× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3840c989d447cc34933cd8adeaae1cba7ebec5a6d44e447c8e5a85a6284f46f9
File name: 20208.exe
Detection ratio: 4 / 56
Analysis date: 2016-03-10 07:42:43 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
AVware FraudTool.Win32.SecurityShield.ek!c (v) 20160310
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160310
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160310
VIPRE FraudTool.Win32.SecurityShield.ek!c (v) 20160310
Ad-Aware 20160310
AegisLab 20160310
Yandex 20160308
AhnLab-V3 20160309
Alibaba 20160310
ALYac 20160310
Antiy-AVL 20160310
Arcabit 20160310
Avast 20160310
AVG 20160310
Avira (no cloud) 20160310
Baidu-International 20160309
BitDefender 20160310
Bkav 20160309
ByteHero 20160310
CAT-QuickHeal 20160310
ClamAV 20160310
CMC 20160307
Comodo 20160310
Cyren 20160310
DrWeb 20160310
Emsisoft 20160310
ESET-NOD32 20160310
F-Prot 20160310
F-Secure 20160310
Fortinet 20160310
GData 20160310
Ikarus 20160310
Jiangmin 20160310
K7AntiVirus 20160309
K7GW 20160310
Kaspersky 20160310
Malwarebytes 20160310
McAfee 20160310
McAfee-GW-Edition 20160309
Microsoft 20160310
eScan 20160310
NANO-Antivirus 20160310
nProtect 20160309
Panda 20160309
Qihoo-360 20160310
Sophos AV 20160310
SUPERAntiSpyware 20160310
Symantec 20160309
Tencent 20160310
TheHacker 20160310
TrendMicro 20160310
TrendMicro-HouseCall 20160310
VBA32 20160309
ViRobot 20160310
Zillya 20160309
Zoner 20160310
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-10 03:18:48
Entry Point 0x0000105A
Number of sections 12
PE sections
Overlays
MD5 ecb69c4370f5ec1495b8cf925630494a
File type data
Offset 105472
Size 5063
Entropy 7.90
PE imports
RemoveClusterResourceDependency
GetSystemWow64DirectoryW
GetSystemDefaultLangID
ReleaseSemaphore
DnsHostnameToComputerNameW
lstrlenA
InitializeCriticalSection
Process32First
GetDiskFreeSpaceW
GetStringTypeExW
GetShortPathNameW
OpenWaitableTimerW
CreateHardLinkW
GetProcessHandleCount
IsBadCodePtr
RemoveDirectoryA
GetProcAddress
GetModuleHandleW
GetPrivateProfileStringW
FindWindowW
wprintf
tmpfile
isdigit
isprint
_chkstk
sin
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:03:10 04:18:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
55808

LinkerVersion
8.0

Warning
Error processing PE data dictionary

EntryPoint
0x105a

InitializedDataSize
152064

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 0c9f38f626757d97baea333c313f6d0e
SHA1 f9097ef187666ac6cdf0076e60594f8bfb7ba7d2
SHA256 3840c989d447cc34933cd8adeaae1cba7ebec5a6d44e447c8e5a85a6284f46f9
ssdeep
1536:QEAhBhaRlpQNgS2eloEuc14QsfmUsqj5TGj/SeQzMq8s:QEAhBYTKHxuFfmZq9ai

authentihash 1bae73afb1d18b1c5f8d931553013d13270aa6d23d502265039ff7250613c2a6
imphash 098398dc6c292b12b2a80055f28b855e
File size 107.9 KB ( 110535 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
corrupt peexe overlay

VirusTotal metadata
First submission 2016-03-10 07:35:02 UTC ( 3 years, 2 months ago )
Last submission 2016-08-06 04:05:17 UTC ( 2 years, 9 months ago )
File names 20208.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!