× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3219cdbe4ba55244638ce66f73d587b6827f475e266c896cc1ff1a467336e6cc
File name: GabriolaExpress.exe
Detection ratio: 22 / 65
Analysis date: 2018-03-14 07:59:43 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.277269 20180314
AhnLab-V3 Trojan/Win32.Emotet.R222527 20180314
Avast FileRepMalware 20180314
AVG FileRepMalware 20180314
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180314
BitDefender Gen:Variant.Razy.277269 20180314
Bkav HW32.Packed.EC42 20180313
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170201
Cylance Unsafe 20180314
Emsisoft Gen:Variant.Razy.277269 (B) 20180314
Endgame malicious (high confidence) 20180308
ESET-NOD32 a variant of Win32/GenKryptik.BTKD 20180314
Fortinet W32/Kryptik.GDRZ!tr 20180314
GData Gen:Variant.Razy.277269 20180314
Sophos ML heuristic 20180121
Malwarebytes Trojan.Emotet 20180314
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20180314
Palo Alto Networks (Known Signatures) generic.ml 20180314
Qihoo-360 HEUR/QVM20.1.D02F.Malware.Gen 20180314
Rising Trojan.GenKryptik!8.AA55 (TFE:3:1SU5YtSnuWJ) 20180314
Sophos AV Mal/EncPk-ANR 20180314
Webroot W32.Trojan.Emotet 20180314
AegisLab 20180314
Alibaba 20180314
Antiy-AVL 20180314
Arcabit 20180314
Avast-Mobile 20180313
Avira (no cloud) 20180313
AVware 20180314
CAT-QuickHeal 20180314
ClamAV 20180314
CMC 20180314
Comodo 20180314
Cybereason None
Cyren 20180314
DrWeb 20180314
eGambit 20180314
F-Prot 20180314
F-Secure 20180314
Ikarus 20180314
Jiangmin 20180314
K7AntiVirus 20180314
K7GW 20180314
Kaspersky 20180314
Kingsoft 20180314
MAX 20180314
McAfee 20180314
Microsoft 20180314
eScan 20180314
NANO-Antivirus 20180314
nProtect 20180314
Panda 20180313
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180314
Symantec 20180314
Symantec Mobile Insight 20180311
Tencent 20180314
TheHacker 20180311
TrendMicro 20180314
TrendMicro-HouseCall 20180314
Trustlook 20180314
VBA32 20180313
VIPRE 20180314
ViRobot 20180314
WhiteArmor 20180223
Yandex 20180314
Zillya 20180313
ZoneAlarm by Check Point 20180314
Zoner 20180314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-14 07:43:03
Entry Point 0x00005000
Number of sections 5
PE sections
PE imports
AddAuditAccessAceEx
InitializeAcl
SetServiceStatus
AddFontResourceExW
GetNearestColor
OffsetClipRgn
GetDIBColorTable
GetCurrentProcess
SetCommConfig
CreateEventW
SetEvent
LocalHandle
CloseHandle
GetThreadUILanguage
GetConsoleOutputCP
GetCurrentThreadId
GetVersion
WaitForMultipleObjects
ResetEvent
VarUI4FromUI8
BSTR_UserFree
SafeArrayAllocDescriptor
SetupDiGetSelectedDevice
GetDCEx
CreatePopupMenu
SetPropA
GetInputState
DdeGetData
ToUnicode
GetShellWindow
GetWindowContextHelpId
IsWindowEnabled
GetClipboardSequenceNumber
DdeCmpStringHandles
InvalidateRect
waveInStop
SetPrinterDataExW
SCardGetStatusChangeW
ReadFmtUserTypeStg
Number of PE resources by type
RT_ICON 11
RT_STRING 3
RT_BITMAP 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:14 08:43:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1

LinkerVersion
13.5

EntryPoint
0x5000

InitializedDataSize
121344

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
4096

File identification
MD5 8726181774222d2f7070b0b0443e90da
SHA1 f6da4439890cc03217d3b5dfa657367788c7e058
SHA256 3219cdbe4ba55244638ce66f73d587b6827f475e266c896cc1ff1a467336e6cc
ssdeep
3072:GQBWKe5NZqgktO9/vkxJ9HFoajkEfJBuUDQFBhU/:GQBWT5GgktO9nkx7H+ajkEfJBuUDehU

authentihash b354a62e80e5f9f187996562c9aa339362fd043652c48ada28a46c57cc7dae37
imphash 2273b29d1ad7fb5f9e581e4ccf41d457
File size 131.0 KB ( 134144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-14 07:59:43 UTC ( 3 months, 1 week ago )
Last submission 2018-05-11 17:48:18 UTC ( 1 month, 2 weeks ago )
File names output.112985085.txt
GabriolaExpress.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!