× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4d4ef9ba4ecef015aca4c72ee0d3ee26fb0f86bd1a3299a47a655f722e3e22c9
File name: gallery.exe
Detection ratio: 13 / 48
Analysis date: 2013-10-10 13:30:58 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
AntiVir DR/Delphi.Gen 20131010
Avast Win32:Malware-gen 20131010
Comodo UnclassifiedMalware 20131010
DrWeb Trojan.DownLoad3.12898 20131010
Ikarus Trojan.Win32.FakeAV 20131010
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130829
McAfee Artemis!961DBA6CF73D 20131010
McAfee-GW-Edition Artemis!961DBA6CF73D 20131010
NANO-Antivirus Trojan.Win32.DR.zmevg 20131009
Norman Suspicious_Gen4.FBTIL 20131010
Panda Suspicious file 20131010
Symantec WS.Reputation.1 20131010
TrendMicro-HouseCall TROJ_GEN.R0CBOH0I713 20131010
AVG 20131010
Agnitum 20131010
AhnLab-V3 20131010
Antiy-AVL 20131010
Baidu-International 20131010
BitDefender 20131010
Bkav 20131010
ByteHero 20130924
CAT-QuickHeal 20131010
ClamAV 20131010
Commtouch 20131010
ESET-NOD32 20131010
Emsisoft 20131010
F-Prot 20131010
F-Secure 20131010
Fortinet 20131010
GData 20131010
Jiangmin 20130903
K7AntiVirus 20131009
K7GW 20131009
Kaspersky 20131010
Malwarebytes 20131010
MicroWorld-eScan 20131010
Microsoft 20131010
PCTools 20131002
Rising 20131010
SUPERAntiSpyware 20131010
Sophos 20131010
TheHacker 20131010
TotalDefense 20131009
TrendMicro 20131010
VBA32 20131010
VIPRE 20131010
ViRobot 20131010
nProtect 20131010
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000892C
Number of sections 8
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetLastError
GetStdHandle
EnterCriticalSection
lstrlenA
FreeLibrary
ExitProcess
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
WinExec
DeleteCriticalSection
GetStartupInfoA
LoadLibraryExA
GetLocaleInfoA
LocalAlloc
GetCPInfo
UnhandledExceptionFilter
GetCommandLineA
GetProcAddress
SetFilePointer
RaiseException
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
WriteFile
EnumCalendarInfoA
ReadFile
lstrcpynA
GetACP
GetDiskFreeSpaceA
GetCurrentThreadId
LocalFree
InitializeCriticalSection
VirtualQuery
VirtualFree
FindClose
TlsGetValue
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetStringTypeExA
GetVersion
VirtualAlloc
GetFileSize
LeaveCriticalSection
SysReAllocStringLen
SysFreeString
GetSystemMetrics
LoadStringA
CharNextA
MessageBoxA
GetKeyboardType
CharToOemA
Number of PE resources by type
RT_STRING 5
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 7
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32256

LinkerVersion
2.25

EntryPoint
0x892c

InitializedDataSize
10752

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 961dba6cf73d24181634321e90323577
SHA1 f9af9485f91a0c202dd1956170d76797695e1adb
SHA256 4d4ef9ba4ecef015aca4c72ee0d3ee26fb0f86bd1a3299a47a655f722e3e22c9
ssdeep
98304:TtVrmR7i1XYzWbDK8VganR5FV6OLxVOvbWCC6nsI/zIsJbBGTbWInQlFRvbTJR1D:TLrmCWWvK8V3n/xVysIrIsJ4f7G3LCs

File size 6.1 MB ( 6380673 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 7 (89.9%)
UPX compressed Win32 Executable (4.1%)
Win32 EXE Yoda's Crypter (3.5%)
Win32 Dynamic Link Library (generic) (0.8%)
Win32 Executable (generic) (0.6%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-08-24 06:42:16 UTC ( 8 months ago )
Last submission 2013-12-04 19:44:03 UTC ( 4 months, 2 weeks ago )
File names 17822881
gallery.exe
output.17822881.txt
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!