× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d64bd3d9f05775eca9ad98e115497d68169c18e9cbbf68d287bf38830660ecd
File name: 10441143.exe
Detection ratio: 41 / 56
Analysis date: 2015-03-29 13:04:26 UTC ( 3 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.43816 20150329
Yandex Trojan.Agent!r9grnBFmkjU 20150328
AhnLab-V3 Dropper/Win32.Necurs 20150329
ALYac Gen:Variant.Symmi.43816 20150329
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20150329
Avast Win32:Malware-gen 20150329
AVG Win32/Cryptor 20150329
Avira (no cloud) TR/Lethic.A.45 20150329
AVware Trojan.Win32.Generic!BT 20150329
Baidu-International Trojan.Win32.Injector.40 20150329
BitDefender Gen:Variant.Symmi.43816 20150329
CAT-QuickHeal Trojan.Lethic.B5 20150328
Comodo UnclassifiedMalware 20150329
Cyren W32/Powessere.A.gen!Eldorado 20150329
DrWeb BackDoor.IRC.NgrBot.42 20150329
Emsisoft Gen:Variant.Symmi.43816 (B) 20150329
ESET-NOD32 a variant of Win32/Injector.BHDO 20150329
F-Prot W32/Powessere.A.gen!Eldorado 20150329
F-Secure Gen:Variant.Symmi.43816 20150329
Fortinet W32/Generic!tr 20150329
GData Gen:Variant.Symmi.43816 20150329
Ikarus Trojan.Win32.Lethic 20150329
Kaspersky HEUR:Trojan.Win32.Generic 20150329
Kingsoft Win32.Troj.Undef.(kcloud) 20150329
Malwarebytes Trojan.Agent.ED 20150329
McAfee W32/Worm-FJB!3AAEFC988F47 20150329
McAfee-GW-Edition BehavesLike.Win32.PackedAP.lh 20150329
Microsoft Trojan:Win32/Lethic.B 20150329
eScan Gen:Variant.Symmi.43816 20150329
NANO-Antivirus Trojan.Win32.Inject.dbzztg 20150329
Norman Troj_Generic.UWZEW 20150329
Panda Trj/Genetic.gen 20150327
Qihoo-360 HEUR/Malware.QVM10.Gen 20150329
Rising PE:Trojan.Win32.Generic.16F88570!385385840 20150329
Sophos AV Troj/Wonton-ES 20150329
Symantec Trojan.Gen 20150329
Tencent Trojan.Win32.YY.Gen.4 20150329
TrendMicro TROJ_SPNR.14GA14 20150329
TrendMicro-HouseCall TROJ_SPNR.14GA14 20150329
VBA32 Malware-Cryptor.Limpopo 20150327
VIPRE Trojan.Win32.Generic!BT 20150329
AegisLab 20150329
Alibaba 20150329
Bkav 20150328
ByteHero 20150329
ClamAV 20150329
CMC 20150327
K7AntiVirus 20150329
K7GW 20150329
nProtect 20150327
SUPERAntiSpyware 20150328
TheHacker 20150327
TotalDefense 20150329
ViRobot 20150329
Zillya 20150329
Zoner 20150327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2013 Wondershare

