× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 381976956f94d747407e9beaa9231dacdbd6bc19093621cc8058a3bbd09f3b06
File name: gplc.exe
Detection ratio: 3 / 46
Analysis date: 2013-03-06 01:46:10 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
TheHacker Posible_Worm32 20130305
TrendMicro PAK_Generic.001 20130306
TrendMicro-HouseCall PAK_Generic.001 20130306
Yandex 20130305
AhnLab-V3 20130305
AntiVir 20130305
Antiy-AVL 20130305
Avast 20130306
AVG 20130305
BitDefender 20130306
ByteHero 20130304
CAT-QuickHeal 20130305
ClamAV 20130306
Commtouch 20130306
Comodo 20130306
DrWeb 20130306
Emsisoft 20130306
eSafe 20130211
ESET-NOD32 20130306
F-Prot 20130306
F-Secure 20130306
Fortinet 20130306
GData 20130306
Ikarus 20130306
Jiangmin 20130304
K7AntiVirus 20130305
Kaspersky 20130305
Kingsoft 20130304
Malwarebytes 20130306
McAfee 20130306
McAfee-GW-Edition 20130306
Microsoft 20130306
eScan 20130306
NANO-Antivirus 20130306
Norman 20130305
nProtect 20130305
Panda 20130305
PCTools 20130306
Rising 20130305
Sophos AV 20130306
SUPERAntiSpyware 20130306
Symantec 20130305
TotalDefense 20130305
VBA32 20130305
VIPRE 20130306
ViRobot 20130306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-10 16:35:34
Entry Point 0x000304C0
Number of sections 3
PE sections
Overlays
MD5 0c1ad37e7a50f60e2ae227bcf7b8552f
File type data
Offset 22016
Size 35780
Entropy 4.15
PE imports
RegCloseKey
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:10:10 17:35:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
2.22

EntryPoint
0x304c0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
176128

File identification
MD5 f61f5ee071a20a696ece716031b7f037
SHA1 068becb0c748dd729ebd8626857990330e70cb5d
SHA256 381976956f94d747407e9beaa9231dacdbd6bc19093621cc8058a3bbd09f3b06
ssdeep
768:JKpCZIO9t8/X/PHDBI1yswBG8Sbt6Wd0V97THqdlXTpnoRTsQ1:JCCZIOoP/PHio5BGVEv8lDpG

authentihash 8dd83e0af684e326e63662dc8cc7424db0f51b6ae1a350b3ce9df85e5e42c2ba
imphash 125564129ade11c774776f566568bde7
File size 56.4 KB ( 57796 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2013-03-06 01:46:10 UTC ( 4 years, 7 months ago )
Last submission 2016-03-10 15:42:46 UTC ( 1 year, 7 months ago )
File names gplc.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications