× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 358c23ad6958195cad2e9d9b07e348d9d7ab2f416679cc7238996f3772fe6c21
File name: 1[1].gif
Detection ratio: 5 / 24
Analysis date: 2017-02-27 00:58:37 UTC ( 1 year, 12 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170224
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Sophos ML trojandropper.win32.sality.au 20170203
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20170226
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20170227
AegisLab 20170226
Antiy-AVL 20170227
Arcabit 20170227
Avira (no cloud) 20170226
AVware 20170227
Bkav 20170225
ClamAV 20170226
CMC 20170226
Emsisoft 20170227
F-Secure 20170227
Ikarus 20170226
Jiangmin 20170226
Kaspersky 20170226
Kingsoft 20170227
Malwarebytes 20170226
Panda 20170226
Trustlook 20170227
VIPRE None
Zillya 20170224
Zoner 20170226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-10 03:04:39
Entry Point 0x00004A49
Number of sections 3
PE sections
Overlays
MD5 11be91bb35d4c83cf0c59c4583019fdf
File type data
Offset 240128
Size 186
Entropy 6.80
PE imports
IsValidAcl
RegRestoreKeyA
ReadEventLogA
RegLoadKeyA
RegSaveKeyA
IsValidSid
OpenEventLogW
InitializeAcl
RegReplaceKeyW
RegUnLoadKeyA
RegCreateKeyExA
RegEnumKeyA
CryptSignHashA
AuthzInitializeContextFromSid
AuthzAddSidsToContext
ErrMsgParam
FindSheet
ErrMsg
WaitForSingleObject
SetEvent
GetStartupInfoA
GetPriorityClass
LoadLibraryExW
GetConsoleAliasW
GetConsoleTitleA
GetProcAddress
GetPrivateProfileIntW
OpenMutexA
GetFullPathNameA
CreateMutexA
FindResourceExA
CreateSemaphoreA
GetModuleHandleA
GetSystemDirectoryW
ReadFile
GlobalAddAtomA
GetProfileStringA
CreateFileMappingA
FindFirstFileW
GetGeoInfoW
IsBadStringPtrW
InterlockedExchange
ResumeThread
GetLogicalDriveStringsA
OpenSemaphoreA
GetCurrencyFormatW
ReadConsoleW
CreateFileA
lstrcpyn
FindFirstVolumeW
InterlockedIncrement
wsprintfA
LoadCursorA
IsDialogMessageW
FlashWindow
DrawStateA
LoadMenuW
GetPropA
PeekMessageA
DialogBoxParamA
PostMessageW
IsCharLowerW
LoadBitmapA
CreateDesktopW
GetClassLongA
CharToOemA
Number of PE resources by type
RT_RCDATA 3
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:05:10 04:04:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
30720

LinkerVersion
7.6

FileTypeExtension
exe

InitializedDataSize
208384

SubsystemVersion
4.0

EntryPoint
0x4a49

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

File identification
MD5 b983523d709e8614ce0a01aa1efe82a0
SHA1 c4c9046e5e521f51f874fd8aaf0768de3e344adb
SHA256 358c23ad6958195cad2e9d9b07e348d9d7ab2f416679cc7238996f3772fe6c21
ssdeep
3072:KIjzN8e4QViLyznQH+DYLKXSrBOhxkuiSDk1zhKcdgCxdIbEVjp0I1uucuPWpGFS:K2R8e4IzkHSyhluCjIAJ23/uPWavq

authentihash de6c42cecc76f8eb2637401b6fc3bf852d16bf2168cac79cace0528bc9a8d197
imphash 07af8550bd30860d3b8a92d1447561c1
File size 234.7 KB ( 240314 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe suspicious-udp overlay

VirusTotal metadata
First submission 2017-02-27 00:58:37 UTC ( 1 year, 12 months ago )
Last submission 2017-02-27 00:58:37 UTC ( 1 year, 12 months ago )
File names 358c23ad6958195cad2e9d9b07e348d9d7ab2f416679cc7238996f3772fe6c21
1[1].gif
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
UDP communications