× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4e0a712b7d53889c742d9d6f2211ffc3b0c3097d42c9b367939511c06a522b11
File name: gdiplus
Detection ratio: 38 / 45
Analysis date: 2013-08-13 05:28:54 UTC ( 8 months ago )
Antivirus Result Update
AVG BackDoor.Generic17.AFCS 20130812
Agnitum Backdoor.Androm!/s23QO1FlW8 20130812
AhnLab-V3 Backdoor/Win32.Androm 20130813
AntiVir TR/Rogue.1118722 20130813
Antiy-AVL Backdoor/Win32.Androm.gen 20130813
Avast Win32:Malware-gen 20130813
BitDefender Trojan.GenericKD.1118722 20130813
CAT-QuickHeal TrojanDownloader.Dofoil.R.cw5 20130812
ClamAV Win.Trojan.Androm-85 20130813
Commtouch W32/Backdoor.UUEB-2237 20130813
Comodo UnclassifiedMalware 20130813
DrWeb BackDoor.Tishop.55 20130813
ESET-NOD32 Win32/TrojanDownloader.Zurgop.AW 20130812
Emsisoft Trojan-Downloader.Win32.Zurgop (A) 20130813
F-Prot W32/Backdoor2.HSHV 20130813
F-Secure Trojan.GenericKD.1118722 20130813
Fortinet W32/Androm.AEHI!tr.bdr 20130813
GData Trojan.GenericKD.1118722 20130813
Ikarus Trojan-PWS.Win32.Tepfer 20130813
K7AntiVirus Trojan 20130812
K7GW Trojan 20130812
Kaspersky Backdoor.Win32.Androm.aehi 20130813
Malwarebytes Trojan.Downloader 20130813
McAfee RDN/Generic Downloader.x!hz 20130813
McAfee-GW-Edition RDN/Generic Downloader.x!hz 20130812
Microsoft TrojanDownloader:Win32/Dofoil.R 20130813
NANO-Antivirus Trojan.Win32.Androm.bxxgkg 20130812
Norman Kelihos.TJU 20130812
PCTools Trojan.Generic 20130812
Panda Trj/Zbot.M 20130812
Symantec Trojan Horse 20130813
TheHacker Trojan/Downloader.Zurgop.aw 20130813
TotalDefense Win32/Dofoil.MS 20130812
TrendMicro TROJ_DOFOIL.QC 20130813
TrendMicro-HouseCall TROJ_DOFOIL.QC 20130813
VBA32 BScope.Malware-Cryptor.Mystig 20130812
VIPRE Trojan.Win32.Generic!BT 20130813
nProtect Backdoor/W32.Androm.143360 20130813
ByteHero 20130724
Jiangmin 20130813
Kingsoft 20130723
MicroWorld-eScan 20130813
Rising 20130813
SUPERAntiSpyware 20130813
ViRobot 20130813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
Authenticode signature block
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Version 5.1.3097.0
Original name gdiplus
Internal name gdiplus
File version 5.1.3097.0 (xpclient.010811-1534)
Description Microsoft GDI+
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-01-19 14:27:09
Entry Point 0x00003EB5
Number of sections 5
PE sections
PE imports
GetLastError
lstrlenA
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
lstrlenW
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
lstrcmpW
TerminateProcess
Sleep
GetCurrentThreadId
SetLastError
_amsg_exit
_acmdln
_ismbblead
__p__fmode
_unlock
_chdir
_adjust_fdiv
_lock
__p__commode
__dllonexit
_onexit
_exit
?terminate@@YAXXZ
exit
_XcptFilter
_cexit
__getmainargs
_initterm
_controlfp
__setusermatherr
__set_app_type
Number of PE resources by type
SIAMDB 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL DEFAULT 2
Compressed bundles
File identification
MD5 a5bdeaadb002e12a38c9d354097f9a9a
SHA1 65529d45b7b970b6e82519c5675cf4e77f1659e1
SHA256 4e0a712b7d53889c742d9d6f2211ffc3b0c3097d42c9b367939511c06a522b11
ssdeep
3072:notRG+koYxCmRfB0vw6PL2zHoytG5dHJZE5d8Na:n+A+kTxCmRfCJS8ytG5dHL+N

File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-17 09:17:59 UTC ( 9 months ago )
Last submission 2013-08-06 21:10:16 UTC ( 8 months, 1 week ago )
File names vt-upload-jf_iD
vt-upload-L4Mrb
_8570028661.jpg.exe_
malekal_a5bdeaadb002e12a38c9d354097f9a9a
37.exe
vt-upload-fEdI2
gdiplus
vti-rescan
vt-upload-K7_1L
Image 16_07_2013 _ 8570028661.jpg.exe
Image.exe
65529D45B7B970B6E82519C5675CF4E77F1659E1.exe
file-5735015_exe
vt-upload-PZf47
Image_16_07_2013_8570028661.jpg.exe
vt-upload-ma6QE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!