× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3253c1fe5f829f4c33fbdae0a7f4f04b80fed9825ae68f09611d9c4648357620
File name: 5d1239c3d23880e32c9711ac68a6fbc22a299b48
Detection ratio: 0 / 57
Analysis date: 2017-02-10 03:38:22 UTC ( 9 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20170210
AegisLab 20170210
AhnLab-V3 20170209
Alibaba 20170122
ALYac 20170210
Antiy-AVL 20170210
Arcabit 20170210
Avast 20170210
AVG 20170210
Avira (no cloud) 20170209
AVware 20170210
Baidu 20170209
BitDefender 20170210
Bkav 20170209
CAT-QuickHeal 20170209
ClamAV 20170210
CMC 20170209
Comodo 20170210
CrowdStrike Falcon (ML) 20170130
Cyren 20170210
DrWeb 20170210
Emsisoft 20170210
Endgame 20170208
ESET-NOD32 20170210
F-Prot 20170210
F-Secure 20170210
Fortinet 20170210
GData 20170210
Ikarus 20170209
Sophos ML 20170203
Jiangmin 20170210
K7AntiVirus 20170209
K7GW 20170210
Kaspersky 20170210
Kingsoft 20170210
Malwarebytes 20170210
McAfee 20170210
McAfee-GW-Edition 20170210
Microsoft 20170209
eScan 20170210
NANO-Antivirus 20170210
nProtect 20170210
Panda 20170209
Qihoo-360 20170210
Rising 20170210
Sophos AV 20170209
SUPERAntiSpyware 20170210
Symantec 20170209
Tencent 20170210
TheHacker 20170209
TotalDefense 20170209
TrendMicro-HouseCall 20170210
Trustlook 20170210
VBA32 20170209
VIPRE 20170210
ViRobot 20170210
WhiteArmor 20170202
Yandex 20170209
Zillya 20170209
Zoner 20170210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT Unicode, ZIP, embedded, maxorder, appended, UTF-8, UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-03-20 06:35:57
Entry Point 0x00019200
Number of sections 3
PE sections
Overlays
MD5 1eb0ea84e8e2d5316c6301b9f688b311
File type data
Offset 26112
Size 17485185
Entropy 7.99
PE imports
RegCloseKey
SetROP2
LoadLibraryA
ExitProcess
GetProcAddress
ShellExecuteA
CoInitialize
Number of PE resources by type
RT_DIALOG 5
RT_BITMAP 2
RT_GROUP_CURSOR 1
RT_ICON 1
RT_MENU 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2001:03:20 07:35:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
6.0

EntryPoint
0x19200

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
77824

File identification
MD5 aa1f7cbe8f49a4d5808235194c984643
SHA1 5d1239c3d23880e32c9711ac68a6fbc22a299b48
SHA256 3253c1fe5f829f4c33fbdae0a7f4f04b80fed9825ae68f09611d9c4648357620
ssdeep
393216:1frMhJ5zVSZ7q/CqU0J6/Gq8hk2oJ0f2qZQbWnPjSlkKZA:1whXUO/Cde6/GqIoiuonbSlLi

authentihash 122e1471b8ff9cc8c41077ae5e382b3ad050a58f1f569df55f3e6e65eabde902
imphash 4b8ea275b01195301d047f45b8ba14d3
File size 16.7 MB ( 17511297 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (25.2%)
UPX compressed Win32 Executable (24.7%)
Win32 EXE Yoda's Crypter (24.2%)
Windows screen saver (11.9%)
Win32 Dynamic Link Library (generic) (6.0%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2017-02-10 03:38:22 UTC ( 9 months, 2 weeks ago )
Last submission 2017-02-10 03:38:22 UTC ( 9 months, 2 weeks ago )
File names 5d1239c3d23880e32c9711ac68a6fbc22a299b48
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!