× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4768c3d2b522c8f42a2123594961dea3d531876aacd47fce626d70fe9eca0cd6
File name: Gapz.exe
Detection ratio: 34 / 44
Analysis date: 2013-02-12 15:14:10 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
AntiVir SPR/Tool.299520.2 20130212
Avast Win32:Crypt-OKH [Trj] 20130212
AVG Generic30.ANZV 20130212
BitDefender Trojan.Dropper.Rootkit.NDL 20130212
CAT-QuickHeal Trojan.Sasfis.dkal 20130212
Comodo UnclassifiedMalware 20130212
Emsisoft Trojan.Win32.Agent.AMN (A) 20130212
ESET-NOD32 Win32/Gapz.A 20130212
F-Secure Trojan.Dropper.Rootkit.NDL 20130212
Fortinet Riskware/PiracyGuard 20130212
GData Trojan.Dropper.Rootkit.NDL 20130212
Ikarus Win32.SuspectCrc 20130212
Jiangmin Trojan/Sasfis.abvs 20130212
K7AntiVirus Trojan 20130211
Kaspersky Trojan.Win32.Sasfis.dkal 20130212
Kingsoft Win32.Troj.Agent.xh.(kcloud) 20130204
Malwarebytes Trojan.Agent 20130212
McAfee Generic PUP.x!cd3 20130212
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.B 20130212
Microsoft Trojan:Win32/Screud.A 20130212
eScan Trojan.Dropper.Rootkit.NDL 20130212
NANO-Antivirus Trojan.Win32.Sasfis.bdsqhm 20130212
Norman Suspicious_Gen4.BKTMC 20130212
nProtect Trojan/W32.Rootkit.299520.B 20130212
Panda Trj/CI.A 20130212
PCTools Trojan.Gapz 20130212
Sophos AV Troj/Gapz-C 20130212
Symantec Trojan.Gapz 20130212
TheHacker Trojan/Gapz.a 20130211
TrendMicro TROJ_DROPPR.GAD 20130212
TrendMicro-HouseCall TROJ_DROPPR.GAD 20130212
VBA32 SScope.Trojan.FakeAV.01679 20130212
VIPRE Trojan.Win32.RansomWare.PiracyGuard 20130212
ViRobot Trojan.Win32.A.Sasfis.299520.C 20130212
Yandex 20130211
Antiy-AVL 20130212
ByteHero 20130211
ClamAV 20130212
Commtouch 20130212
eSafe 20130211
F-Prot 20130211
Rising 20130205
SUPERAntiSpyware 20130212
TotalDefense 20130212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-30 17:57:32
Entry Point 0x00003356
Number of sections 5
PE sections
PE imports
GetOpenFileNameW
PrintDlgW
GetDeviceCaps
LineTo
GetTextMetricsW
EndPage
DeleteDC
CreateFontIndirectW
SelectObject
MoveToEx
GetStockObject
TextOutW
EndDoc
StartPage
AddFontResourceW
RemoveFontResourceW
DeleteObject
StartDocW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
VirtualProtect
GetFileAttributesW
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
CreateThread
GetStringTypeA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
MulDiv
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
LocalFree
FormatMessageW
TerminateProcess
GetModuleFileNameA
QueryPerformanceCounter
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
GetEnvironmentStringsW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
CommandLineToArgvW
UpdateWindow
GetScrollInfo
BeginPaint
DefWindowProcW
GetMessageW
PostQuitMessage
ShowWindow
SetWindowLongW
MessageBoxW
RegisterClassExW
ScrollWindowEx
MoveWindow
TranslateMessage
GetDC
ReleaseDC
SetScrollInfo
SendMessageW
GetWindowLongW
LoadStringW
GetClientRect
GetDlgItem
DispatchMessageW
InvalidateRect
FillRect
LoadCursorW
LoadIconW
CreateWindowExW
EndPaint
Number of PE resources by type
RT_ICON 1
RT_STRING 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:10:30 18:57:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
33792

LinkerVersion
9.0

EntryPoint
0x3356

InitializedDataSize
264704

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 e5b9295e0b147501f47e2fcba93deb6c
SHA1 dff6933199137cc49c2af5f73a2d431ce2e41084
SHA256 4768c3d2b522c8f42a2123594961dea3d531876aacd47fce626d70fe9eca0cd6
ssdeep
6144:pVdr9kqTH3sAGSLVaIIeRVv1MR3NYWQthJtCaSz:p3rCSB46viC9HCa6

authentihash db77378e719bd589ccf94237cdf950acdda257fc9de8f11091322baaf6bd6184
imphash 82ad72ea2da1d0794f29cb626f19725e
File size 292.5 KB ( 299520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2012-10-30 23:28:32 UTC ( 4 years, 9 months ago )
Last submission 2017-08-18 19:30:29 UTC ( 2 days, 14 hours ago )
File names Flash_Player_v11.3.301_for_Windows.exe
pguard_rxykeum.exe
4768c3d2b522c8f42a2123594961dea3d531876aacd47fce626d70fe9eca0cd6
E5B9295E0B147501F47E2FCBA93DEB6C
4768c3d2b522c8f42a2123594961dea3d531876aacd47fce626d70fe9eca0cd6.vexe
e5b9295e0b147501f47e2fcba93deb6c.virus
W32.Gapz.A.exe
amateur_dog_sex_01.avi.exe
DFF6933199137CC49C2AF5F73A2D431CE2E41084
Gapz.exe
CPD.EXE
4768c3d2b522c8f42a2123594961dea3d531876aacd47fce626d70fe9eca0cd6
2_xxx-porn-movie.avi.exe
Dropper.Rootkit.exe
xxx-porn-movie.avi.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!