× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 305fe0e8e8753dd2bf79fd349760b5c83d75097becc98a541b489bd5456b7b5e
File name: processexplorerpe.exe
Detection ratio: 34 / 56
Analysis date: 2016-12-29 11:41:26 UTC ( 1 year, 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.19963460 20161229
AegisLab Troj.Atraps.Gen!c 20161229
ALYac Trojan.Generic.19963460 20161229
Arcabit Trojan.Generic.D1309E44 20161229
Avast Win32:Malware-gen 20161229
AVG PSW.Banker7.YZL 20161229
Avira (no cloud) TR/ATRAPS.Gen 20161229
AVware Trojan.Win32.Generic!BT 20161229
BitDefender Trojan.Generic.19963460 20161229
Bkav W32.Clod122.Trojan.4854 20161229
Cyren W32/Trojan.QYIN-9385 20161229
Emsisoft Trojan.Generic.19963460 (B) 20161229
ESET-NOD32 a variant of Win32/Spy.Banker.ACYZ 20161229
F-Secure Trojan.Generic.19963460 20161229
Fortinet W32/Banker.ACYZ!tr.spy 20161229
GData Trojan.Generic.19963460 20161229
Ikarus Trojan-Spy.Agent 20161229
Sophos ML trojan.win32.swrort.a 20161216
K7AntiVirus Spyware ( 004e2cbd1 ) 20161229
K7GW Spyware ( 004e2cbd1 ) 20161229
Kaspersky Trojan-Banker.Win32.Banbra.vfbm 20161229
McAfee Artemis!55C0548290A5 20161229
McAfee-GW-Edition BehavesLike.Win32.Dropper.rh 20161229
Microsoft Trojan:Win32/Dynamer!ac 20161229
eScan Trojan.Generic.19963460 20161229
NANO-Antivirus Trojan.Win32.Banbra.ejqfxu 20161229
Panda Generic Suspicious 20161228
Rising Spyware.Banker!8.8D-msr1O8RYSSB (cloud) 20161229
Sophos AV Mal/Basine-C 20161229
Symantec Trojan.Gen 20161229
TrendMicro TROJ_GEN.R072C0DLA16 20161229
TrendMicro-HouseCall TROJ_GEN.R072C0DLA16 20161229
VIPRE Trojan.Win32.Generic!BT 20161229
Yandex Trojan.PWS.Banbra!7yWHMgNnzSA 20161228
AhnLab-V3 20161229
Alibaba 20161223
Antiy-AVL 20161229
Baidu 20161207
CAT-QuickHeal 20161229
ClamAV 20161229
CMC 20161229
Comodo 20161229
CrowdStrike Falcon (ML) 20161024
DrWeb 20161229
F-Prot 20161229
Jiangmin 20161229
Kingsoft 20161229
Malwarebytes 20161229
nProtect 20161229
Qihoo-360 20161229
SUPERAntiSpyware 20161229
Tencent 20161229
TheHacker 20161226
TotalDefense 20161229
Trustlook 20161229
VBA32 20161228
ViRobot 20161229
WhiteArmor 20161221
Zillya 20161229
Zoner 20161229
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-08 02:08:51
Entry Point 0x006F9734
Number of sections 13
PE sections
PE imports
IsValidAcl
ImageList_BeginDrag
EnumFontFamiliesExW
LocalFree
GetModuleFileNameA
LocalAlloc
GetModuleHandleA
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetFileSize
CreateBindCtx
SysAllocStringLen
ShellExecuteW
SetMenu
GetFileVersionInfoW
FindNextUrlCacheEntryW
OpenPrinterW
connect
PE exports
Number of PE resources by type
RT_STRING 43
RT_BITMAP 21
RT_RCDATA 16
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 58
ENGLISH US 38
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:12:08 03:08:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3164672

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
2287616

SubsystemVersion
5.0

EntryPoint
0x6f9734

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 55c0548290a5dc43bc54a6a15ccd42fd
SHA1 2ac8087ad6c9ab78d20ea9b42edd82d25ac8201f
SHA256 305fe0e8e8753dd2bf79fd349760b5c83d75097becc98a541b489bd5456b7b5e
ssdeep
196608:7sn3wkfFlIVh1ko1rfFa/m84CHtttttttttttr7/:7cgsmx1rA/94Cp7/

authentihash 60d26109e9aef44a109231d9f7e44fb16674f0f4611b625f802488f510814726
imphash 0172920c32440ed783d608b53068da5e
File size 9.0 MB ( 9434624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-08 14:16:36 UTC ( 1 year, 2 months ago )
Last submission 2016-12-08 14:16:36 UTC ( 1 year, 2 months ago )
File names processexplorerpe.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs