× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4e5fa43aa2f95edc99656d9187946e5cf5874b3b4a63b895a0de1f5e61272560
File name: 76j5h4g.exe
Detection ratio: 1 / 54
Analysis date: 2015-11-23 11:02:22 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20151123
Ad-Aware 20151123
AegisLab 20151123
Yandex 20151122
AhnLab-V3 20151122
Alibaba 20151123
ALYac 20151123
Antiy-AVL 20151123
Arcabit 20151123
Avast 20151123
AVG 20151123
AVware 20151123
Baidu-International 20151122
BitDefender 20151123
Bkav 20151121
ByteHero 20151123
CAT-QuickHeal 20151123
ClamAV 20151123
CMC 20151118
Comodo 20151123
Cyren 20151123
DrWeb 20151123
Emsisoft 20151123
ESET-NOD32 20151123
F-Prot 20151123
F-Secure 20151123
Fortinet 20151123
GData 20151123
Ikarus 20151123
Jiangmin 20151122
K7AntiVirus 20151123
K7GW 20151123
Malwarebytes 20151123
McAfee 20151123
McAfee-GW-Edition 20151123
Microsoft 20151123
eScan 20151123
NANO-Antivirus 20151123
nProtect 20151120
Panda 20151122
Qihoo-360 20151123
Rising 20151122
Sophos AV 20151123
SUPERAntiSpyware 20151123
Symantec 20151122
Tencent 20151123
TheHacker 20151121
TrendMicro 20151123
TrendMicro-HouseCall 20151123
VBA32 20151120
VIPRE 20151123
ViRobot 20151123
Zillya 20151123
Zoner 20151123
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-23 09:49:17
Entry Point 0x0000547A
Number of sections 4
PE sections
PE imports
LookupPrivilegeValueA
OpenProcessToken
AVIStreamWrite
AVIFileOpenA
AVIFileInit
AVIStreamSetFormat
AVIFileExit
AVIStreamRelease
AVIFileRelease
ChooseColorA
LineTo
Polygon
DeleteDC
SelectObject
MoveToEx
CreatePen
Pie
Ellipse
CreateFontIndirectA
GetPixel
CreateSolidBrush
GetDIBits
BitBlt
Polyline
RoundRect
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
Rectangle
ImmAssociateContext
ImmGetConversionStatus
ImmGetContext
GetTcpTable
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GlobalUnlock
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetFileType
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
lstrcatA
GetModuleHandleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
WaitForMultipleObjects
LeaveCriticalSection
GetStringTypeA
GetProcessHeap
SetLocalTime
SetStdHandle
GetModuleHandleA
HeapAlloc
RaiseException
WideCharToMultiByte
TlsFree
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
lstrcpyA
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GlobalLock
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
ExitProcess
SetEvent
TerminateProcess
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
WriteFile
GlobalAlloc
VirtualFree
TlsGetValue
Sleep
WriteConsoleW
SetEndOfFile
TlsSetValue
CreateFileA
SetThreadPriority
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
CompareStringA
ICClose
ICOpen
ICSendMessage
ICGetInfo
ICCompressorChoose
ICCompressorFree
Ord(31)
Ord(9)
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
PathFileExistsW
PathIsRelativeW
EmptyClipboard
GetForegroundWindow
GetParent
UpdateWindow
BeginPaint
GetMessageW
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
GetClipboardData
BeginDeferWindowPos
IsWindow
GetWindowRect
InflateRect
EndPaint
MessageBoxA
TranslateMessage
GetWindow
GetSysColor
GetDC
ReleaseDC
SetWindowTextA
wsprintfA
SetClipboardData
SendMessageA
GetClientRect
InvalidateRect
GetWindowLongA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
OpenClipboard
GetDesktopWindow
DispatchMessageW
CloseClipboard
InvalidateRgn
ModifyMenuA
DestroyWindow
InternetSetOptionA
mciSendCommandA
mciGetErrorStringA
WTSQuerySessionInformationA
GdipCloneBrush
GdipFillPath
GdipAddPathArc
GdipCreatePen1
GdipAddPathLine
GdipClosePathFigure
GdipCreatePath
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusStartup
GdipCreateSolidFill
GdipCreateFromHDC
GdipDeletePath
GdipDrawPath
GdipSetPathFillMode
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
OleInitialize
ReleaseStgMedium
CoMarshalInterThreadInterfaceInStream
GetHGlobalFromStream
OleGetClipboard
OleIsCurrentClipboard
OleSetClipboard
CoMarshalInterface
SnmpUtilOidCpy
SnmpUtilOidFree
Number of PE resources by type
RT_HTML 11
RT_DIALOG 10
RT_ICON 6
RT_MANIFEST 1
RT_BITMAP 1
PNG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 31
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:11:23 10:49:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
105472

LinkerVersion
9.0

EntryPoint
0x547a

InitializedDataSize
181760

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 127f12a789c145ed05be36961376999e
SHA1 247abf65042ba54ff71e0d9fbef2cd1c9ff66624
SHA256 4e5fa43aa2f95edc99656d9187946e5cf5874b3b4a63b895a0de1f5e61272560
ssdeep
3072:tFRpsPxth4a7EJD8uHl0f1wK+ggsepv5UHzlYC9D0D5v5Mr6SZ9EvQ630Mu:jzspv4a7Eh5lLD31ezKC9DM5K1gR4

authentihash bdffc99750ffce1db03edcd4d9c0d47808c68c216395613b0ea76fe6580f3451
imphash e2071f974f2d54ead7196c20176f6d6a
File size 281.5 KB ( 288256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-23 10:11:10 UTC ( 3 years, 6 months ago )
Last submission 2016-12-16 10:16:58 UTC ( 2 years, 5 months ago )
File names 76j5h4g[1].exe.3880.dr
www.t-tosen.com_u654g_76j5h4g.exe
76j5h4g_exe
4e5fa43aa2f95edc99656d9187946e5cf5874b3b4a63b895a0de1f5e61272560_4e5fa43aa2f95edc_fracmo.exe
76j5h4g.exe
127f12a789c145ed05be36961376999e.exe
4e5fa43aa2f95edc99656d9187946e5cf5874b3b4a63b895a0de1f5e61272560.bin
Unconfirmed 491041.crdownload
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections