× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d11fe89ffa14f267391bc539e6808d600e465955ddb854201a1f31a9ded4052
File name: Erraticgopher-1.0.1.exe
Detection ratio: 3 / 60
Analysis date: 2017-04-14 11:07:04 UTC ( 1 year ago ) View latest
Antivirus Result Update
Avast Win32:Stuxnet-C [Wrm] 20170414
Kaspersky UDS:DangerousObject.Multi.Generic 20170414
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170414
Ad-Aware 20170414
AegisLab 20170414
AhnLab-V3 20170414
Alibaba 20170414
Antiy-AVL 20170414
Arcabit 20170414
AVG 20170414
Avira (no cloud) 20170414
AVware 20170410
Baidu 20170414
BitDefender 20170414
Bkav 20170414
CAT-QuickHeal 20170413
ClamAV 20170414
CMC 20170414
Comodo 20170414
CrowdStrike Falcon (ML) 20170130
Cyren 20170414
DrWeb 20170414
Emsisoft 20170414
Endgame 20170413
ESET-NOD32 20170414
F-Prot 20170414
F-Secure 20170414
Fortinet 20170414
GData 20170414
Ikarus 20170414
Sophos ML 20170413
Jiangmin 20170414
K7AntiVirus 20170414
K7GW 20170414
Kingsoft 20170414
Malwarebytes 20170414
McAfee 20170412
McAfee-GW-Edition 20170414
Microsoft 20170414
eScan 20170414
NANO-Antivirus 20170414
nProtect 20170414
Palo Alto Networks (Known Signatures) 20170414
Panda 20170414
Qihoo-360 20170414
Rising None
SentinelOne (Static ML) 20170330
Sophos AV 20170414
SUPERAntiSpyware 20170414
Symantec 20170413
Symantec Mobile Insight 20170414
Tencent 20170414
TheHacker 20170412
TrendMicro 20170414
TrendMicro-HouseCall 20170414
Trustlook 20170414
VBA32 20170414
VIPRE 20170414
ViRobot 20170414
Webroot 20170414
WhiteArmor 20170409
Yandex 20170413
Zillya 20170414
Zoner 20170414
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-09-09 20:34:30
Entry Point 0x000030CF
Number of sections 5
PE sections
PE imports
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
RtlUnwind
GetCurrentProcessId
GetModuleHandleA
InterlockedExchange
QueryPerformanceCounter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
Sleep
GetCurrentThreadId
InterlockedCompareExchange
__WSAFDIsSet
inet_ntoa
recv
WSASetLastError
select
adfw_create
adfw_setValidate
adfw_setID
adfw_delete
adfw_setProcess
mainWrapper
CNEBlob_createFunc
byteSwapShort
CNENetwork_ipToAddr
byteSwapLong
CNEFileIO_fileOpen
CNEMem_cleanNClearNDestroyPointer
CNEBlob_append
CNEFileIO_fileGetSize
CNESystemWin_sleep
CNEBlob_free
CNEFileIO_fileRead
CNE_allocateCleanMemoryFunc
CNESocket_cleanup
CNESocket_startup
CNEFileIO_fileClose
CNEDate_getTimeStamp
_cexit
?terminate@@YAXXZ
memset
__p__fmode
memmove
_exit
_adjust_fdiv
srand
__setusermatherr
free
_stricmp
_amsg_exit
exit
_XcptFilter
__getmainargs
calloc
_initterm
_controlfp
__p__commode
memcpy
__set_app_type
TbDoSmbStartupEx
TbWaitServerSocket
TbDoRpcRequestEx
TbCleanSB
TbFreeStructBuffers
TbCloseSocket
TbSetCallbackSocketData
TbCloseStructSockets
TbSetRemoteSocketData
TbDoRpcBindEx
TbInitStruct
TbMakeServerSocket
TbSend
TbMakeSocket
Parameter_Socket_setValue
Parameter_Boolean_getValue
Parameter_Port_getValue
Parameter_U16_getValue
Params_findParamchoice
Parameter_U32_getValue
Parameter_IPv4_getValue
Paramchoice_getValue
Parameter_getType
Parameter_String_getValue
Parameter_U8_setValue
Parameter_S16_getValue
Parameter_U8_getValue
Parameter_S32_getValue
Parameter_UString_getValue
Params_findParameter
Parameter_Socket_getValue
Parameter_LocalFile_getValue
Parameter_S8_getValue
XDevLib_generateRandomSequence
XDevLib_blobAppendRandomData
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:09:09 21:34:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
9728

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
13312

SubsystemVersion
5.0

EntryPoint
0x30cf

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 b4cb23d33c82bb66a7edcfe85e9d5361
SHA1 ef8bd410fdd6044e3f673fbb3a2fe1dce4cefc46
SHA256 3d11fe89ffa14f267391bc539e6808d600e465955ddb854201a1f31a9ded4052
ssdeep
384:nBsHvMLfHb2FTie8H2mxEswsV/q9Zvl4wMKFx1soTOUudk/9u3:nqHvMuFTdmxVwv5laK/1s/rw9

authentihash 84064331b950a345a8d9b81d17026eee618ab298a3ebac9231b5ad90dfb63d67
imphash dead1bc2d7e1f75d27360c46ea16ba28
File size 23.5 KB ( 24064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-14 11:07:04 UTC ( 1 year ago )
Last submission 2017-08-17 10:37:51 UTC ( 8 months ago )
File names aa
output.111135817.txt
b4cb23d33c82bb66a7edcfe85e9d5361
3d11fe89ffa14f267391bc539e6808d600e465955ddb854201a1f31a9ded4052
Erraticgopher-1.0.1.exe
mORGCRifgA.txt
Erraticgopher-1.0.1.exe
Erraticgopher-1.0.1.exe
Erraticgopher-1.0.1.exe
DKByyzA7e.png
Erraticgopher-1.0.1.exe
erraticgopher-1.0.1.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!