× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 407c2a36d1f153ce3b5021fd62a4f84445a98fc312089cf6de5501225e8c1f50
File name: Mid
Detection ratio: 37 / 67
Analysis date: 2018-07-23 10:31:03 UTC ( 3 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.CEQP 20180723
AegisLab Troj.Horse.Gen!c 20180723
AhnLab-V3 Backdoor/Win32.Akdoor.R196010 20180723
ALYac Backdoor.Agent.R741376 20180723
Antiy-AVL Trojan/Win32.BTSGeneric 20180723
Arcabit Trojan.Agent.CEQP 20180723
Avast Win32:Malware-gen 20180723
AVG Win32:Malware-gen 20180723
AVware Trojan.Win32.Generic!BT 20180723
BitDefender Trojan.Agent.CEQP 20180723
CAT-QuickHeal Udsdangerousobject.Multi 20180723
Comodo UnclassifiedMalware 20180723
Cybereason malicious.de4a29 20180225
Emsisoft Trojan.Agent.CEQP (B) 20180723
ESET-NOD32 a variant of Win32/NukeSped.AS 20180723
F-Secure Trojan.Agent.CEQP 20180723
GData Trojan.Agent.CEQP 20180723
Ikarus Trojan.Win32.NukeSped 20180723
Sophos ML heuristic 20180717
Kaspersky Backdoor.Win32.Akbot.gp 20180723
MAX malware (ai score=99) 20180723
McAfee RDN/Generic.dx 20180723
McAfee-GW-Edition RDN/Generic.dx 20180723
Microsoft Trojan:Win32/Bitrep.A 20180723
eScan Trojan.Agent.CEQP 20180723
NANO-Antivirus Trojan.Win32.Akbot.fbtnuq 20180723
Panda Trj/GdSda.A 20180722
Qihoo-360 Win32/Trojan.799 20180723
Rising Malware.Undefined!8.C (CLOUD) 20180723
Sophos AV Mal/Generic-S 20180723
Symantec Trojan Horse 20180723
Tencent Win32.Trojan.Agent.Pfiu 20180723
VBA32 BScope.Trojan-Dropper.Injector 20180720
VIPRE Trojan.Win32.Generic!BT 20180723
ViRobot Trojan.Win32.S.Agent.741376.IG 20180723
Zillya Trojan.Agent.Win32.814573 20180720
ZoneAlarm by Check Point Backdoor.Win32.Akbot.gp 20180723
Alibaba 20180713
Avast-Mobile 20180723
Avira (no cloud) 20180723
Baidu 20180723
Bkav 20180723
ClamAV 20180723
CMC 20180723
CrowdStrike Falcon (ML) 20180530
Cylance 20180723
Cyren 20180723
DrWeb 20180723
eGambit 20180723
Endgame 20180711
F-Prot 20180723
Fortinet 20180723
Jiangmin 20180723
K7AntiVirus 20180723
K7GW 20180723
Kingsoft 20180723
Malwarebytes 20180723
Palo Alto Networks (Known Signatures) 20180723
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180722
TACHYON 20180723
TheHacker 20180723
TotalDefense 20180722
TrendMicro 20180723
TrendMicro-HouseCall 20180723
Trustlook 20180723
Webroot 20180723
Yandex 20180720
Zoner 20180723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright ⓒ 2015

Product Microsoft Mid
Original name Mid.exe
Internal name Mid
File version 1, 0, 0, 1
Description Mid
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-29 05:31:30
Entry Point 0x0006D000
Number of sections 4
PE sections
PE imports
DeregisterEventSource
ReportEventA
RegisterEventSourceA
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
GetEnvironmentVariableA
FindClose
TlsGetValue
SetLastError
GetSystemTime
ReadConsoleInputA
GetModuleFileNameW
ExitProcess
GetVersionExA
GetModuleFileNameA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
GetVersion
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetCPInfo
GetProcAddress
CompareStringW
FindFirstFileA
CompareStringA
GlobalMemoryStatus
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
InitializeCriticalSection
FlushConsoleInputBuffer
LCMapStringW
HeapCreate
LCMapStringA
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
SetFilePointer
ReadFile
CloseHandle
GetACP
GetCurrentThreadId
SetConsoleMode
VirtualFree
VirtualAlloc
GetDesktopWindow
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
__WSAFDIsSet
recv
send
select
shutdown
WSASetLastError
closesocket
inet_ntoa
WSAGetLastError
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
KOREAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
262144

ImageVersion
0.0

ProductName
Microsoft Mid

FileVersionNumber
1.0.0.1

LanguageCode
Korean

FileFlagsMask
0x003f

FileDescription
Mid

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Mid.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
1, 0, 0, 1

TimeStamp
2016:09:29 06:31:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Mid

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2015

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
491520

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x6d000

ObjectFileType
Executable application

File identification
MD5 bb20ff8de4a2973ff48e4ee4e3ca921c
SHA1 2bdb07d8c3a941d23a678726c5beb9201731aaf8
SHA256 407c2a36d1f153ce3b5021fd62a4f84445a98fc312089cf6de5501225e8c1f50
ssdeep
12288:rL8gCCGwppI3jBprFd6JZo1CYvhdUIpVWM:v85bdWo8YvhdTph

authentihash 976cb803a8c8e359b78fa151295b9cb8fcbcbe9b22d887b3a3326d407fa9f30b
imphash 61cd9d277bba5a785353649551355a79
File size 724.0 KB ( 741376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-21 20:15:18 UTC ( 1 year, 8 months ago )
Last submission 2017-08-09 16:01:37 UTC ( 1 year, 3 months ago )
File names bb20ff8de4a2973ff48e4ee4e3ca921c.exe
Mid.exe
Mid
igfxper.exe
407c2a36d1f153ce3b5021fd62a4f84445a98fc312089cf6de5501225e8c1f50
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs