× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 41e698c7f1febdb53b9b7eae0f48fd93949602d0631d6f6b7dc0768958f7107a
File name: valid.bin
Detection ratio: 8 / 61
Analysis date: 2017-08-18 05:40:08 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170817
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170804
Cylance Unsafe 20170818
Endgame malicious (high confidence) 20170721
Sophos ML heuristic 20170818
Qihoo-360 HEUR/QVM20.1.3D68.Malware.Gen 20170818
SentinelOne (Static ML) static engine - malicious 20170806
Symantec ML.Attribute.HighConfidence 20170818
Ad-Aware 20170818
AegisLab 20170818
AhnLab-V3 20170817
Alibaba 20170818
Antiy-AVL 20170818
Arcabit 20170818
Avast 20170818
AVG 20170818
Avira (no cloud) 20170818
AVware 20170818
BitDefender 20170818
CAT-QuickHeal 20170817
ClamAV 20170818
CMC 20170818
Comodo 20170818
Cyren 20170818
DrWeb 20170818
Emsisoft 20170818
ESET-NOD32 20170818
F-Prot 20170818
F-Secure 20170818
Fortinet 20170818
GData 20170818
Ikarus 20170817
Jiangmin 20170818
K7AntiVirus 20170818
K7GW 20170817
Kaspersky 20170818
Kingsoft 20170818
Malwarebytes 20170818
MAX 20170818
McAfee 20170818
McAfee-GW-Edition 20170818
Microsoft 20170818
eScan 20170818
NANO-Antivirus 20170818
nProtect 20170818
Palo Alto Networks (Known Signatures) 20170818
Panda 20170817
Sophos AV 20170818
SUPERAntiSpyware 20170818
Symantec Mobile Insight 20170818
TheHacker 20170817
TotalDefense 20170818
TrendMicro 20170818
TrendMicro-HouseCall 20170818
Trustlook 20170818
VBA32 20170817
VIPRE 20170818
ViRobot 20170818
Webroot 20170818
WhiteArmor 20170817
Yandex 20170817
Zillya 20170817
ZoneAlarm by Check Point 20170818
Zoner 20170818
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-15 12:59:41
Entry Point 0x00002EA3
Number of sections 4
PE sections
PE imports
CreateToolbar
ImageList_SetDragCursorImage
GetFileTitleA
PrintDlgExW
FindTextA
PrintDlgExA
SetBrushOrgEx
DdEntry34
GetEnhMetaFileBits
SetROP2
GdiComment
ColorCorrectPalette
GdipAddPathClosedCurve2I
GdipCreateBitmapFromGdiDib
SymGetSymFromName
MakeSureDirectoryPathExists
SymEnumSym
GetLastError
lstrlenA
SetConsoleScreenBufferSize
lstrcatA
GetVersion
GetModuleHandleA
lstrcmpA
VirtualFree
GetCurrentProcess
ExitProcess
SetHandleContext
VirtualProtect
GetCurrentThreadId
GetProcAddress
VirtualAlloc
LoadLibraryA
SetLastError
GradientFill
AlphaBlend
OleSaveToStream
PropSysFreeString
GetOleaccVersionInfo
AccessibleObjectFromEvent
CreateStdDispatch
VarI1FromUI1
VarI1FromR4
VarUI8FromBool
OleUIInsertObjectW
Win32DeleteFile
StrRStrIA
PathStripToRootW
GetAcceptLanguagesW
GetMenuPosFromID
AssocGetPerceivedType
RealChildWindowFromPoint
GetDoubleClickTime
ExitWindowsEx
mmioStringToFOURCCA
mixerGetControlDetailsW
DeviceCapabilitiesA
AddPrinterConnectionW
WaitForPrinterChange
GetJobW
ConvertAnsiDevModeToUnicodeDevmode
GetPrinterDataExA
SplDriverUnloadComplete
DeletePrintProvidorW
Number of PE resources by type
RT_DIALOG 4
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:08:15 14:59:41+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
102400

LinkerVersion
2.5

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x2ea3

InitializedDataSize
11264

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 63926cbe0da4b67482d3908c5985d2d5
SHA1 e268aa1a005f082fedb978564f63b7e3b413a54a
SHA256 41e698c7f1febdb53b9b7eae0f48fd93949602d0631d6f6b7dc0768958f7107a
ssdeep
1536:tLcxmJkRH+awQV+NEUKOx2b/GsQfZKoUM3/nuD3BphYP/uKNR:tAslQXHOC/GsQfQMPubhYuKNR

authentihash 1d48dc5a7e7102ed68a351ada0be77ba73422100eb2b84ffa3e02514b83bb942
imphash 5a2804b24b405c993017a21fcb0bba72
File size 112.0 KB ( 114688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (34.2%)
Win64 Executable (generic) (30.3%)
Windows screen saver (14.3%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-18 05:40:08 UTC ( 1 year, 8 months ago )
Last submission 2017-10-31 17:32:49 UTC ( 1 year, 5 months ago )
File names combo.vir
valid.bin
63926cbe0da4b67482d3908c5985d2d5.exe
63926cbe0da4b67482d3908c5985d2d5_exe
combo.exe
valid.exe
valid.exe
41e698c7f1febdb53b9b7eae0f48fd93949602d0631d6f6b7dc0768958f7107a.doc
valid.bin
valid.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!