× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 328928ac244dce8eb912fba674231983b1ba7b93193a92b7aa201abfdf0c06ac
File name: Potlimi.exe
Detection ratio: 1 / 58
Analysis date: 2017-02-19 13:14:28 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20170219
Ad-Aware 20170219
AegisLab 20170219
AhnLab-V3 20170219
Alibaba 20170217
ALYac 20170219
Antiy-AVL 20170219
Arcabit 20170219
Avast 20170219
AVG 20170219
Avira (no cloud) 20170219
AVware 20170219
Baidu 20170217
BitDefender 20170219
Bkav 20170218
CAT-QuickHeal 20170218
ClamAV 20170219
CMC 20170219
Comodo 20170219
CrowdStrike Falcon (ML) 20170130
Cyren 20170219
DrWeb 20170219
Emsisoft 20170219
Endgame 20170217
ESET-NOD32 20170219
F-Prot 20170219
F-Secure 20170219
Fortinet 20170219
GData 20170219
Ikarus 20170219
Sophos ML 20170203
Jiangmin 20170218
K7AntiVirus 20170219
K7GW 20170219
Kaspersky 20170219
Kingsoft 20170219
Malwarebytes 20170219
McAfee 20170219
McAfee-GW-Edition 20170219
Microsoft 20170219
eScan 20170219
NANO-Antivirus 20170219
nProtect 20170219
Panda 20170219
Rising 20170219
Sophos AV 20170219
SUPERAntiSpyware 20170219
Symantec 20170218
Tencent 20170219
TheHacker 20170218
TrendMicro 20170219
TrendMicro-HouseCall 20170219
Trustlook 20170219
VBA32 20170217
VIPRE 20170219
ViRobot 20170219
Webroot 20170219
WhiteArmor 20170215
Yandex 20170218
Zillya 20170218
Zoner 20170219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyleft prohibited commercial use.

Product Potlimi
Original name Potlimi.exe
Internal name Potlimi.exe
File version 1.0.0.0
Description Potlimi
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-19 12:52:16
Entry Point 0x0007F5BA
Number of sections 3
.NET details
Module Version ID 1077c26a-5619-417b-a146-046bc5ec12d4
TypeLib ID 1864f0e6-0e86-49f9-9432-ea2df74429ff
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

LinkerVersion
80.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
32256

EntryPoint
0x7f5ba

OriginalFileName
Potlimi.exe

MIMEType
application/octet-stream

LegalCopyright
Copyleft prohibited commercial use.

FileVersion
1.0.0.0

TimeStamp
2017:02:19 13:52:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Potlimi.exe

ProductVersion
1.0.0.0

FileDescription
Potlimi

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
513536

ProductName
Potlimi

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 b25e6facfdc537761284348f2a987184
SHA1 74a1b1e88e915fc1de9c05b4f889a7d55725049c
SHA256 328928ac244dce8eb912fba674231983b1ba7b93193a92b7aa201abfdf0c06ac
ssdeep
3072:WJTcD2S6lhaMMlKOtxf1actDMBTITUwKEIXmEUjcTM4xbRRF4KPoGsxQQqct7Qq0:WJ86aYctPpTElbRT4KSNQ

authentihash 3a5c272f7e87005756b8f8b6abddac6ab33e2a8065944b7464544e0e06a60432
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 533.5 KB ( 546304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (56.7%)
Win64 Executable (generic) (21.3%)
Windows screen saver (10.1%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-02-19 13:14:28 UTC ( 2 years, 2 months ago )
Last submission 2017-02-19 13:14:28 UTC ( 2 years, 2 months ago )
File names Potlimi.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!