× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 42ea98051e08ead9398a05a7fe1e7ae0a9cd14fb8af48903ffc3ebef07c8a8cd
File name: oxecogub.exe
Detection ratio: 1 / 56
Analysis date: 2016-04-13 02:37:38 UTC ( 3 years ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20160412
Ad-Aware 20160413
AegisLab 20160413
AhnLab-V3 20160412
Alibaba 20160413
ALYac 20160413
Antiy-AVL 20160413
Arcabit 20160413
Avast 20160413
AVG 20160412
Avira (no cloud) 20160412
AVware 20160413
Baidu-International 20160412
BitDefender 20160413
Bkav 20160412
CAT-QuickHeal 20160413
ClamAV 20160412
CMC 20160412
Comodo 20160413
Cyren 20160413
DrWeb 20160413
Emsisoft 20160413
ESET-NOD32 20160413
F-Prot 20160413
Fortinet 20160404
GData 20160413
Ikarus 20160412
Jiangmin 20160413
K7AntiVirus 20160412
K7GW 20160404
Kaspersky 20160412
Kingsoft 20160413
Malwarebytes 20160412
McAfee 20160413
McAfee-GW-Edition 20160413
Microsoft 20160413
eScan 20160413
NANO-Antivirus 20160413
nProtect 20160412
Panda 20160412
Qihoo-360 20160413
Rising 20160413
Sophos AV 20160412
SUPERAntiSpyware 20160413
Symantec 20160413
Tencent 20160413
TheHacker 20160412
TotalDefense 20160412
TrendMicro 20160413
TrendMicro-HouseCall 20160413
VBA32 20160412
VIPRE 20160413
ViRobot 20160413
Yandex 20160412
Zillya 20160412
Zoner 20160413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-01 09:01:22
Entry Point 0x00015804
Number of sections 4
PE sections
PE imports
CloseServiceHandle
GetNumberOfEventLogRecords
QueryServiceConfigA
NotifyChangeEventLog
SetServiceStatus
QueryServiceStatus
OpenEventLogA
OpenSCManagerW
BackupEventLogA
RegSetValueA
EqualSid
ChangeServiceConfig2A
LsaNtStatusToWinError
PrivilegeCheck
ClearEventLogA
ChangeServiceConfigW
ReportEventA
EnumServicesStatusW
OpenSCManagerA
AddFontResourceA
GetSystemPaletteEntries
CreateMetaFileA
TextOutA
SetTextAlign
CreateICW
CreatePolygonRgn
CreateRectRgnIndirect
SetStretchBltMode
EnumFontsA
GetDeviceGammaRamp
CreateDCA
DeleteDC
SetBkMode
CreateDIBPatternBrush
GetMetaFileA
GetObjectW
CreateHalftonePalette
GetFontLanguageInfo
GetICMProfileW
CreateHatchBrush
GetTextFaceW
CreateBitmap
GdiFlush
SetROP2
CreateCompatibleDC
GetTextFaceA
ResizePalette
SetBrushOrgEx
ExtEscape
DeleteObject
SetDIBColorTable
GetTextColor
SetViewportExtEx
SetPixelV
SetBkColor
GetCharWidth32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BuildCommDCBA
GetLastError
GetDriveTypeW
FindFirstChangeNotificationA
ExitProcess
CallNamedPipeA
FlushFileBuffers
EndUpdateResourceA
ExitThread
GlobalSize
GetStartupInfoA
FileTimeToLocalFileTime
CompareFileTime
Process32First
GetProfileSectionW
Module32First
FillConsoleOutputAttribute
GetProfileStringW
GetTimeFormatW
GlobalAddAtomW
GetCPInfo
GetModuleHandleA
GetCommTimeouts
Module32Next
GetCurrentProcess
DeleteAtom
FatalAppExitW
CreateFileMappingA
GetACP
GetDiskFreeSpaceA
EscapeCommFunction
GetFullPathNameA
GetFileAttributesExW
FindAtomW
GetCurrencyFormatA
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
FindNextChangeNotification
HeapAlloc
FindResourceA
BeginUpdateResourceA
CompareStringA
GetAsyncKeyState
CharToOemBuffW
UpdateWindow
SetPropA
EndDialog
GetScrollPos
KillTimer
DestroyMenu
GetMessageW
CheckMenuRadioItem
GetPropA
SetDebugErrorLevel
LoadIconA
SetRectEmpty
SetWindowPlacement
MoveWindow
GetDlgItemTextA
WindowFromPoint
GetWindowDC
ChildWindowFromPoint
CheckDlgButton
DispatchMessageW
CreateDialogParamW
DrawTextA
GetDoubleClickTime
GetMenu
SetClipboardData
DefFrameProcA
DdeGetLastError
GetThreadDesktop
InvalidateRect
IsCharUpperA
DlgDirListA
AdjustWindowRect
CloseDesktop
ChangeDisplaySettingsExW
IsRectEmpty
EnumDisplaySettingsW
SendMessageTimeoutW
OpenClipboard
Number of PE resources by type
RT_ICON 7
RT_DIALOG 3
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 8
ROMANIAN 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.40.146.45

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
3149824

EntryPoint
0x15804

OriginalFileName
Grits.exe

MIMEType
application/octet-stream

LegalCopyright
Munchers Packings 2015

FileVersion
2010

TimeStamp
2015:11:01 10:01:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Parameter

FileDescription
Minding

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
GoGoData.com

CodeSize
86016

ProductName
GoGoData.com Hankered

ProductVersionNumber
0.178.200.175

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 746c08c28a8c62dc4593519d5ebcda43
SHA1 c2e34729cd6ad35f9b34e43b88a3b994002d0592
SHA256 42ea98051e08ead9398a05a7fe1e7ae0a9cd14fb8af48903ffc3ebef07c8a8cd
ssdeep
12288:xxkHla8be+5bt2ErKEuM3NZJBlmbJVJLWqVmsRo8:xxkHlaItjliLWqVrp

authentihash ba41fb06a35b85f5aeef63a9f300cf5090dd7b6e1e471900e3a43ad0ea9f8a36
imphash f33c3fd714e3f4d4bc496b78b246b047
File size 524.0 KB ( 536576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-13 02:37:38 UTC ( 3 years ago )
Last submission 2016-04-13 02:37:38 UTC ( 3 years ago )
File names rpecappd.exe
oxecogub.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!