× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4e25fd5596c14b3e9e8f3df6077e4f2cc47132ff43890e98cec9c80c56328f1a
File name: 10.exe
Detection ratio: 5 / 57
Analysis date: 2015-06-05 08:16:58 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Fortinet W32/Dridex.M!tr 20150605
Kaspersky UDS:DangerousObject.Multi.Generic 20150605
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20150605
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150604
Tencent Trojan.Win32.YY.Gen.2 20150605
Ad-Aware 20150605
AegisLab 20150605
Yandex 20150603
AhnLab-V3 20150605
Alibaba 20150605
ALYac 20150605
Antiy-AVL 20150605
Arcabit 20150605
Avast 20150605
AVG 20150605
Avira (no cloud) 20150605
AVware 20150604
Baidu-International 20150605
BitDefender 20150605
Bkav 20150605
ByteHero 20150605
CAT-QuickHeal 20150604
ClamAV 20150604
CMC 20150604
Comodo 20150605
Cyren 20150605
DrWeb 20150605
Emsisoft 20150605
ESET-NOD32 20150605
F-Prot 20150605
F-Secure 20150605
GData 20150605
Ikarus 20150605
Jiangmin 20150604
K7AntiVirus 20150605
K7GW 20150605
Kingsoft 20150605
Malwarebytes 20150605
McAfee 20150604
McAfee-GW-Edition 20150604
Microsoft 20150605
eScan 20150605
NANO-Antivirus 20150605
nProtect 20150604
Panda 20150604
Sophos AV 20150605
SUPERAntiSpyware 20150605
Symantec 20150605
TheHacker 20150604
TotalDefense 20150604
TrendMicro 20150605
TrendMicro-HouseCall 20150605
VBA32 20150604
VIPRE 20150605
ViRobot 20150605
Zillya 20150605
Zoner 20150603
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1996-2000, Pegasus Software, LLC

Product ImagXpress
Original name IMAGX5.DLL
Internal name ImagXpress
File version 5.00.007
Description ImagXpress Image Processing DLL
Comments http://www.pegasustools.com
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 18:12:16
Entry Point 0x00019050
Number of sections 12
PE sections
PE imports
LocalCompact
InterlockedExchangeAdd
CreateActCtxW
LocalAlloc
lstrcmpiA
FindNextFileW
CreateFileA
SetFileShortNameA
CloseHandle
FreeConsole
VerLanguageNameW
EnumSystemLanguageGroupsW
SetProcessAffinityMask
SetLocalTime
FlushViewOfFile
GetAtomNameW
SetWindowsHookExW
Number of PE resources by type
RT_CURSOR 35
RT_GROUP_CURSOR 34
RT_STRING 11
RT_BITMAP 4
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 86
PE resources
ExifTool file metadata
LegalTrademarks
ImagXpress

SubsystemVersion
4.1

Comments
http://www.pegasustools.com

LinkerVersion
8.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ImagXpress Image Processing DLL

CharacterSet
Unicode

InitializedDataSize
86016

EntryPoint
0x19050

OriginalFileName
IMAGX5.DLL

MIMEType
application/octet-stream

LegalCopyright
Copyright 1996-2000, Pegasus Software, LLC

FileVersion
5.00.007

TimeStamp
1970:01:01 19:12:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ImagXpress

ProductVersion
5.00.007

UninitializedDataSize
8192

OSVersion
4.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Pegasus Software, LLC

CodeSize
24576

ProductName
ImagXpress

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 4287dfb5e191d92f34ae50e190eee214
SHA1 82a134452a63583841d2b23d3fb2bc8202ae6ec4
SHA256 4e25fd5596c14b3e9e8f3df6077e4f2cc47132ff43890e98cec9c80c56328f1a
ssdeep
1536:S/HA/3M5J6iCUQcJgEpfrlOiGbvcnmYbuJceLyut7WuzQdb:R/cJ6iCUQCrl0LcncJAu81

authentihash ee65d3091e1d4ccf3591d3f09ef3685c012416f776b3dad767a0031d7f22378b
imphash 2b39603447bfbfcf0ef3e86fed4603f6
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-05 07:48:05 UTC ( 3 years, 1 month ago )
Last submission 2018-02-07 11:04:13 UTC ( 5 months, 1 week ago )
File names IMAGX5.DLL
10_exe
ITVYPFBC.EXE
ImagXpress
ridebos5.exe
10.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections