× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3046b948aaf6b20f9fa36f570338e6ef9c85914c035eccae179c72de48fdb2fc
File name: GPUTemp.exe
Detection ratio: 27 / 54
Analysis date: 2014-11-06 17:21:53 UTC ( 5 months, 3 weeks ago )
Antivirus Result Update
AVG Generic.B95 20141107
AVware Backdoor.Win32.Ircbot.gen (v) 20141107
Ad-Aware Gen:Variant.Symmi.39392 20141107
Agnitum Trojan.BtcMine! 20141106
AhnLab-V3 Trojan/Win32.BitCoinMiner 20141106
Antiy-AVL Trojan/Win32.SGeneric 20141106
Avast Win32:BitCoinMiner-FC [Trj] 20141107
Avira TR/Rogue.1499154 20141107
BitDefender Gen:Variant.Symmi.39392 20141107
Comodo UnclassifiedMalware 20141106
DrWeb Trojan.BtcMine.221 20141106
ESET-NOD32 a variant of Win32/CoinMiner.JO 20141107
Emsisoft Gen:Variant.Symmi.39392 (B) 20141107
F-Secure Gen:Variant.Symmi.39392 20141107
Fortinet W32/CoinMiner.JO!tr 20141106
GData Gen:Variant.Symmi.39392 20141107
McAfee Artemis!1DDA0D2E7EBA 20141107
McAfee-GW-Edition BehavesLike.Win32.Trojan.tc 20141107
MicroWorld-eScan Gen:Variant.Symmi.39392 20141105
Norman CoinMiner.S 20141106
Qihoo-360 Win32/Trojan.380 20141107
Sophos Bitcoin Miner 20141107
Symantec Trojan.ADH 20141107
Tencent Win32.Trojan.Falsesign.Ecva 20141107
TrendMicro TROJ_COINMINE.FR 20141106
TrendMicro-HouseCall TROJ_COINMINE.FR 20141106
VIPRE Backdoor.Win32.Ircbot.gen (v) 20141106
AegisLab 20141107
Baidu-International 20141106
Bkav 20141106
ByteHero 20141107
CAT-QuickHeal 20141106
CMC 20141106
ClamAV 20141106
Cyren 20141107
F-Prot 20141107
Ikarus 20141106
Jiangmin 20141106
K7AntiVirus 20141106
K7GW 20141106
Kaspersky 20141106
Kingsoft 20141107
Malwarebytes 20141107
Microsoft 20141107
NANO-Antivirus 20141106
Rising 20141106
SUPERAntiSpyware 20141107
TheHacker 20141104
TotalDefense 20141106
VBA32 20141106
ViRobot 20141106
Zillya 20141105
Zoner 20141104
nProtect 20141106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher White Sea Media
Signature verification Signed file, verified signature
Signing date 2:37 AM 12/27/2013
Signers
[+] White Sea Media
Status Certificate out of its validity period
Valid from 1:00 AM 7/8/2013
Valid to 12:59 AM 7/9/2014
Valid usage Code Signing
Algorithm SHA1
Thumbprint 37705C1F0C6DA9512CF68F590F702C45AC4FCCD2
Serial number 1F B2 35 AC A7 56 5B A2 7A DC 70 2B 2B D0 5C 7F
[+] COMODO Code Signing CA 2
Status Valid
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm SHA1
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] DigiCert Timestamp Responder
Status Certificate out of its validity period
Valid from 1:00 AM 5/21/2013
Valid to 1:00 AM 6/4/2014
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 766489C6D10DC60904E1158E9CC8BE6D4E5EFB53
Serial number 03 9F ED ED CB 79 5B 8D ED 32 0C 89 19 F0 36 89
[+] DigiCert Assured ID CA-1
Status Valid
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm SHA1
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm SHA1
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-27 01:26:42
Entry Point 0x00348000
Number of sections 6
PE sections
PE imports
InitCommonControls
Number of PE resources by type
RT_ICON 16
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
ENGLISH US 23
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:12:27 02:26:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
42496

LinkerVersion
10.0

FileAccessDate
2014:11:07 01:44:54+01:00

EntryPoint
0x348000

InitializedDataSize
69120

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:11:07 01:44:54+01:00

UninitializedDataSize
0

File identification
MD5 1dda0d2e7eba291193e192675a9df11d
SHA1 e4661508f4dab675b2af96c9d2fe14acd3c69f46
SHA256 3046b948aaf6b20f9fa36f570338e6ef9c85914c035eccae179c72de48fdb2fc
ssdeep
24576:GEIodjcPu2O4b3Kf6N8f3nwNab3qNcOmrD+hytBh0KyvzNg:GEIox2OaW6i3nfb3M32+42KyBg

authentihash 5685f8c951c7b0267919afb8605581dbd07c57352da2662a26108d9568f2f5e2
imphash baa93d47220682c04d92f7797d9224ce
File size 1.2 MB ( 1305312 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe signed

VirusTotal metadata
First submission 2014-01-02 13:59:49 UTC ( 1 year, 3 months ago )
Last submission 2014-01-26 17:42:20 UTC ( 1 year, 3 months ago )
File names 201367516
18973905
e4661508f4dab675b2af96c9d2fe14acd3c69f46
avz00001.dta
output.18973905.txt
GPUTemp.exe
gputemp.exe
GPUTemp11.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs