× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 284eccc63a9ada094dd4ccddb77f6045b81d3e2ba1a4dd6fea9bb7e349e3f5a1
File name: 85.exe
Detection ratio: 2 / 56
Analysis date: 2016-03-14 08:55:32 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20160314
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160314
Ad-Aware 20160314
AegisLab 20160314
Yandex 20160313
AhnLab-V3 20160313
Alibaba 20160314
ALYac 20160314
Antiy-AVL 20160314
Arcabit 20160314
Avast 20160314
AVG 20160314
Avira (no cloud) 20160313
AVware 20160314
Baidu 20160310
Baidu-International 20160313
BitDefender 20160314
Bkav 20160312
ByteHero 20160314
CAT-QuickHeal 20160314
ClamAV 20160311
CMC 20160307
Comodo 20160314
Cyren 20160314
DrWeb 20160314
Emsisoft 20160314
ESET-NOD32 20160314
F-Prot 20160314
F-Secure 20160314
Fortinet 20160314
GData 20160314
Ikarus 20160314
Jiangmin 20160314
K7AntiVirus 20160314
K7GW 20160314
Malwarebytes 20160314
McAfee 20160314
McAfee-GW-Edition 20160313
Microsoft 20160314
eScan 20160314
NANO-Antivirus 20160314
nProtect 20160311
Panda 20160313
Rising 20160314
Sophos AV 20160314
SUPERAntiSpyware 20160314
Symantec 20160310
Tencent 20160314
TheHacker 20160313
TrendMicro 20160314
TrendMicro-HouseCall 20160314
VBA32 20160313
VIPRE 20160314
ViRobot 20160314
Zillya 20160313
Zoner 20160314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-09-06 04:37:43
Entry Point 0x0000FEBC
Number of sections 4
PE sections
Overlays
MD5 fedce041bebb466a48d4020cd59b8d12
File type binary Computer Graphics Metafile
Offset 303104
Size 60353
Entropy 4.06
PE imports
GetDIBColorTable
GetWindowOrgEx
OffsetRgn
CreatePen
SaveDC
TextOutA
SetTextAlign
CreateICW
FillRgn
EndPath
GetClipBox
GetEnhMetaFilePaletteEntries
GetObjectType
GetGlyphOutlineA
GetObjectA
CreateDCA
SetBkMode
GetSystemPaletteEntries
EnumMetaFile
GetPixel
GetObjectW
CreateDIBSection
SetTextColor
GetGlyphOutlineW
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
ExtCreateRegion
SetPixelFormat
ExtSelectClipRgn
EnumFontFamiliesExW
GetTextAlign
ExtEscape
ResizePalette
CloseEnhMetaFile
EndPage
CreateRectRgn
GetEnhMetaFileHeader
GetTextColor
CreateSolidBrush
GetKerningPairsA
ExtCreatePen
SetWinMetaFileBits
SetTextCharacterExtra
SetViewportExtEx
CreateCompatibleBitmap
__p__fmode
_yn
_cwait
setlocale
ldiv
__p__commode
_cgetws
_inp
sqrt
bsearch
fwscanf
__getmainargs
_initterm
__setusermatherr
_mbscat
_adjust_fdiv
__set_app_type
MapWindowPoints
GetMessageA
CreateDialogIndirectParamW
LoadMenuA
KillTimer
SendNotifyMessageW
LoadBitmapW
RegisterClassExW
GetDlgItemTextA
SetKeyboardState
GetMenuItemID
GetCursorPos
DrawTextA
RemovePropA
GetWindowTextA
UnionRect
IsIconic
SetRect
FindWindowExA
ShowOwnedPopups
EnableWindow
CloseDesktop
LoadImageA
GetClassNameA
ScrollWindow
MapVirtualKeyExA
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 4
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 7
SWEDISH FINLAND 2
PE resources
ExifTool file metadata
CodeSize
65536

FileDescription
Malachite Patina Motheaten

InitializedDataSize
786432

ImageVersion
0.0

ProductName
Fusions Overproduction

FileVersionNumber
0.87.116.111

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Metricl.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.158.25.170

TimeStamp
2004:09:06 05:37:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Materials

SubsystemVersion
4.0

ProductVersion
0.139.66.42

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2016

MachineType
Intel 386 or later, and compatibles

CompanyName
Provenio Software Corporation

LegalTrademarks
Nutshell

FileSubtype
0

ProductVersionNumber
0.137.115.114

EntryPoint
0xfebc

ObjectFileType
Executable application

File identification
MD5 57759f7901eba73040597d4ba57d511a
SHA1 89f19e43db8dafb2b43693021099b275552f9570
SHA256 284eccc63a9ada094dd4ccddb77f6045b81d3e2ba1a4dd6fea9bb7e349e3f5a1
ssdeep
6144:Gnjnjg7YD+8WArNEuWCvgTqekZppuVmUZ5mU4QSKFX6CPkv9g20xFQKxsD:GjEsDIKEuzvgTqeGppuAxYSKpzkE6Kx+

authentihash 887c90fe741933ea1cf0e516f7bd9732015039e7e7f9192c388f0dbe0e0f7dd9
imphash 7d3c07a0bb86be56e64dd056d8ded6ed
File size 354.9 KB ( 363457 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-03-14 08:09:13 UTC ( 3 years, 2 months ago )
Last submission 2016-03-14 23:41:27 UTC ( 3 years, 2 months ago )
File names 827578.exe
85.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!