× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57f3dccc3a8b2f7022dcf4606e1c9dd3feb42fc6bc6213f30476b6c5a86f10e7
File name: BioniX Wallpaper Setup.exe
Detection ratio: 2 / 68
Analysis date: 2019-04-11 22:46:19 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
CAT-QuickHeal Pua.Snojan 20190411
Trapmine suspicious.low.ml.score 20190325
Acronis 20190409
Ad-Aware 20190411
AegisLab 20190411
AhnLab-V3 20190411
Alibaba 20190402
ALYac 20190411
Antiy-AVL 20190411
Arcabit 20190411
Avast 20190411
Avast-Mobile 20190411
AVG 20190411
Avira (no cloud) 20190411
Babable 20180918
Baidu 20190318
BitDefender 20190411
Bkav 20190410
ClamAV 20190411
CMC 20190321
Comodo 20190411
CrowdStrike Falcon (ML) 20190212
Cybereason 20190403
Cyren 20190411
DrWeb 20190411
eGambit 20190411
Emsisoft 20190411
Endgame 20190403
ESET-NOD32 20190411
F-Prot 20190411
F-Secure 20190411
FireEye 20190411
Fortinet 20190411
GData 20190411
Sophos ML 20190313
Jiangmin 20190411
K7AntiVirus 20190411
K7GW 20190411
Kaspersky 20190411
Kingsoft 20190411
Malwarebytes 20190411
MAX 20190411
McAfee 20190411
McAfee-GW-Edition 20190411
Microsoft 20190411
eScan 20190411
NANO-Antivirus 20190411
Palo Alto Networks (Known Signatures) 20190411
Panda 20190411
Qihoo-360 20190411
Rising 20190411
SentinelOne (Static ML) 20190407
Sophos AV 20190411
SUPERAntiSpyware 20190410
Symantec 20190411
Symantec Mobile Insight 20190410
TACHYON 20190411
Tencent 20190411
TheHacker 20190411
TotalDefense 20190412
Trustlook 20190411
VBA32 20190411
VIPRE 20190409
ViRobot 20190411
Webroot 20190411
Yandex 20190411
Zillya 20190412
ZoneAlarm by Check Point 20190411
Zoner 20190411
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT RAR, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-09-16 14:17:44
Entry Point 0x00001000
Number of sections 4
PE sections
Overlays
MD5 645ca8315519843f04028e034cb8b4b4
File type application/x-rar
Offset 192000
Size 17018135
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryValueExA
SetFileSecurityW
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
DeleteObject
GetSystemTime
GetLastError
IsDBCSLeadByte
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
lstrlenA
GetFileAttributesA
SystemTimeToFileTime
WaitForSingleObject
LoadLibraryA
FreeLibrary
FindNextFileA
ExitProcess
SetFileTime
GetVersionExA
GetFileAttributesW
GetModuleFileNameA
HeapAlloc
GetCurrentProcess
GetDateFormatA
FileTimeToLocalFileTime
GetLocaleInfoA
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
MultiByteToWideChar
CreateDirectoryW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetFileAttributesA
SetFilePointer
GetTempPathA
SetFileAttributesW
lstrcmpiA
GetCPInfo
GetModuleFileNameW
GetModuleHandleA
FindNextFileW
WriteFile
FindFirstFileA
CloseHandle
GetTimeFormatA
DeleteFileW
FindFirstFileW
HeapReAlloc
MoveFileExA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetFullPathNameA
MoveFileA
WideCharToMultiByte
GetNumberFormatA
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
SetEndOfFile
CreateFileA
GetTickCount
FindResourceA
SetCurrentDirectoryA
SetLastError
CompareStringA
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
SHGetFileInfoA
ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
MapWindowPoints
GetMessageA
GetParent
UpdateWindow
EndDialog
SetFocus
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
CharToOemBuffA
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
GetSysColor
RegisterClassExA
SetWindowTextA
DestroyIcon
LoadStringA
wsprintfA
GetSystemMetrics
IsWindowVisible
SendMessageA
GetClientRect
GetDlgItem
OemToCharBuffA
OemToCharA
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
LoadIconA
CopyRect
WaitForInputIdle
GetClassNameA
GetWindowTextA
CharToOemA
DestroyWindow
Number of PE resources by type
RT_DIALOG 6
RT_STRING 4
RT_RCDATA 1
RT_MANIFEST 1
RT_ICON 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 11
NEUTRAL DEFAULT 3
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2008:09:16 15:17:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
81920

LinkerVersion
5.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1000

InitializedDataSize
110080

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 3dd82d6edcfae508541bb34d26270cfc
SHA1 1666203d944523aae3ed9fb9e4bf645ef37e566b
SHA256 57f3dccc3a8b2f7022dcf4606e1c9dd3feb42fc6bc6213f30476b6c5a86f10e7
ssdeep
393216:stNlVE3qt4vAqbVhsGvZjH44d/qzFQhZo6cn9i9:SgcGvxBEZmZoD2

authentihash 58a7b9d0fce26655a024831297f94e72977a77012fa51621096d58a61a9506fb
imphash ccc0e829fe1206cd39d147ca374725d4
File size 16.4 MB ( 17210135 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (4.x-5.x) (59.8%)
WinRAR Self Extracting archive (37.9%)
Windows screen saver (0.9%)
Win32 Dynamic Link Library (generic) (0.4%)
Win32 Executable (generic) (0.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-10-05 13:21:23 UTC ( 7 months, 2 weeks ago )
Last submission 2019-05-15 12:14:54 UTC ( 3 days, 19 hours ago )
File names BioniX Wallpaper Setup.exe
BioniX%20Wallpaper%20Setup.exe
BioniX Wallpaper Setup.exe
1046784
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs