× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 50fe6e57511650b3adccab819cce973c14fa53cd1764116431908eb04ae27687
File name: 50FE6E57511650B3ADCCAB819CCE973C14FA53CD1764116431908EB04AE27687
Detection ratio: 13 / 67
Analysis date: 2017-12-09 03:05:11 UTC ( 1 year ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9994 20171208
Comodo Heur.Packed.Unknown 20171209
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
eGambit Unsafe.AI_Score_100% 20171209
Endgame malicious (high confidence) 20171130
Fortinet W32/GenKryptik.AVMQ!tr 20171209
Sophos ML heuristic 20170914
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20171209
Palo Alto Networks (Known Signatures) generic.ml 20171209
Qihoo-360 HEUR/QVM20.1.B769.Malware.Gen 20171209
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/EncPk-ANR 20171209
Tencent Suspicious.Heuristic.Gen.b.0 20171209
Ad-Aware 20171209
AegisLab 20171209
AhnLab-V3 20171208
Alibaba 20171208
ALYac 20171208
Antiy-AVL 20171209
Arcabit 20171209
Avast 20171209
Avast-Mobile 20171208
AVG 20171209
Avira (no cloud) 20171209
AVware 20171209
BitDefender 20171209
Bkav 20171208
CAT-QuickHeal 20171208
ClamAV 20171208
CMC 20171208
Cybereason 20171103
Cyren 20171209
DrWeb 20171209
Emsisoft 20171209
ESET-NOD32 20171209
F-Prot 20171209
F-Secure 20171209
GData 20171209
Ikarus 20171208
Jiangmin 20171209
K7AntiVirus 20171208
K7GW 20171209
Kaspersky 20171209
Kingsoft 20171209
Malwarebytes 20171209
MAX 20171209
McAfee 20171209
Microsoft 20171209
eScan 20171209
NANO-Antivirus 20171209
nProtect 20171209
Panda 20171208
Rising 20171209
SUPERAntiSpyware 20171209
Symantec 20171208
Symantec Mobile Insight 20171207
TheHacker 20171205
TotalDefense 20171208
TrendMicro 20171209
TrendMicro-HouseCall 20171209
Trustlook 20171209
VBA32 20171208
VIPRE 20171209
ViRobot 20171208
Webroot 20171209
WhiteArmor 20171204
Yandex 20171208
Zillya 20171207
ZoneAlarm by Check Point 20171209
Zoner 20171209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating S
Original name write
Internal name PIFM
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Write
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-09 11:40:40
Entry Point 0x00001AF0
Number of sections 8
PE sections
PE imports
RegCloseKey
RegSetValueExW
CertFindRDNAttr
CreateScalableFontResourceA
CreateRectRgn
SetEvent
GetEnvironmentStrings
GetCurrentProcessId
GetConsoleWindow
WTSGetActiveConsoleSessionId
EnumResourceNamesA
CreateSymbolicLinkA
GetProcessHeap
FlsFree
GetCurrentThreadId
GetNumaNodeProcessorMask
MprAdminServerConnect
DrawDibEnd
DrawDibStart
NdrConformantArrayMarshall
CM_Open_DevNode_Key
CM_Set_DevNode_Registry_PropertyW
SetWindowLongW
GetSystemMenu
CharUpperW
DefFrameProcW
GetFileVersionInfoSizeA
WSASetLastError
inet_addr
OpenColorProfileW
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Write

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
102912

EntryPoint
0x1af0

OriginalFileName
write

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2017:12:09 12:40:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PIFM

ProductVersion
6.1.7600.16385

SubsystemVersion
5.1

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporatio

CodeSize
4294967295

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b2d7f4719e8ea308a121ebe6d257947c
SHA1 4df38fd282b156148f5bd34a125cc48679a36bc5
SHA256 50fe6e57511650b3adccab819cce973c14fa53cd1764116431908eb04ae27687
ssdeep
3072:ZRKj3/izVwQvM3KiHhCmt2zBw6RkI+I7b:ZRO3/izLjmtmBw6B

authentihash c5a3c728116d9e66687faa70397be80b22b7064fafd41121699c8d1391d50328
imphash 493d339781dd899867114a8525ecd660
File size 116.5 KB ( 119296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-09 03:05:11 UTC ( 1 year ago )
Last submission 2018-05-26 17:55:20 UTC ( 6 months, 3 weeks ago )
File names 3271.exe
29114264.exe
25313176.exe
0327.exe
PIFM
25318456.exe
write
25314936.exe
25320216.exe
25316696.exe
9995.exe
25321976.exe
7627.exe
50FE6E57511650B3ADCCAB819CCE973C14FA53CD1764116431908EB04AE27687
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications