f0ec8e4dccd8985ebd3dcba9
SHA256 267bd9c01f3f70386bab9ef0f85b28396640914d6988979549aa1ff59ac8fe93
ssdeep
6144:MwqXc0EPOCZLA0DsIZ54fcEkK95yj+EW2E/X7ZYDZT9OEyTt6DJ0oRXyD:Mwh9ZNDsvfMj+r2u7ITDyTgw

authentihash c48703c1e7314afc9439c78071af92f1c14f8379bf55c0f426cf8ddafffd89c3
imphash c0138d7d159984b7aa3b3fc3891dfbce
File size 376.0 KB ( 385024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-02 19:49:08 UTC ( 3 years, 5 months ago )
Last submission 2016-10-26 01:26:17 UTC ( 2 years, 6 months ago )
File names 76.exe
hajuk-a.exe
ffcb469ddf633d503a1cce9c98ec9b4a.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!