× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 55be2e231541eefe74c12c8745d8da26f0d638b0f7a1dd9345e99da7c2a406c0
File name: 55be2e231541eefe74c12c8745d8da26f0d638b0f7a1dd9345e99da7c2a406c0
Detection ratio: 36 / 64
Analysis date: 2017-06-29 17:18:50 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5118376 20170629
AegisLab Troj.W32.Generic!c 20170629
ALYac Trojan.GenericKD.5118376 20170629
Arcabit Trojan.Generic.D4E19A8 20170629
Avast Win32:Trojan-gen 20170629
AVG Win32:Trojan-gen 20170629
Avira (no cloud) TR/Agent.ejnsx 20170629
AVware Trojan.Win32.Generic!BT 20170629
BitDefender Trojan.GenericKD.5118376 20170629
Bkav W32.Clod9b9.Trojan.08c0 20170629
CAT-QuickHeal Trojan.Generic 20170629
Comodo UnclassifiedMalware 20170629
CrowdStrike Falcon (ML) malicious_confidence_81% (D) 20170420
Cyren W32/Trojan.JEVC-2885 20170629
Emsisoft Trojan.GenericKD.5118376 (B) 20170629
F-Secure Trojan.GenericKD.5118376 20170629
Fortinet W32/Generic!tr 20170629
GData Trojan.GenericKD.5118376 20170629
Sophos ML heuristic 20170607
Kaspersky HEUR:Trojan.Win32.Generic 20170629
McAfee RDN/Generic.grp 20170629
McAfee-GW-Edition RDN/Generic.grp 20170629
eScan Trojan.GenericKD.5118376 20170629
NANO-Antivirus Trojan.Win32.Agent.eqezhd 20170629
Panda Trj/CI.A 20170629
Qihoo-360 Win32/Trojan.80e 20170629
Rising Trojan.Generic!8.C3 (cloud:U0REmT71HgQ) 20170629
SentinelOne (Static ML) static engine - malicious 20170516
Symantec Trojan.Gen.2 20170629
Tencent Win32.Trojan.Generic.Lmkf 20170629
TrendMicro TROJ_GEN.R031C0WEN17 20170629
TrendMicro-HouseCall TROJ_GEN.R031C0WEN17 20170629
VIPRE Trojan.Win32.Generic!BT 20170629
Webroot W32.Trojan.GenKD 20170629
Yandex Trojan.Agent!thZXabbvEgw 20170628
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170629
AhnLab-V3 20170629
Alibaba 20170629
Antiy-AVL 20170629
Baidu 20170629
ClamAV 20170629
CMC 20170629
DrWeb 20170629
Endgame 20170629
ESET-NOD32 20170629
F-Prot 20170629
Ikarus 20170629
Jiangmin 20170628
K7AntiVirus 20170629
K7GW 20170629
Kingsoft 20170629
Malwarebytes 20170629
Microsoft 20170629
nProtect 20170629
Palo Alto Networks (Known Signatures) 20170629
Sophos AV 20170629
SUPERAntiSpyware 20170629
Symantec Mobile Insight 20170629
TheHacker 20170628
TotalDefense 20170629
Trustlook 20170629
VBA32 20170629
ViRobot 20170629
WhiteArmor 20170627
Zillya 20170628
Zoner 20170629
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-01 08:08:28
Entry Point 0x000108AF
Number of sections 4
PE sections
Overlays
MD5 a32f68dc7bfef75ec9824bb753e4110b
File type application/zip
Offset 528896
Size 16611
Entropy 7.79
PE imports
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
InitCommonControlsEx
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetFullPathNameW
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetProcAddress
CreateFileMappingW
CompareStringW
WriteFile
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
HeapCreate
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
UnmapViewOfFile
FindResourceW
VirtualFree
Sleep
VirtualAlloc
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
IsWindow
GetWindowTextW
GetMessageW
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
MessageBoxW
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
GetWindowLongW
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
OemToCharBuffA
DispatchMessageW
GetClassNameW
PeekMessageW
OemToCharA
CopyRect
WaitForInputIdle
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
EnableWindow
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
Number of PE resources by type
RT_STRING 9
RT_DIALOG 6
RT_ICON 5
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
NEUTRAL DEFAULT 7
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:12:01 00:08:28-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
100352

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x108af

InitializedDataSize
427520

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 a67104e49013709d2deae838f60f0926
SHA1 8e8d28a6e7f85a2ac87be9711906f447b67f3ba9
SHA256 55be2e231541eefe74c12c8745d8da26f0d638b0f7a1dd9345e99da7c2a406c0
ssdeep
3072:sbHZEXb+0peSIfznvO4O+lupkO2PZ5kyZeIc01d1:wHZL/SIftEpkO2PdVV1d1

authentihash eaebba2fe1d3d01e11de1c8791cc5b43d3980e03f26a7df5f7bf7714e4c6bafd
imphash cb23e26cc45ed9aa58fdce155e7da31a
File size 532.7 KB ( 545507 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (4.x-5.x) (91.4%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win64 Executable (generic) (3.0%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-05-20 16:10:16 UTC ( 1 year, 11 months ago )
Last submission 2017-06-29 17:18:50 UTC ( 1 year, 9 months ago )
File names ARM_AmbiqMicro_8.11.1_13272.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs