× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4e0a712b7d53889c742d9d6f2211ffc3b0c3097d42c9b367939511c06a522b11
File name: gdiplus
Detection ratio: 48 / 53
Analysis date: 2014-05-28 02:29:25 UTC ( 9 months ago )
Antivirus Result Update
AVG Downloader.Generic13.BDIP 20140527
Ad-Aware Trojan.GenericKD.1118722 20140528
Agnitum Backdoor.Androm!/s23QO1FlW8 20140527
AhnLab-V3 Backdoor/Win32.Androm 20140527
AntiVir TR/Rogue.1118722 20140528
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20140528
Avast Win32:Malware-gen 20140528
Baidu-International Backdoor.Win32.Androm.av 20140527
BitDefender Trojan.GenericKD.1118722 20140528
CAT-QuickHeal Backdoor.Kelihos.F 20140527
CMC Packed.Win32.Ransom-Crypter.1!O 20140526
ClamAV Win.Trojan.Androm-85 20140527
Commtouch W32/Backdoor.UUEB-2237 20140528
Comodo TrojWare.Win32.Kryptik.ODNF 20140528
DrWeb BackDoor.Tishop.55 20140528
ESET-NOD32 Win32/TrojanDownloader.Zurgop.AW 20140528
Emsisoft Trojan-PSW.Win32.OnlineGames (A) 20140528
F-Prot W32/Backdoor2.HSHV 20140528
F-Secure Trojan.GenericKD.1118722 20140528
Fortinet W32/Androm.AEHI!tr.bdr 20140527
GData Trojan.GenericKD.1118722 20140528
Ikarus Trojan-Spy.Zbot 20140528
K7AntiVirus Trojan ( 00403a7a1 ) 20140527
K7GW Trojan ( 00403a7a1 ) 20140527
Kaspersky Backdoor.Win32.Androm.aehi 20140528
Kingsoft Win32.Troj.Undef.(kcloud) 20140528
Malwarebytes Trojan.Downloader 20140528
McAfee Generic.pq 20140528
McAfee-GW-Edition Generic.pq 20140527
MicroWorld-eScan Trojan.GenericKD.1118722 20140528
Microsoft TrojanDownloader:Win32/Dofoil.R 20140527
NANO-Antivirus Trojan.Win32.Androm.bxxgkg 20140528
Norman Kelihos.TJU 20140527
Panda Trj/Agent.IVN 20140527
Qihoo-360 Trojan.Generic 20140528
Rising PE:Trojan.Win32.Generic.157EDAD6!360635094 20140527
Sophos Troj/Agent-ACPA 20140528
Symantec Trojan Horse 20140528
Tencent Win32.Backdoor.Androm.Lnof 20140528
TheHacker Trojan/Downloader.Zurgop.aw 20140528
TotalDefense Win32/Dofoil.MS 20140527
TrendMicro TROJ_DOFOIL.QC 20140528
TrendMicro-HouseCall TROJ_DOFOIL.QC 20140528
VBA32 BScope.Malware-Cryptor.Mystig 20140527
VIPRE Trojan.Win32.Generic!BT 20140528
ViRobot Backdoor.Win32.S.Androm.143360 20140527
Zillya Backdoor.Androm.Win32.1412 20140528
nProtect Backdoor/W32.Androm.143360 20140527
AegisLab 20140528
Bkav 20140527
ByteHero 20140528
Jiangmin 20140527
SUPERAntiSpyware 20140528
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name gdiplus
Internal name gdiplus
File version 5.1.3097.0 (xpclient.010811-1534)
Description Microsoft GDI+
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-01-19 14:27:09
Link date 3:27 PM 1/19/2002
Entry Point 0x00003EB5
Number of sections 5
PE sections
PE imports
GetLastError
lstrlenA
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
lstrlenW
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
lstrcmpW
TerminateProcess
Sleep
GetCurrentThreadId
SetLastError
_amsg_exit
_acmdln
_ismbblead
__p__fmode
_unlock
_chdir
_adjust_fdiv
_lock
__p__commode
__dllonexit
_onexit
_exit
?terminate@@YAXXZ
exit
_XcptFilter
_cexit
__getmainargs
_initterm
_controlfp
__setusermatherr
__set_app_type
Number of PE resources by type
SIAMDB 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL DEFAULT 2
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.3097.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
106496

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.1.3097.0 (xpclient.010811-1534)

TimeStamp
2002:01:19 15:27:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
gdiplus

FileAccessDate
2014:05:28 03:54:38+01:00

ProductVersion
5.1.3097.0

FileDescription
Microsoft GDI+

OSVersion
4.0

FileCreateDate
2014:05:28 03:54:38+01:00

OriginalFilename
gdiplus

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
32768

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.3097.0

EntryPoint
0x3eb5

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 a5bdeaadb002e12a38c9d354097f9a9a
SHA1 65529d45b7b970b6e82519c5675cf4e77f1659e1
SHA256 4e0a712b7d53889c742d9d6f2211ffc3b0c3097d42c9b367939511c06a522b11
ssdeep
3072:notRG+koYxCmRfB0vw6PL2zHoytG5dHJZE5d8Na:n+A+kTxCmRfCJS8ytG5dHL+N

imphash 630600c9fa851b0e802988d1b97e43bd
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-17 09:17:59 UTC ( 1 year, 7 months ago )
Last submission 2013-08-06 21:10:16 UTC ( 1 year, 6 months ago )
File names vt-upload-jf_iD
vt-upload-L4Mrb
_8570028661.jpg.exe_
malekal_a5bdeaadb002e12a38c9d354097f9a9a
37.exe
vt-upload-fEdI2
gdiplus
vti-rescan
vt-upload-K7_1L
Image 16_07_2013 _ 8570028661.jpg.exe
Image.exe
65529D45B7B970B6E82519C5675CF4E77F1659E1.exe
file-5735015_exe
vt-upload-PZf47
Image_16_07_2013_8570028661.jpg.exe
vt-upload-ma6QE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!