× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 31f8207e8524b4ea191d02b985b20857b3261aaef5f2faef7be51fb7983ce320
File name: Meihe.exe
Detection ratio: 46 / 56
Analysis date: 2015-11-28 11:00:47 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.BMOV 20151128
Yandex Trojan.Inject!KbzfoS9TAMw 20151127
AhnLab-V3 Trojan/Win32.Zbot 20151127
ALYac Trojan.Agent.BMOV 20151128
Antiy-AVL Trojan/Win32.Inject 20151128
Arcabit Trojan.Agent.BMOV 20151128
Avast Win32:Crypt-SID [Trj] 20151128
AVG Generic_r.FUY 20151128
Avira (no cloud) TR/Crypt.ZPACK.32212 20151128
AVware Trojan.Win32.Generic.pak!cobra 20151128
Baidu-International Trojan.Win32.Ransom.aba 20151128
BitDefender Trojan.Agent.BMOV 20151128
CAT-QuickHeal Trojan.Injector.AJ5 20151128
Comodo UnclassifiedMalware 20151128
Cyren W32/Trojan.AQII-8009 20151128
DrWeb Trojan.Packed.33366 20151128
Emsisoft Trojan.Agent.BMOV (B) 20151128
ESET-NOD32 Win32/Spy.Zbot.ACB 20151128
F-Prot W32/Trojan3.RQP 20151128
F-Secure Trojan.Agent.BMOV 20151128
Fortinet W32/Generic.AC.2819398 20151128
GData Trojan.Agent.BMOV 20151128
Ikarus Trojan-Ransom.Win32.Cryakl 20151128
Jiangmin Trojan/Generic.cekse 20151127
K7AntiVirus Trojan ( 004cf7401 ) 20151128
K7GW Trojan ( 004cf7401 ) 20151128
Kaspersky Trojan-Ransom.Win32.Cryakl.aba 20151128
Malwarebytes Ransom.FileCryptor 20151128
McAfee PWSZbot-FANV!6D8D3656BFF0 20151128
McAfee-GW-Edition BehavesLike.Win32.PWSTravNet.dc 20151128
Microsoft TrojanSpy:Win32/Shiotob.B 20151128
eScan Trojan.Agent.BMOV 20151128
NANO-Antivirus Trojan.Win32.Inject.dwxqzp 20151128
nProtect Trojan.Agent.BMOV 20151127
Panda Trj/Shiotob.A 20151127
Qihoo-360 Win32/Trojan.e35 20151128
Sophos AV Mal/Inject-FX 20151128
SUPERAntiSpyware Trojan.Agent/Gen-Cryptic 20151128
Symantec Trojan.Gen 20151127
Tencent Win32.Trojan.Cryakl.Wrqz 20151128
TheHacker Trojan/Injector.circ 20151127
TrendMicro TSPY_ZBOT.SHIO 20151128
TrendMicro-HouseCall TSPY_ZBOT.SHIO 20151128
VIPRE Trojan.Win32.Generic.pak!cobra 20151128
ViRobot Trojan.Win32.Ransom.199994[h] 20151128
Zillya Trojan.Inject.Win32.178777 20151127
AegisLab 20151128
Alibaba 20151127
Bkav 20151128
ByteHero 20151128
ClamAV 20151128
CMC 20151127
Rising 20151127
TotalDefense 20151128
VBA32 20151126
Zoner 20151128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-13 19:40:05
Entry Point 0x00001280
Number of sections 4
PE sections
Overlays
MD5 78019717a52d78c6b5d35c244c5c95d7
File type data
Offset 59392
Size 181050
Entropy 8.00
PE imports
OpenSCManagerA
Sleep
CreateFileMappingA
HeapAlloc
GetProcessHeap
Number of PE resources by type
RT_ICON 6
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
FRENCH 7
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:09:13 20:40:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
41984

LinkerVersion
10.0

EntryPoint
0x1280

InitializedDataSize
16896

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 6d8d3656bff09f12fcb63c471309af7e
SHA1 3a2c7afd67d7fb3ad0001b849058dece80b2d7d1
SHA256 31f8207e8524b4ea191d02b985b20857b3261aaef5f2faef7be51fb7983ce320
ssdeep
6144:bPlfTZ9E4MxJu2hBl9xxj94/so88Z7wSuDF9rpY5Go:b9fT0f1hBD9qmRF9tMD

authentihash 34e3ddd615943b0c69b07fef41a65fd519794ebee293c085604b33f63a6c4045
imphash b74e17aa342a08cb3834f4d47d08b423
File size 234.8 KB ( 240442 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-11-20 05:50:07 UTC ( 3 years, 4 months ago )
Last submission 2016-09-09 06:42:15 UTC ( 2 years, 6 months ago )
File names Gepo.exe
Meihe.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs