× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3a35b382c6177a3a2e6fb0420f218bbc4e9014ceaa9b743d2f53f711b9ab87ca
File name: 1.gif
Detection ratio: 11 / 58
Analysis date: 2017-02-23 23:20:47 UTC ( 1 year, 12 months ago ) View latest
Antivirus Result Update
AegisLab Troj.Downloader.W32.Lopin.l03S 20170223
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170223
Bkav HW32.Packed.A587 20170223
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (high confidence) 20170222
Sophos ML trojanspy.win32.ursnif.hn 20170203
McAfee-GW-Edition BehavesLike.Win32.Backdoor.dc 20170223
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20170224
Rising Malware.Generic.2!tfe (thunder:2:RPMHuNYptGP) 20170223
Sophos AV Mal/Elenoocka-E 20170223
Symantec ML.Attribute.HighConfidence 20170223
Ad-Aware 20170223
AhnLab-V3 20170223
Alibaba 20170223
ALYac 20170223
Antiy-AVL 20170223
Arcabit 20170223
Avast 20170223
AVG 20170223
Avira (no cloud) 20170223
AVware 20170223
BitDefender 20170223
CAT-QuickHeal 20170223
ClamAV 20170223
CMC 20170223
Comodo 20170223
Cyren 20170223
DrWeb 20170223
Emsisoft 20170223
ESET-NOD32 20170223
F-Prot 20170224
F-Secure 20170224
Fortinet 20170223
GData 20170224
Ikarus 20170223
Jiangmin 20170224
K7AntiVirus 20170223
K7GW 20170223
Kaspersky 20170224
Kingsoft 20170224
Malwarebytes 20170223
McAfee 20170223
Microsoft 20170223
eScan 20170223
NANO-Antivirus 20170223
nProtect 20170223
Panda 20170223
SUPERAntiSpyware 20170223
Tencent 20170224
TheHacker 20170223
TrendMicro 20170223
TrendMicro-HouseCall 20170223
Trustlook 20170224
VBA32 20170223
VIPRE 20170223
ViRobot 20170223
Webroot 20170224
WhiteArmor 20170222
Yandex 20170222
Zillya 20170223
Zoner 20170223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-04 16:08:32
Entry Point 0x00006A8D
Number of sections 3
PE sections
Overlays
MD5 d4262dccaebca397e49a1202457d4592
File type data
Offset 264704
Size 186
Entropy 6.95
PE imports
CopyFileW
RemoveDirectoryW
GetVersionExW
SetEvent
lstrlen
IsBadWritePtr
CreateMailslotA
WaitForSingleObjectEx
LoadLibraryExW
GetConsoleTitleA
GetCommandLineA
GetProcAddress
AddAtomW
CreateFileMappingW
GetTempPathA
GetModuleHandleA
GetProfileStringA
ResetEvent
FindFirstFileW
HeapReAlloc
GetStringTypeW
GetBinaryTypeA
GetCurrencyFormatA
CreateFileW
FindClose
TlsSetValue
OpenSemaphoreW
SetLastError
MprAdminBufferFree
MprAdminDeviceEnum
AlphaBlend
vSetDdrawflag
TraceSQLCancel
TraceSQLFetch
TraceSQLError
TraceSQLConnect
TraceSQLBindCol
InsertMenuA
CharPrevA
IsCharAlphaW
LoadCursorA
CreateDesktopW
DrawStateA
CharNextA
LoadBitmapA
GetMonitorInfoA
GetClassLongA
GetCaretPos
GetPropA
IsChild
DispatchMessageW
CharToOemA
Number of PE resources by type
RT_GROUP_CURSOR 8
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 10
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:10:04 17:08:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
245760

LinkerVersion
5.5

Warning
Possibly corrupt Version resource

EntryPoint
0x6a8d

InitializedDataSize
17920

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 1ecf91cb06f809976ead57a5b14a69e3
SHA1 a2ce142a0f59f8d86fad3df629eb242d5588bd9d
SHA256 3a35b382c6177a3a2e6fb0420f218bbc4e9014ceaa9b743d2f53f711b9ab87ca
ssdeep
3072:yqaHhpWJee4W96yVD+Fy+1HDkbGefzjxRmH+hCOFIqUy8p/1TdyztHz0T9GIhEY0:f12Dbx4bksVQ+mM7SPVTemkst/JglNl

authentihash 1db47c1b0bedbd8aa98301d8b6e163d18dacd5ed3e96c99effe8b6ea417bc68a
imphash 60021c038c2bdebf87b285edd0fe3a1f
File size 258.7 KB ( 264890 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-02-23 23:20:47 UTC ( 1 year, 12 months ago )
Last submission 2017-02-23 23:20:47 UTC ( 1 year, 12 months ago )
File names 1.gif
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!