× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4f07b95fbd0667c44beea1b252bade625d1e7848449c1f17494a861a7be66253
File name: .
Detection ratio: 8 / 70
Analysis date: 2019-01-20 17:42:19 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Acronis suspicious 20190119
Cylance Unsafe 20190120
ESET-NOD32 a variant of Win32/Kryptik.GOTR 20190120
Sophos ML heuristic 20181128
Panda Trj/GdSda.A 20190120
Rising Trojan.Kryptik!8.8 (RDM+:cmRtazp/m+UKOI2cAzzdHRQZhdmJ) 20190120
Trapmine suspicious.low.ml.score 20190103
Webroot W32.Trojan.Gen 20190120
Ad-Aware 20190120
AegisLab 20190120
AhnLab-V3 20190120
Alibaba 20180921
ALYac 20190120
Antiy-AVL 20190120
Arcabit 20190120
Avast 20190120
Avast-Mobile 20190118
AVG 20190120
Avira (no cloud) 20190120
Babable 20180918
Baidu 20190118
BitDefender 20190120
Bkav 20190119
CAT-QuickHeal 20190120
ClamAV 20190120
CMC 20190120
Comodo 20190120
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190120
DrWeb 20190120
eGambit 20190120
Emsisoft 20190120
Endgame 20181108
F-Prot 20190120
F-Secure 20190120
Fortinet 20190120
GData 20190120
Ikarus 20190120
Jiangmin 20190120
K7AntiVirus 20190120
K7GW 20190120
Kaspersky 20190120
Kingsoft 20190120
Malwarebytes 20190120
MAX 20190120
McAfee 20190120
McAfee-GW-Edition 20190120
Microsoft 20190120
eScan 20190120
NANO-Antivirus 20190120
Palo Alto Networks (Known Signatures) 20190120
Qihoo-360 20190120
SentinelOne (Static ML) 20190118
Sophos AV 20190120
SUPERAntiSpyware 20190116
Symantec 20190119
TACHYON 20190120
Tencent 20190120
TheHacker 20190118
TotalDefense 20190120
TrendMicro 20190120
TrendMicro-HouseCall 20190120
Trustlook 20190120
VBA32 20190118
ViRobot 20190120
Yandex 20190118
Zillya 20190118
ZoneAlarm by Check Point 20190120
Zoner 20190120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2016 Mothersilver Agreerope

Product Sigma Software Walk Danceplay
Original name Danceplay.exe
Internal name Sigma Software WalkLotdraw Suffixbegan
File version 14.5.16.81
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-16 12:23:16
Entry Point 0x000028B7
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetLocalTime
GetStdHandle
HeapAlloc
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
UnhandledExceptionFilter
GetModuleHandleW
GetCPInfo
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
VirtualProtectEx
GetProcessHeap
SetStdHandle
RaiseException
WideCharToMultiByte
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetCurrentThreadId
TerminateProcess
CreateEventW
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
TlsGetValue
Sleep
SetLastError
TlsSetValue
EncodePointer
GetVersion
WriteConsoleW
LeaveCriticalSection
SetForegroundWindow
Number of PE resources by type
RT_ICON 5
RT_STRING 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
473088

ImageVersion
0.0

ProductName
Sigma Software Walk Danceplay

FileVersionNumber
14.5.16.81

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
12.0

FileTypeExtension
exe

OriginalFileName
Danceplay.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
14.5.16.81

TimeStamp
2015:01:16 13:23:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sigma Software WalkLotdraw Suffixbegan

ProductVersion
14.5.16.81

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Win32

LegalCopyright
Copyright 2016 Mothersilver Agreerope

MachineType
Intel 386 or later, and compatibles

CompanyName
Sigma Software Walk

CodeSize
143360

FileSubtype
0

ProductVersionNumber
14.5.16.81

EntryPoint
0x28b7

ObjectFileType
Executable application

Execution parents
File identification
MD5 8e598270f21e78cb727377733a81a7af
SHA1 60f7f0513680dc1d76195aac55d2cd24a85c4348
SHA256 4f07b95fbd0667c44beea1b252bade625d1e7848449c1f17494a861a7be66253
ssdeep
6144:5og1cxFsaUVb5PJuynijx4jiZZEjiETM1dSSE66fnk/Z84VYYBnqSQq6k:5og1c0aUFZJBij64Wi//peiRnYq

authentihash bac69163649beaa7854f7b6e219c9ca4148f568429499e4151a8ee66b7e99eb3
imphash 824a2677c29e9f9448a33d3f8b2f91ab
File size 520.0 KB ( 532480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-20 17:42:19 UTC ( 1 month, 3 weeks ago )
Last submission 2019-01-20 17:42:19 UTC ( 1 month, 3 weeks ago )
File names Sigma Software WalkLotdraw Suffixbegan
.
Danceplay.exe
renpd.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!