× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5533fd0649815472f3fe817273338311660cfb7ea68f9a478fc03f54198d3e86
File name: GifCam.exe
Detection ratio: 29 / 46
Analysis date: 2013-08-30 11:52:34 UTC ( 7 months, 2 weeks ago )
Antivirus Result Update
AVG BackDoor.Generic17.NDS 20130830
Agnitum Backdoor.DarkKomet!YsD5TWo9Soc 20130829
AntiVir BDS/DarkKomet.angc 20130830
Antiy-AVL Backdoor/Win32.DarkKomet 20130830
Avast MSIL:Agent-AKX [Trj] 20130830
BitDefender Trojan.GenericKDV.1022003 20130830
Commtouch W32/Backdoor.UEVL-8578 20130830
Comodo UnclassifiedMalware 20130830
ESET-NOD32 a variant of MSIL/Injector.BRX 20130830
Emsisoft Trojan.GenericKDV.1022003 (B) 20130830
F-Secure Trojan.GenericKDV.1022003 20130830
Fortinet W32/DarkKomet.ANGC!tr.bdr 20130830
GData Trojan.GenericKDV.1022003 20130830
Ikarus Backdoor.Win32.DarkKomet 20130830
Jiangmin Backdoor/DarkKomet.gke 20130830
Kaspersky Backdoor.Win32.DarkKomet.angc 20130830
McAfee Artemis!D3F379DFF3AD 20130830
McAfee-GW-Edition Artemis!D3F379DFF3AD 20130829
MicroWorld-eScan Trojan.GenericKDV.1022003 20130830
Microsoft Backdoor:Win32/Fynloski.A 20130830
Norman Suspicious_Gen5.ZWVG 20130830
Panda Generic Malware 20130830
Sophos Mal/Generic-S 20130830
Symantec WS.Reputation.1 20130830
TheHacker Trojan/Generic.bko 20130830
TrendMicro TROJ_GEN.R03AC0DFD13 20130830
TrendMicro-HouseCall TROJ_GEN.R03AC0DFD13 20130830
VBA32 Backdoor.DarkKomet 20130829
VIPRE Trojan.Win32.Generic!BT 20130830
AhnLab-V3 20130830
ByteHero 20130825
CAT-QuickHeal 20130830
ClamAV 20130830
DrWeb 20130830
F-Prot 20130830
K7AntiVirus 20130830
K7GW 20130830
Kingsoft 20130829
Malwarebytes 20130830
NANO-Antivirus 20130830
PCTools 20130830
Rising 20130830
SUPERAntiSpyware 20130830
TotalDefense 20130829
ViRobot 20130830
nProtect 20130830
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher BahraniApps
Version 1.1.0.0
File version 1.1.0.0
Description GifCam
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-28 14:17:16
Entry Point 0x0020411E
Number of sections 3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
20480

ImageVersion
0.0

FileVersionNumber
1.1.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
8.0

MIMEType
application/octet-stream

FileVersion
1.1.0.0

TimeStamp
2013:05:28 15:17:16+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.1.0.0

FileDescription
GifCam

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BahraniApps

CodeSize
2109440

FileSubtype
0

ProductVersionNumber
1.1.0.0

EntryPoint
0x20411e

ObjectFileType
Executable application

File identification
MD5 d3f379dff3ad9f1a3a88bb1c86c8ddbb
SHA1 229a7a79ef507faff8f6766fd379621de4b2d8d7
SHA256 5533fd0649815472f3fe817273338311660cfb7ea68f9a478fc03f54198d3e86
ssdeep
49152:q0ihWOR+pIrETvZELrYMkFEIDFFjCWgB:q0i0vOKvZELJfIDLCXB

File size 2.0 MB ( 2134016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
Win16/32 Executable Delphi generic (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2013-06-02 04:28:04 UTC ( 10 months, 2 weeks ago )
Last submission 2013-06-25 10:12:46 UTC ( 9 months, 3 weeks ago )
File names GifCam.exe
file-5549737_exe
extrctr.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!