× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 431dad4d5df19f7e2e125a6a9ba49aa9a277ba133ba793dbfc09ab59d193b6df
File name: testir.exe
Detection ratio: 3 / 57
Analysis date: 2016-06-08 09:22:37 UTC ( 2 years, 4 months ago )
Antivirus Result Update
Bkav HW32.Packed.46DD 20160608
McAfee-GW-Edition BehavesLike.Win32.Backdoor.vc 20160608
Qihoo-360 HEUR/QVM05.1.Malware.Gen 20160608
Ad-Aware 20160608
AegisLab 20160608
AhnLab-V3 20160608
Alibaba 20160608
ALYac 20160608
Antiy-AVL 20160608
Arcabit 20160608
Avast 20160608
AVG 20160608
Avira (no cloud) 20160608
AVware 20160608
Baidu 20160608
Baidu-International 20160606
BitDefender 20160608
CAT-QuickHeal 20160608
ClamAV 20160608
CMC 20160607
Comodo 20160608
Cyren 20160608
DrWeb 20160608
Emsisoft 20160608
ESET-NOD32 20160608
F-Prot 20160608
F-Secure 20160608
Fortinet 20160608
GData 20160608
Ikarus 20160608
Jiangmin 20160608
K7AntiVirus 20160608
K7GW 20160608
Kaspersky 20160608
Kingsoft 20160608
Malwarebytes 20160608
McAfee 20160608
Microsoft 20160608
eScan 20160608
NANO-Antivirus 20160608
nProtect 20160607
Panda 20160607
Rising 20160608
Sophos AV 20160608
SUPERAntiSpyware 20160608
Symantec 20160608
Tencent 20160608
TheHacker 20160607
TotalDefense 20160607
TrendMicro 20160608
TrendMicro-HouseCall 20160608
VBA32 20160607
VIPRE 20160608
ViRobot 20160608
Yandex 20160607
Zillya 20160607
Zoner 20160608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-14 09:39:46
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegConnectRegistryA
InitCommonControlsEx
InitCommonControls
GetOpenFileNameA
GetSaveFileNameA
GetObjectA
SetDIBits
CreateFontA
DeleteDC
CreateDCA
GetObjectType
BitBlt
GetStockObject
CreateBitmap
GetDeviceCaps
SetPixel
CreateSolidBrush
GetDIBits
SelectObject
SetBkColor
CreateDIBSection
CreateCompatibleDC
DeleteObject
SetTextColor
HeapFree
GetStdHandle
EnterCriticalSection
HeapCreate
GlobalFree
WaitForSingleObject
FreeLibrary
MulDiv
HeapDestroy
HeapAlloc
TlsAlloc
GetVersionExA
LoadLibraryA
EndUpdateResourceA
GetModuleFileNameA
UpdateResourceA
GetFileSize
CreatePipe
GetCurrentProcess
SizeofResource
GetCurrentProcessId
LockResource
DeleteFileA
MultiByteToWideChar
GetProcAddress
EnumResourceTypesA
SetFilePointer
CreateThread
GetModuleHandleA
ReadFile
WriteFile
EnumResourceNamesA
CloseHandle
DuplicateHandle
HeapReAlloc
MoveFileA
CreateProcessA
InitializeCriticalSection
LoadResource
GlobalAlloc
Sleep
CreateFileA
ExitProcess
GetCurrentThreadId
FindResourceA
BeginUpdateResourceA
SetLastError
LeaveCriticalSection
strncmp
malloc
sscanf
memset
fclose
strcat
abort
fprintf
_setjmp3
fopen
strlen
strncpy
fabs
floor
strtod
fseek
ftell
_snprintf
sprintf
exit
log10
__p__iob
fread
longjmp
free
ceil
getenv
memcpy
memmove
_CIpow
strcpy
strcmp
RevokeDragDrop
CoInitialize
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteExA
MapWindowPoints
RedrawWindow
TranslateAcceleratorA
GetForegroundWindow
GetParent
UpdateWindow
SetPropA
PostMessageA
FillRect
BeginPaint
DrawStateA
EnumWindows
SetFocus
MoveWindow
LoadImageA
GetIconInfo
DefWindowProcA
ShowWindow
GetSystemMetrics
GetPropA
SetWindowPos
GetWindowThreadProcessId
CreateIconFromResourceEx
CharLowerA
GetWindowRect
DispatchMessageA
EndPaint
SetCapture
ReleaseCapture
EnumChildWindows
WindowFromPoint
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetSysColor
RegisterClassExA
GetCursorPos
SystemParametersInfoA
RemovePropA
SetWindowTextA
GetKeyState
DestroyIcon
UnregisterClassA
CreateAcceleratorTableA
DefFrameProcA
IsWindowVisible
IsZoomed
SendMessageA
DestroyWindow
GetClientRect
SetTimer
SetCursorPos
IsIconic
ScreenToClient
InvalidateRect
GetWindowLongA
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
LoadIconA
GetMessageA
GetActiveWindow
RegisterClassA
DestroyAcceleratorTable
SetActiveWindow
GetSysColorBrush
CreateIconFromResource
CallWindowProcA
GetClassNameA
GetFocus
MsgWaitForMultipleObjects
EnableWindow
GetWindowTextA
SetCursor
IsChild
PtInRect
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
timeEndPeriod
timeBeginPeriod
WSAStartup
closesocket
WSACleanup
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:05:14 10:39:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
165376

LinkerVersion
2.5

EntryPoint
0x1000

InitializedDataSize
6395904

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 446a9affb3bb0cbcaef7bcc537ec65ff
SHA1 f94071b22d878b4fe1ee030794a61dad7ae9626b
SHA256 431dad4d5df19f7e2e125a6a9ba49aa9a277ba133ba793dbfc09ab59d193b6df
ssdeep
196608:4UX2p3VPXX7maHrH73LkLa+LdcvzigDk4v2/Bdpfx:SPXX7brHx+ozigPeBbf

authentihash dcb46344d1efcdc6ded8bb055b2ce92c332706ba1b24e6f8da47cbb18492ba3d
imphash bc5e7728987599241faf7194625efe00
File size 6.3 MB ( 6557184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (39.6%)
Win32 EXE PECompact compressed (generic) (27.8%)
Win32 Executable MS Visual C++ (generic) (20.9%)
Win32 Dynamic Link Library (generic) (4.4%)
Win32 Executable (generic) (3.0%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-14 09:40:14 UTC ( 2 years, 5 months ago )
Last submission 2016-05-14 09:41:34 UTC ( 2 years, 5 months ago )
File names testir.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications