× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 49660afd0d24c80d00eb8b0bf5ecbc1745b371162e89625e3bd36d21072956af
File name: texis_decrypted.exe
Detection ratio: 2 / 47
Analysis date: 2013-06-05 15:40:30 UTC ( 5 years, 7 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20130604
Malwarebytes Trojan.Agent 20130604
Yandex 20130603
AhnLab-V3 20130603
AntiVir 20130604
Antiy-AVL 20130603
Avast 20130604
AVG 20130604
BitDefender 20130604
ByteHero 20130603
CAT-QuickHeal 20130604
ClamAV 20130604
Commtouch 20130604
Comodo 20130604
DrWeb 20130604
Emsisoft 20130604
eSafe 20130530
ESET-NOD32 20130603
F-Prot 20130604
F-Secure 20130604
Fortinet 20130604
GData 20130604
Ikarus 20130604
Jiangmin 20130604
K7AntiVirus 20130603
K7GW 20130603
Kingsoft 20130506
McAfee 20130604
McAfee-GW-Edition 20130603
Microsoft 20130604
eScan 20130604
NANO-Antivirus 20130604
Norman 20130604
nProtect 20130604
Panda 20130603
PCTools 20130521
Rising 20130604
Sophos AV 20130604
SUPERAntiSpyware 20130604
Symantec 20130604
TheHacker 20130601
TotalDefense 20130603
TrendMicro 20130604
TrendMicro-HouseCall 20130604
VBA32 20130604
VIPRE 20130604
ViRobot 20130604
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013

Product rewtyguijgbui
Original name trrfuikhjknjhb.exe
Internal name ddfstyuguoihyoi
File version 4, 30, 0, 1
Description gdfyujhoi
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-01 19:22:07
Entry Point 0x00001A30
Number of sections 5
PE sections
Overlays
MD5 bd4e7800f1c9f27fad2633df09bb3137
File type data
Offset 233472
Size 512
Entropy 7.62
PE imports
GetCurrentProcess
TerminateProcess
MoveFileExW
GetModuleFileNameW
CreateFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
UpdateWindow
RegisterClassExW
EndDialog
BeginPaint
GetMessageW
TranslateMessage
DialogBoxParamW
DefWindowProcW
LoadStringW
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
EndPaint
PostQuitMessage
ShowWindow
TranslateAcceleratorW
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_DIALOG 3
RT_ICON 2
RT_VXD 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 5
NEUTRAL 4
BASQUE DEFAULT 2
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Unknown (1C09)

FileFlagsMask
0x0017

CharacterSet
Windows, Latin1

InitializedDataSize
196608

EntryPoint
0x1a30

OriginalFileName
trrfuikhjknjhb.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013

FileVersion
4, 30, 0, 1

TimeStamp
2013:06:01 20:22:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ddfstyuguoihyoi

ProductVersion
4, 30, 0, 1

FileDescription
gdfyujhoi

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
32768

ProductName
rewtyguijgbui

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 c0b4c0b64facb36334eeccd19e19d65c
SHA1 a7fabb3307ab6b5e939360b66e15faffaeab47a7
SHA256 49660afd0d24c80d00eb8b0bf5ecbc1745b371162e89625e3bd36d21072956af
ssdeep
3072:ZSBoB6BJGzsfeFMdwVx3tokcZvPARtYjjVFr9TunDvruknweIHejEtx1xqtM:ZSKg2ofHdwH+Xvh/rInDTukw0gwO

authentihash d9c29b04b86741ed474e8665f4b7051c0dc3141014e041ee59176cfcc95858aa
imphash 68049f84c98b1a2d03ea718cbc57d437
File size 228.5 KB ( 233984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-06-05 13:06:32 UTC ( 5 years, 7 months ago )
Last submission 2016-05-24 22:41:59 UTC ( 2 years, 7 months ago )
File names vti-rescan
trrfuikhjknjhb.exe
sample.ex
texis_decrypted.exe
file-5564644_exe
vt-upload-P0ahZ
ddfstyuguoihyoi
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!