Publisher Wondershare
Product MobileGo
Original name MobileGo.exe
Internal name MobileGo.exe
File version 4.1.0.6
Description Wondershare MobileGo for Android
Comments Wondershare MobileGo for Android
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-03 22:19:59
Entry Point 0x00004A73
Number of sections 4
PE sections
PE imports
CommDlgExtendedError
Polygon
CreateHalftonePalette
SetStretchBltMode
CreatePen
SaveDC
ResizePalette
OffsetClipRgn
GetTextMetricsA
LPtoDP
PathToRegion
GetClipBox
SetICMProfileW
GetPixel
GetGlyphOutlineA
GetObjectA
PlayEnhMetaFile
DeleteDC
GetBoundsRect
GetObjectType
SetLayout
SetWindowOrgEx
StartPage
FixBrushOrgEx
BitBlt
GetFontLanguageInfo
ColorMatchToTarget
CreatePolyPolygonRgn
CreateDIBPatternBrushPt
GetDeviceCaps
SetBoundsRect
GetArcDirection
SetDIBitsToDevice
GetStockObject
CreateDIBitmap
GetPolyFillMode
ExtTextOutA
GetDCPenColor
AddFontMemResourceEx
GetEnhMetaFileBits
CreateCompatibleDC
GetTextAlign
StretchBlt
PolyBezier
EnumICMProfilesA
SetROP2
CreateRectRgn
CloseFigure
GetAspectRatioFilterEx
SelectObject
SetPolyFillMode
AbortDoc
ColorCorrectPalette
CloseMetaFile
GetEnhMetaFileHeader
CreateSolidBrush
Polyline
DPtoLP
SetViewportOrgEx
UpdateICMRegKeyW
DeleteObject
CreateCompatibleBitmap
EndPath
GetStdHandle
GetFileAttributesA
FindFirstFileW
HeapDestroy
CreateTimerQueue
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
ExitProcess
SetHandleCount
GetThreadContext
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
GetThreadTimes
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
ResumeThread
InitAtomTable
InitializeCriticalSection
InterlockedDecrement
SetFileAttributesW
OutputDebugStringA
SetLastError
CopyFileW
RemoveDirectoryW
CopyFileA
HeapAlloc
GetModuleFileNameA
LoadLibraryExA
CancelDeviceWakeupRequest
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
TlsSetValue
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
TerminateProcess
ConvertThreadToFiber
VirtualQuery
SetEndOfFile
GetVersion
InterlockedIncrement
AreFileApisANSI
HeapFree
EnterCriticalSection
SetCommBreak
GetLastError
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
DeleteFileA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
AssignProcessToJobObject
GetModuleFileNameW
FreeEnvironmentStringsW
FindFirstFileA
GetCurrentThreadId
FindNextFileA
CreateFileW
GetFileType
SetMessageWaitingIndicator
GetProcessTimes
LocalUnlock
LeaveCriticalSection
GlobalGetAtomNameW
LCMapStringW
GetSystemInfo
GlobalFree
GetTapeStatus
LCMapStringA
FindNextFileW
SetProcessShutdownParameters
GetEnvironmentStringsW
GlobalAlloc
RemoveDirectoryA
VirtualFree
CancelWaitableTimer
GetEnvironmentStrings
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
ReleaseSemaphore
TlsFree
SetFilePointer
CloseHandle
UnlockFileEx
GetACP
GetModuleHandleW
CreateProcessA
HeapCreate
WriteFile
CreateProcessW
Sleep
VirtualAlloc
Ord(131)
Ord(680)
SHIsLowMemoryMachine
SetFocus
GetAsyncKeyState
DrawAnimatedRects
OpenInputDesktop
ClipCursor
GetScrollBarInfo
SetSystemCursor
GetMessageW
MessageBeep
CheckMenuItem
SetWindowWord
GetClipboardViewer
SetMessageQueue
GrayStringW
ShowWindowAsync
ChildWindowFromPoint
IsCharAlphaA
SetProcessWindowStation
MsgWaitForMultipleObjectsEx
ActivateKeyboardLayout
CheckDlgButton
GetDC
CopyImage
EndDeferWindowPos
ShowCaret
GetMenuItemRect
GetTitleBarInfo
OemKeyScan
GetRawInputData
SendMessageA
DlgDirSelectExW
GetClientRect
GetKeyboardLayoutList
EnableMenuItem
GetThreadDesktop
MonitorFromRect
TabbedTextOutA
DefFrameProcA
IsClipboardFormatAvailable
SetMessageExtraInfo
CountClipboardFormats
DefDlgProcA
IsDlgButtonChecked
CreateIcon
CreateIconFromResource
GetSystemMenu
UserHandleGrantAccess
TabbedTextOutW
GetUpdateRect
PostThreadMessageA
Number of PE resources by type
JPEG 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Wondershare MobileGo for Android

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.1.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
38912

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright 2013 Wondershare

FileVersion
4.1.0.6

TimeStamp
2014:07:03 23:19:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MobileGo.exe

SubsystemVersion
5.0

ProductVersion
4.1.0.6

FileDescription
Wondershare MobileGo for Android

OSVersion
5.0

OriginalFilename
MobileGo.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Wondershare

CodeSize
40448

ProductName
MobileGo

ProductVersionNumber
4.1.0.6

EntryPoint
0x4a73

ObjectFileType
Executable application

AssemblyVersion
4.1.0.6

File identification
MD5 3aaefc988f47ad8850ef36945143f43f
SHA1 1f00085648164f1635cbc394062f6cd975966deb
SHA256 3d64bd3d9f05775eca9ad98e115497d68169c18e9cbbf68d287bf38830660ecd
ssdeep
1536:0YZZTuG3p7jryQ/pXkBtAJHyyrSpBugXFY7:lY6+syyr2Bugq7

authentihash 2c95c2e77ad19a1cf83d1dbe80ccdc6ea579e130b8f972a1d1d7d915f2310ac6
imphash 79be027799cc29dcbdc62976d7c55de1
File size 78.5 KB ( 80384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-04 01:32:10 UTC ( 4 years, 6 months ago )
Last submission 2014-10-25 00:43:22 UTC ( 4 years, 2 months ago )
File names 10441143.exe
3D64BD3D9F05775ECA9AD98E115497D68169C18E9CBBF68D287BF38830660ECD
10441143.exe
MobileGo.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs