× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 54c6accb76589a59ee6efe8530504eb35737b44689f18520dd666379c7b6c945
File name: sai-1.2.5-ful-en.exe
Detection ratio: 0 / 68
Analysis date: 2018-01-11 16:41:02 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20180111
AegisLab 20180111
AhnLab-V3 20180111
Alibaba 20180111
ALYac 20180111
Antiy-AVL 20180111
Arcabit 20180111
Avast 20180111
Avast-Mobile 20180111
AVG 20180111
Avira (no cloud) 20180111
AVware 20180103
Baidu 20180111
BitDefender 20180111
Bkav 20180111
CAT-QuickHeal 20180111
ClamAV 20180111
CMC 20180111
Comodo 20180111
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180111
Cyren 20180111
DrWeb 20180111
eGambit 20180111
Emsisoft 20180111
Endgame 20171130
ESET-NOD32 20180111
F-Prot 20180111
F-Secure 20180111
Fortinet 20180111
GData 20180111
Ikarus 20180111
Sophos ML 20170914
Jiangmin 20180111
K7AntiVirus 20180111
K7GW 20180111
Kaspersky 20180111
Kingsoft 20180111
Malwarebytes 20180111
MAX 20180111
McAfee 20180110
McAfee-GW-Edition 20180111
Microsoft 20180111
eScan 20180111
NANO-Antivirus 20180111
nProtect 20180111
Palo Alto Networks (Known Signatures) 20180111
Panda 20180111
Qihoo-360 20180111
Rising 20180111
SentinelOne (Static ML) 20171224
Sophos AV 20180111
SUPERAntiSpyware 20180111
Symantec 20180111
Symantec Mobile Insight 20180111
Tencent 20180111
TheHacker 20180108
TotalDefense 20180111
TrendMicro 20180111
TrendMicro-HouseCall 20180111
Trustlook 20180111
VBA32 20180111
VIPRE 20180111
ViRobot 20180111
Webroot 20180111
WhiteArmor 20180110
Yandex 20180111
Zillya 20180111
ZoneAlarm by Check Point 20180111
Zoner 20180111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT appended, Unicode, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-15 13:05:21
Entry Point 0x000046D6
Number of sections 4
PE sections
Overlays
MD5 b7b0c66def3132e5846dd86e83042051
File type application/zip
Offset 65536
Size 2405035
Entropy 8.00
PE imports
GetTokenInformation
RegCloseKey
OpenProcessToken
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
EqualSid
RegOpenKeyExA
MakeSureDirectoryPathExists
GetLastError
GetStartupInfoA
EnterCriticalSection
CloseHandle
GetCurrentProcess
GetModuleHandleA
GetFileAttributesA
CreateMutexA
WaitForSingleObject
GlobalFree
GetWindowsDirectoryA
WriteFile
DeleteCriticalSection
MultiByteToWideChar
FormatMessageA
CreateFileA
GetVersionExA
GetModuleFileNameA
GlobalAlloc
InitializeCriticalSection
LeaveCriticalSection
__p__fmode
malloc
_ftol
_mbsnextc
fread
fclose
_stricmp
strncat
fprintf
fopen
strncpy
_except_handler3
fwrite
fseek
ftell
exit
_XcptFilter
_snprintf
__setusermatherr
__p__commode
_acmdln
_adjust_fdiv
free
_mbsinc
atoi
_splitpath
__getmainargs
calloc
_controlfp
_vsnprintf
_makepath
_beginthreadex
_initterm
_exit
__set_app_type
SHChangeNotify
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderPathA
PathRemoveBackslashA
SHDeleteKeyA
SHSetValueA
SHDeleteValueA
PathAddBackslashA
GetWindowLongA
RemovePropA
SetWindowTextA
EnableWindow
RedrawWindow
SetPropA
IsDlgButtonChecked
EndDialog
SetDlgItemTextA
PostMessageA
MessageBoxA
GetDlgItemTextA
SendMessageA
LoadImageA
GetDlgItem
SetWindowLongA
PostQuitMessage
DialogBoxParamA
GetPropA
CheckDlgButton
SendDlgItemMessageA
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_DIALOG 1
RT_MANIFEST 1
Number of PE resources by language
JAPANESE DEFAULT 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:08:15 14:05:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

EntryPoint
0x46d6

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 849b1bbded4eeb0efb84c13d210f3716
SHA1 621499d5c874f7dad392d48701e01c28f17c1963
SHA256 54c6accb76589a59ee6efe8530504eb35737b44689f18520dd666379c7b6c945
ssdeep
49152:ojjTsTbjGovc8vvG0jU1TAcP+WojvOS4SDew1LUSbHH3l8SbHH37dCCNcpxfzhEb:ojjT6Gok8vXjU1TASoz74SDfgq3eq3WK

authentihash c1fdac7f6eadd6dedf85b4edb3e593ee423d1fb57552d331a6431db40f6677b0
imphash 608cf01940f01c9722c73923488f9a07
File size 2.4 MB ( 2470571 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-04-25 05:25:14 UTC ( 2 years, 1 month ago )
Last submission 2018-05-16 13:57:41 UTC ( 1 month ago )
File names sai-1.2.5-ful-en.exe
sai-1.2.5-ful-en.exe
sai-1.2.5-ful-en.exe
painttoolsai.exe
painttool-sai_1.2.5.exe
prsetup.exe
sai-1.2.5-ful-en.exe
sai-1.2.5-ful-en (1).exe
54c6accb76589a59ee6efe8530504eb35737b44689f18520dd666379c7b6c945
a.exe
output.98387943.txt
sai-1.2.5-ful-en.exe
sai-1.2.5-ful-en.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications