× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d164cb4eadc84b05e4a18df52227e0cec4a259a8db9d723bce5a465531c6e71
File name: codexgigas_8644ff6f762165c7417e5665e5b9e7b46a72ef68
Detection ratio: 40 / 65
Analysis date: 2018-06-03 13:13:59 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30905952 20180603
AegisLab Filerepmalware.Gen!c 20180603
AhnLab-V3 Trojan/Win32.Agent.C2548290 20180603
ALYac Trojan.GenericKD.30905952 20180603
Arcabit Trojan.Generic.D1D79660 20180603
Avast Win32:Malware-gen 20180603
AVG Win32:Malware-gen 20180603
AVware Trojan.Win32.Generic!BT 20180603
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9901 20180601
BitDefender Trojan.GenericKD.30905952 20180603
Comodo CloudScanner.Trojan.Gen 20180603
Cylance Unsafe 20180603
Cyren W32/Trojan.HYAB-2299 20180603
Emsisoft Trojan.GenericKD.30905952 (B) 20180603
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/GenKryptik.CBIY 20180603
F-Secure Trojan.GenericKD.30905952 20180603
Fortinet W32/Panda.AZW!tr 20180603
GData Trojan.GenericKD.30905952 20180603
Ikarus Trojan.Win32.Krypt 20180603
Sophos ML heuristic 20180601
K7AntiVirus Trojan ( 005332ea1 ) 20180603
K7GW Trojan ( 005332ea1 ) 20180603
Kaspersky Trojan-Spy.Win32.Panda.azw 20180603
McAfee Artemis!DD425E9FB634 20180603
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20180603
Microsoft Trojan:Win32/Cloxer.D!cl 20180603
eScan Trojan.GenericKD.30905952 20180603
nProtect Trojan-Spy/W32.Panda.203264 20180603
Palo Alto Networks (Known Signatures) generic.ml 20180603
Panda Trj/CI.A 20180603
Qihoo-360 HEUR/QVM20.1.8A11.Malware.Gen 20180603
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180603
Symantec Trojan Horse 20180602
TrendMicro TROJ_GEN.R03FC0OF218 20180603
TrendMicro-HouseCall TROJ_GEN.R03FC0OF218 20180603
VBA32 BScope.TrojanSpy.Panda 20180601
Webroot W32.Trojan.Gen 20180603
ZoneAlarm by Check Point Trojan-Spy.Win32.Panda.azw 20180603
Alibaba 20180603
Antiy-AVL 20180603
Avast-Mobile 20180603
Avira (no cloud) 20180603
Babable 20180406
Bkav 20180601
CAT-QuickHeal 20180603
ClamAV 20180603
CMC 20180603
CrowdStrike Falcon (ML) 20180202
Cybereason None
DrWeb 20180603
eGambit 20180603
F-Prot 20180603
Jiangmin 20180603
Kingsoft 20180603
Malwarebytes 20180603
MAX 20180603
NANO-Antivirus 20180603
Rising 20180603
SUPERAntiSpyware 20180603
Symantec Mobile Insight 20180601
Tencent 20180603
TheHacker 20180531
Trustlook 20180603
VIPRE 20180603
ViRobot 20180603
Yandex 20180529
Zillya 20180601
Zoner 20180603
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2003-2013 Dominik Reichl

Product KeePass
Original name KeePass.exe
Internal name KeePass.exe
File version 2.23.0.0
Description KeePass
Comments KeePass Password Safe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-05 19:29:26
Entry Point 0x00017AC7
Number of sections 4
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
GetDriveTypeW
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetVersionExW
GetExitCodeProcess
LCMapStringA
IsDebuggerPresent
ExitProcess
TlsAlloc
VirtualProtect
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnterCriticalSection
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
CancelIo
GetProcessHeap
GetSystemDefaultLangID
GlobalAddAtomW
GetCPInfo
MoveFileExW
GetModuleHandleA
DeleteVolumeMountPointW
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetStringTypeA
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
HeapDestroy
GetOEMCP
TerminateProcess
QueryPerformanceCounter
InitializeCriticalSection
HeapCreate
VirtualFree
GetEnvironmentStringsW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
ShellExecuteExW
Ord(680)
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 12
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
KeePass Password Safe

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.23.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
KeePass

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
71168

EntryPoint
0x17ac7

OriginalFileName
KeePass.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2003-2013 Dominik Reichl

FileVersion
2.23.0.0

TimeStamp
2018:01:05 20:29:26+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
KeePass.exe

ProductVersion
2.23.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Dominik Reichl

CodeSize
131584

ProductName
KeePass

ProductVersionNumber
2.23.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
2.23.0.16981

Execution parents
File identification
MD5 dd425e9fb63486bc1e92d8da1a27244f
SHA1 8644ff6f762165c7417e5665e5b9e7b46a72ef68
SHA256 3d164cb4eadc84b05e4a18df52227e0cec4a259a8db9d723bce5a465531c6e71
ssdeep
3072:zCE+oo2iaUB9lTvfey9IsmGRUUBLIMbct1tOSmmrOTfchBqG7bBtA7WXGW:WkinlTvtkGhSgeBqGfA7SG

authentihash b0cdb52cf59a70a6783e4df8dad576c6db072fe8d408170f4d2631d1bd7eab71
imphash ffc3d82b5e98b3f60ec92564c57f335e
File size 198.5 KB ( 203264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.9%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-31 20:14:54 UTC ( 10 months, 3 weeks ago )
Last submission 2018-09-14 02:59:52 UTC ( 7 months, 1 week ago )
File names places.exe
chrome.exe
virtualfolders.exe
codexgigas_8644ff6f762165c7417e5665e5b9e7b46a72ef68
2018-05-31-Zeus-Panda-Banker-caused-by-Hanictor-infection.exe
KeePass.exe
dd425e9f.gxe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs