× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4e0a712b7d53889c742d9d6f2211ffc3b0c3097d42c9b367939511c06a522b11
File name: gdiplus
Detection ratio: 50 / 56
Analysis date: 2015-07-27 18:01:17 UTC ( 1 month ago )
Antivirus Result Update
ALYac Trojan.GenericKD.1118722 20150727
AVG BackDoor.Generic17.AFCS 20150727
AVware Trojan.Win32.Generic!BT 20150727
Ad-Aware Trojan.GenericKD.1118722 20150727
Agnitum Backdoor.Androm!/s23QO1FlW8 20150727
AhnLab-V3 HEUR/Fakedug 20150727
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20150727
Arcabit Trojan.Generic.D111202 20150727
Avast Win32:Malware-gen 20150727
Avira TR/Rogue.1118722 20150727
Baidu-International Backdoor.Win32.Androm.aehi 20150727
BitDefender Trojan.GenericKD.1118722 20150727
CAT-QuickHeal Backdoor.Kelihos.F 20150727
ClamAV Win.Trojan.Androm-85 20150727
Comodo TrojWare.Win32.Kryptik.ODNF 20150727
Cyren W32/Backdoor.UUEB-2237 20150727
DrWeb BackDoor.Tishop.55 20150727
ESET-NOD32 Win32/TrojanDownloader.Zurgop.AW 20150727
Emsisoft Trojan.GenericKD.1118722 (B) 20150727
F-Prot W32/Backdoor2.HSHV 20150727
F-Secure Trojan.GenericKD.1118722 20150727
Fortinet W32/Androm.AEHI!tr.bdr 20150727
GData Trojan.GenericKD.1118722 20150727
Ikarus Trojan-Spy.Zbot 20150727
K7AntiVirus Trojan ( 00403a7a1 ) 20150727
K7GW Trojan ( 00403a7a1 ) 20150727
Kaspersky Backdoor.Win32.Androm.aehi 20150727
Kingsoft Win32.Troj.Undef.(kcloud) 20150727
Malwarebytes Trojan.Downloader 20150727
McAfee Generic.pq 20150727
McAfee-GW-Edition Generic.pq 20150727
MicroWorld-eScan Trojan.GenericKD.1118722 20150727
Microsoft Trojan:Win32/Bulta!rfn 20150727
NANO-Antivirus Trojan.Win32.Androm.bxxgkg 20150727
Panda Trj/Agent.IVN 20150727
Qihoo-360 Trojan.Generic 20150727
Rising PE:Trojan.Win32.Generic.157EDAD6!360635094 20150722
Sophos Troj/Agent-ACPA 20150727
Symantec Trojan Horse 20150727
Tencent Win32.Backdoor.Androm.Lnof 20150727
TheHacker Trojan/Downloader.Zurgop.aw 20150727
TotalDefense Win32/Dofoil.MS 20150727
TrendMicro TROJ_DOFOIL.QC 20150727
TrendMicro-HouseCall TROJ_DOFOIL.QC 20150727
VBA32 BScope.Malware-Cryptor.Hlux 20150727
VIPRE Trojan.Win32.Generic!BT 20150727
ViRobot Backdoor.Win32.S.Androm.143360[h] 20150727
Zillya Backdoor.Androm.Win32.1412 20150727
Zoner Trojan.Zurgop.AW 20150727
nProtect Backdoor/W32.Androm.143360 20150727
AegisLab 20150727
Alibaba 20150727
Bkav 20150727
ByteHero 20150727
Jiangmin 20150726
SUPERAntiSpyware 20150727
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name gdiplus
Internal name gdiplus
File version 5.1.3097.0 (xpclient.010811-1534)
Description Microsoft GDI+
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-01-19 14:27:09
Link date 3:27 PM 1/19/2002
Entry Point 0x00003EB5
Number of sections 5
PE sections
PE imports
GetLastError
lstrlenA
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
lstrlenW
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
lstrcmpW
TerminateProcess
Sleep
GetCurrentThreadId
SetLastError
_amsg_exit
_acmdln
_ismbblead
__p__fmode
_unlock
_chdir
_adjust_fdiv
_lock
__p__commode
__dllonexit
_onexit
_exit
?terminate@@YAXXZ
exit
_XcptFilter
_cexit
__getmainargs
_initterm
_controlfp
__setusermatherr
__set_app_type
Number of PE resources by type
SIAMDB 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL DEFAULT 2
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.3097.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
106496

EntryPoint
0x3eb5

OriginalFileName
gdiplus

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.1.3097.0 (xpclient.010811-1534)

TimeStamp
2002:01:19 15:27:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
gdiplus

ProductVersion
5.1.3097.0

FileDescription
Microsoft GDI+

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
32768

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.3097.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 a5bdeaadb002e12a38c9d354097f9a9a
SHA1 65529d45b7b970b6e82519c5675cf4e77f1659e1
SHA256 4e0a712b7d53889c742d9d6f2211ffc3b0c3097d42c9b367939511c06a522b11
ssdeep
3072:notRG+koYxCmRfB0vw6PL2zHoytG5dHJZE5d8Na:n+A+kTxCmRfCJS8ytG5dHL+N

authentihash a64ce78f7fb8f7cf09d8edb4ee47490477bbd7cc02b1bf6d8ef8987e6c82d485
imphash 630600c9fa851b0e802988d1b97e43bd
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-17 09:17:59 UTC ( 2 years, 1 month ago )
Last submission 2015-06-12 11:14:00 UTC ( 2 months, 3 weeks ago )
File names vt-upload-jf_iD
_8570028661.jpg.exe_
006467721
malekal_a5bdeaadb002e12a38c9d354097f9a9a
37.exe
vt-upload-fEdI2
gdiplus
vti-rescan
vt-upload-K7_1L
Image 16_07_2013 _ 8570028661.jpg.exe
Image.exe
65529D45B7B970B6E82519C5675CF4E77F1659E1.exe
file-5735015_exe
vt-upload-PZf47
Image_16_07_2013_8570028661.jpg.exe
vt-upload-ma6QE
vt-upload-L4Mrb
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!