× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 44fc672b41cd40573555091cf2765760cd57db5c26aaf41bf55a27f641b7ee06
File name: me.gif.exe
Detection ratio: 21 / 59
Analysis date: 2017-03-01 10:34:49 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4485949 20170301
AegisLab Uds.Dangerousobject.Multi!c 20170301
ALYac Trojan.GenericKD.4485949 20170301
Arcabit Trojan.Generic.D44733D 20170301
Avira (no cloud) TR/Crypt.Xpack.bjkzw 20170301
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170301
BitDefender Trojan.GenericKD.4485949 20170301
CrowdStrike Falcon (ML) malicious_confidence_98% (W) 20170130
Emsisoft Trojan.GenericKD.4485949 (B) 20170301
Endgame malicious (moderate confidence) 20170222
F-Secure Trojan.GenericKD.4485949 20170301
GData Trojan.GenericKD.4485949 20170301
Ikarus Trojan.Crypt.XPACK 20170301
Kaspersky UDS:DangerousObject.Multi.Generic 20170228
Malwarebytes Trojan.MalPack 20170301
McAfee Artemis!56829E6C5F30 20170301
McAfee-GW-Edition Artemis!Trojan 20170301
eScan Trojan.GenericKD.4485949 20170301
Symantec Trojan.Gen.8 20170228
ViRobot Trojan.Win32.Z.Agent.286720.TR[h] 20170301
Webroot W32.Trojan.Gen 20170301
AhnLab-V3 20170228
Alibaba 20170228
Antiy-AVL 20170301
Avast 20170301
AVG 20170301
AVware 20170301
Bkav 20170228
CAT-QuickHeal 20170301
ClamAV 20170301
CMC 20170301
Comodo 20170301
Cyren 20170301
DrWeb 20170301
ESET-NOD32 20170301
F-Prot 20170301
Fortinet 20170301
Sophos ML 20170203
Jiangmin 20170301
K7AntiVirus 20170301
K7GW 20170301
Kingsoft 20170301
Microsoft 20170301
NANO-Antivirus 20170301
nProtect 20170301
Panda 20170228
Qihoo-360 20170301
Rising None
Sophos AV 20170301
SUPERAntiSpyware 20170301
Tencent 20170301
TheHacker 20170228
TotalDefense 20170301
TrendMicro 20170301
TrendMicro-HouseCall 20170301
Trustlook 20170301
VBA32 20170301
VIPRE 20170301
WhiteArmor 20170222
Yandex 20170225
Zillya 20170301
Zoner 20170301
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-26 18:07:47
Entry Point 0x00001A88
Number of sections 5
PE sections
PE imports
DeleteDC
SelectObject
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetConsoleCP
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
SizeofResource
GetConsoleMode
DecodePointer
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
RaiseException
CreateThread
TlsFree
FindFirstFileExA
LeaveCriticalSection
SetUnhandledExceptionFilter
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FreeLibrary
TerminateProcess
GetModuleHandleExW
IsValidCodePage
LoadResource
SetLastError
CreateFileW
VirtualQuery
VirtualFree
CreateEventA
FindClose
TlsGetValue
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
FindResourceA
VirtualAlloc
WriteConsoleW
CloseHandle
MessageBoxW
TranslateMessage
UpdateWindow
EndPaint
BeginPaint
GetMessageW
MessageBoxA
DefWindowProcW
LoadCursorW
LoadIconW
CreateWindowExW
RegisterClassExW
PostQuitMessage
ShowWindow
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_MANIFEST 1
AFX_DIALOG_LAYOUT 1
RT_DIALOG 1
RT_HTML 1
Number of PE resources by language
BULGARIAN DEFAULT 2
ENGLISH US 1
ENGLISH CAN 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:02:26 19:07:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
44032

LinkerVersion
14.0

EntryPoint
0x1a88

InitializedDataSize
241664

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 56829e6c5f30eb96f0ae36c022e2ecd2
SHA1 bedb07fff4153fa1edbe05f5ff57464255147e50
SHA256 44fc672b41cd40573555091cf2765760cd57db5c26aaf41bf55a27f641b7ee06
ssdeep
1536:m6f0oLknQnSmbcl1RvMKGfCJV22o99p4JcfABQJ2sWAjJcdyHvkz:hAmI3RUr6JV2D4JxwZcy8z

authentihash db27f60e29305d0619e428657970e4834419eda3c2455544e381d840d085c7d2
imphash de476829977f6346c039460c352ef77f
File size 280.0 KB ( 286720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-27 01:12:29 UTC ( 2 years, 1 month ago )
Last submission 2017-07-12 14:41:51 UTC ( 1 year, 9 months ago )
File names ehsdrtjtwt.ex_
127303.exe
227289.exe
568198.exe
me.gif.exe
315892.exe
185719.exe
342871.exe
56829e6c5f30eb96f0ae36c022e2ecd2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.