× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4e0a712b7d53889c742d9d6f2211ffc3b0c3097d42c9b367939511c06a522b11
File name: 006467721
Detection ratio: 48 / 57
Analysis date: 2015-06-12 11:14:00 UTC ( 3 weeks, 4 days ago )
Antivirus Result Update
ALYac Trojan.GenericKD.1118722 20150612
AVG BackDoor.Generic17.AFCS 20150612
AVware Trojan.Win32.Generic!BT 20150612
Ad-Aware Trojan.GenericKD.1118722 20150612
Agnitum Backdoor.Androm!/s23QO1FlW8 20150611
AhnLab-V3 HEUR/Fakedug 20150612
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20150612
Arcabit Trojan.Generic.D111202 20150612
Avast Win32:Malware-gen 20150612
Avira TR/Rogue.1118722 20150612
Baidu-International Backdoor.Win32.Androm.aehi 20150612
BitDefender Trojan.GenericKD.1118722 20150612
CAT-QuickHeal Backdoor.Kelihos.F 20150612
ClamAV Win.Trojan.Androm-85 20150611
Comodo TrojWare.Win32.Kryptik.ODNF 20150612
Cyren W32/Backdoor.UUEB-2237 20150612
DrWeb BackDoor.Tishop.55 20150612
ESET-NOD32 Win32/TrojanDownloader.Zurgop.AW 20150612
Emsisoft Trojan.GenericKD.1118722 (B) 20150612
F-Prot W32/Backdoor2.HSHV 20150612
Fortinet W32/Androm.AEHI!tr.bdr 20150612
GData Trojan.GenericKD.1118722 20150612
Ikarus Trojan-Spy.Zbot 20150612
K7AntiVirus Trojan ( 00403a7a1 ) 20150612
K7GW Trojan ( 00403a7a1 ) 20150612
Kaspersky Backdoor.Win32.Androm.aehi 20150612
Malwarebytes Trojan.Downloader 20150612
McAfee Generic.pq 20150612
McAfee-GW-Edition Generic.pq 20150612
MicroWorld-eScan Trojan.GenericKD.1118722 20150612
Microsoft TrojanDownloader:Win32/Dofoil.R 20150612
NANO-Antivirus Trojan.Win32.Androm.bxxgkg 20150612
Panda Trj/Agent.IVN 20150612
Qihoo-360 Trojan.Generic 20150612
Rising PE:Trojan.Win32.Generic.157EDAD6!360635094 20150612
Sophos Troj/Agent-ACPA 20150612
Symantec Trojan Horse 20150612
Tencent Win32.Backdoor.Androm.Lnof 20150612
TheHacker Trojan/Downloader.Zurgop.aw 20150611
TotalDefense Win32/Dofoil.MS 20150612
TrendMicro TROJ_DOFOIL.QC 20150612
TrendMicro-HouseCall TROJ_DOFOIL.QC 20150612
VBA32 BScope.Malware-Cryptor.Hlux 20150612
VIPRE Trojan.Win32.Generic!BT 20150612
ViRobot Backdoor.Win32.S.Androm.143360[h] 20150612
Zillya Backdoor.Androm.Win32.1412 20150611
Zoner Trojan.Zurgop.AW 20150612
nProtect Backdoor/W32.Androm.143360 20150612
AegisLab 20150612
Alibaba 20150611
Bkav 20150611
ByteHero 20150612
CMC 20150610
F-Secure 20150612
Jiangmin 20150610
Kingsoft 20150612
SUPERAntiSpyware 20150612
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name gdiplus
Internal name gdiplus
File version 5.1.3097.0 (xpclient.010811-1534)
Description Microsoft GDI+
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-01-19 14:27:09
Link date 3:27 PM 1/19/2002
Entry Point 0x00003EB5
Number of sections 5
PE sections
PE imports
GetLastError
lstrlenA
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
lstrlenW
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
lstrcmpW
TerminateProcess
Sleep
GetCurrentThreadId
SetLastError
_amsg_exit
_acmdln
_ismbblead
__p__fmode
_unlock
_chdir
_adjust_fdiv
_lock
__p__commode
__dllonexit
_onexit
_exit
?terminate@@YAXXZ
exit
_XcptFilter
_cexit
__getmainargs
_initterm
_controlfp
__setusermatherr
__set_app_type
Number of PE resources by type
SIAMDB 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL DEFAULT 2
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.3097.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
106496

EntryPoint
0x3eb5

OriginalFileName
gdiplus

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.1.3097.0 (xpclient.010811-1534)

TimeStamp
2002:01:19 15:27:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
gdiplus

ProductVersion
5.1.3097.0

FileDescription
Microsoft GDI+

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
32768

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.1.3097.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 a5bdeaadb002e12a38c9d354097f9a9a
SHA1 65529d45b7b970b6e82519c5675cf4e77f1659e1
SHA256 4e0a712b7d53889c742d9d6f2211ffc3b0c3097d42c9b367939511c06a522b11
ssdeep
3072:notRG+koYxCmRfB0vw6PL2zHoytG5dHJZE5d8Na:n+A+kTxCmRfCJS8ytG5dHL+N

authentihash a64ce78f7fb8f7cf09d8edb4ee47490477bbd7cc02b1bf6d8ef8987e6c82d485
imphash 630600c9fa851b0e802988d1b97e43bd
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-17 09:17:59 UTC ( 1 year, 11 months ago )
Last submission 2015-06-12 11:14:00 UTC ( 3 weeks, 4 days ago )
File names vt-upload-jf_iD
_8570028661.jpg.exe_
006467721
malekal_a5bdeaadb002e12a38c9d354097f9a9a
37.exe
vt-upload-fEdI2
gdiplus
vti-rescan
vt-upload-K7_1L
Image 16_07_2013 _ 8570028661.jpg.exe
Image.exe
65529D45B7B970B6E82519C5675CF4E77F1659E1.exe
file-5735015_exe
vt-upload-PZf47
Image_16_07_2013_8570028661.jpg.exe
vt-upload-ma6QE
vt-upload-L4Mrb
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!