× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4985218139506968b541187195a7612ed6da398c88a8ba124201820a617d7d25
File name: 043486517F4DA706EBE8151E4198AB8C
Detection ratio: 4 / 55
Analysis date: 2015-12-16 11:23:20 UTC ( 3 years ago ) View latest
Antivirus Result Update
AVware Trojan.Win32.Injector.cdgy (v) 20151216
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20151216
Rising PE:Malware.Obscure!1.9C59 [F] 20151216
VIPRE Trojan.Win32.Injector.cdgy (v) 20151216
Ad-Aware 20151216
AegisLab 20151216
Yandex 20151214
AhnLab-V3 20151216
Alibaba 20151208
ALYac 20151216
Antiy-AVL 20151216
Arcabit 20151216
Avast 20151216
AVG 20151216
Avira (no cloud) 20151216
Baidu-International 20151215
BitDefender 20151216
Bkav 20151215
ByteHero 20151216
CAT-QuickHeal 20151216
ClamAV 20151216
CMC 20151216
Comodo 20151216
Cyren 20151216
DrWeb 20151215
Emsisoft 20151216
ESET-NOD32 20151216
F-Prot 20151216
F-Secure 20151216
Fortinet 20151216
GData 20151216
Ikarus 20151216
Jiangmin 20151216
K7AntiVirus 20151216
K7GW 20151216
Kaspersky 20151216
Malwarebytes 20151216
McAfee 20151216
McAfee-GW-Edition 20151216
Microsoft 20151216
eScan 20151216
NANO-Antivirus 20151216
nProtect 20151216
Panda 20151215
Sophos AV 20151216
SUPERAntiSpyware 20151216
Symantec 20151215
Tencent 20151216
TheHacker 20151215
TrendMicro 20151216
TrendMicro-HouseCall 20151216
VBA32 20151216
ViRobot 20151216
Zillya 20151216
Zoner 20151216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Bitcoin Solutions Ltd

Product MultiBit HD
Original name multibit-hd-windows-x64-0.1.4.exe
Internal name multibit-hd
File version 0.1.4
Description MultiBit HD
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-15 19:05:15
Entry Point 0x0000229E
Number of sections 4
PE sections
Overlays
MD5 a1f7267c465457ab200f7ea360fe0b33
File type data
Offset 40960
Size 136194
Entropy 8.00
PE imports
RegCreateKeyExW
CopySid
GetObjectA
CreateBitmap
SelectPalette
GetObjectW
SelectObject
HeapFree
CreateProcessA
GetCurrentDirectoryW
CreateFileW
GetModuleHandleW
FreeLibrary
QueryPerformanceCounter
GetStartupInfoW
CreateFileA
CloseHandle
HeapReAlloc
GetModuleFileNameA
GetLocaleInfoW
Ord(3820)
Ord(2438)
Ord(4621)
Ord(5298)
Ord(2980)
Ord(6371)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(2362)
Ord(5257)
Ord(3733)
Ord(755)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(6370)
Ord(815)
Ord(3257)
Ord(2717)
Ord(641)
Ord(4155)
Ord(3917)
Ord(2506)
Ord(2388)
Ord(3076)
Ord(3142)
Ord(5285)
Ord(6330)
Ord(4667)
Ord(825)
Ord(5710)
Ord(5276)
Ord(4401)
Ord(540)
Ord(2858)
Ord(5273)
Ord(1767)
Ord(2371)
Ord(4480)
Ord(4229)
Ord(2047)
Ord(2504)
Ord(800)
Ord(5157)
Ord(1569)
Ord(470)
Ord(5261)
Ord(3074)
Ord(2613)
Ord(3592)
Ord(4269)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(4831)
Ord(4992)
Ord(4459)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(3254)
Ord(1165)
Ord(3341)
Ord(4692)
Ord(2971)
Ord(4347)
Ord(324)
Ord(5296)
Ord(4704)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(1720)
Ord(4075)
Ord(1131)
Ord(4435)
Ord(5303)
Ord(2546)
Ord(861)
Ord(561)
Ord(1143)
Ord(6372)
Ord(3131)
Ord(5059)
Ord(4370)
Ord(860)
_except_handler3
__p__fmode
_adjust_fdiv
__CxxFrameHandler
__p__commode
__setusermatherr
__dllonexit
_onexit
__wgetmainargs
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
_exit
__set_app_type
ReleaseDC
GetSystemMetrics
SetWindowTextA
PeekMessageW
SendMessageW
EnableWindow
LoadIconW
DrawIcon
GetClientRect
GetSystemMenu
IsIconic
AppendMenuW
SetScrollInfo
MessageBoxA
Number of PE resources by type
RT_DIALOG 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
GERMAN AUSTRIAN 1
ITALIAN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.1.4.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
268464128

EntryPoint
0x229e

OriginalFileName
multibit-hd-windows-x64-0.1.4.exe

MIMEType
application/octet-stream

LegalCopyright
Bitcoin Solutions Ltd

FileVersion
0.1.4

TimeStamp
2015:12:15 20:05:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
multibit-hd

ProductVersion
0.1.4

FileDescription
MultiBit HD

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bitcoin Solutions Ltd

CodeSize
8192

ProductName
MultiBit HD

ProductVersionNumber
0.1.4.0

FileTypeExtension
exe

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 043486517f4da706ebe8151e4198ab8c
SHA1 6b55e5c21aaa3b29995fcfc1cddeb328fa37260b
SHA256 4985218139506968b541187195a7612ed6da398c88a8ba124201820a617d7d25
ssdeep
3072:Ftbk+Y1DhFI8k3o+sQGp13heAnwOga8hYSkuNvP8WoiuR3B:nbzqt4o+UxheAnwPDh3NvIR3B

authentihash 2f5275c43bac26fb970a27b4749989b5f91f5c7a2b77c3e7a86c53689810b4c5
imphash 497495aa0a63d4d95169a2d2887096b7
File size 173.0 KB ( 177154 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-12-16 10:58:23 UTC ( 3 years ago )
Last submission 2016-12-16 15:36:11 UTC ( 1 year, 12 months ago )
File names 4567gh98[1].exe.2512.dr
4567gh98.exe
043486517f4da706ebe8151e4198ab8c.6b55e5c21aaa3b29995fcfc1cddeb328fa37260b.primary_analysis_subject
multibit-hd
thestrong.exe
4985218139506968b541187195a7612ed6da398c88a8ba124201820a617d7d25.exe
multibit-hd-windows-x64-0.1.4.exe
043486517f4da706ebe8151e4198ab8c.exe
4567gh98_exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs