× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5bb19f644703852e38c72487d61fe2f30a916b100927cfbedca303a21b706436
File name: attrib.exe
Detection ratio: 1 / 55
Analysis date: 2016-07-21 20:51:52 UTC ( 2 years, 9 months ago ) View latest
Antivirus Result Update
Qihoo-360 HEUR/QVM09.0.0000.Malware.Gen 20160721
Ad-Aware 20160721
AegisLab 20160721
AhnLab-V3 20160721
Alibaba 20160721
ALYac 20160721
Antiy-AVL 20160721
Arcabit 20160721
Avast 20160721
AVG 20160721
Avira (no cloud) 20160721
AVware 20160721
Baidu 20160721
BitDefender 20160721
Bkav 20160721
CAT-QuickHeal 20160721
ClamAV 20160721
CMC 20160715
Comodo 20160721
Cyren 20160721
DrWeb 20160721
Emsisoft 20160721
ESET-NOD32 20160721
F-Prot 20160721
F-Secure 20160721
Fortinet 20160721
GData 20160721
Ikarus 20160721
Jiangmin 20160721
K7AntiVirus 20160721
K7GW 20160721
Kaspersky 20160721
Kingsoft 20160721
Malwarebytes 20160721
McAfee 20160721
McAfee-GW-Edition 20160721
Microsoft 20160721
eScan 20160721
NANO-Antivirus 20160721
nProtect 20160721
Panda 20160721
Sophos AV 20160721
SUPERAntiSpyware 20160721
Symantec 20160721
Tencent 20160721
TheHacker 20160720
TotalDefense 20160721
TrendMicro 20160721
TrendMicro-HouseCall 20160721
VBA32 20160721
VIPRE 20160721
ViRobot 20160721
Yandex 20160721
Zillya 20160721
Zoner 20160721
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-21 07:10:33
Entry Point 0x000143FA
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
SetMapMode
SaveDC
TextOutA
CreateFontIndirectA
GetClipBox
GetPixel
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
SelectObject
BitBlt
SetTextColor
CreatePatternBrush
GetObjectA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
CreateCompatibleDC
ScaleViewportExtEx
DeleteObject
GetTextExtentPoint32A
SetWindowExtEx
CreateSolidBrush
Escape
SetBkColor
SetViewportExtEx
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
GlobalFindAtomA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
TerminateProcess
WriteConsoleA
GlobalAlloc
VirtualQueryEx
GetVersion
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GlobalLock
VirtualProtectEx
GetProcessHeap
GlobalReAlloc
lstrcmpA
CompareStringA
lstrcmpW
GetProcAddress
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetCurrentThreadId
SizeofResource
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
VariantChangeType
VariantInit
VariantClear
DragFinish
DragQueryFileA
PathFindFileNameA
PathFindExtensionA
SetFocus
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
CallNextHookEx
LoadAcceleratorsA
GetActiveWindow
GetTopWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
GetClassInfoExA
ShowWindow
GetPropA
GetMenuState
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
InsertMenuItemA
GetWindowPlacement
IsIconic
RegisterClassA
GetMenuItemCount
TabbedTextOutA
GetSubMenu
CreateWindowExA
ShowOwnedPopups
FillRect
CopyRect
DeferWindowPos
DestroyWindow
IsChild
MapWindowPoints
BeginPaint
OffsetRect
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
EnableMenuItem
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ClientToScreen
GetClassLongA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemInfoA
ValidateRect
ReuseDDElParam
GetMenuItemID
SetForegroundWindow
ReleaseDC
IntersectRect
LoadMenuA
GetCapture
ScreenToClient
CreatePopupMenu
DrawTextExA
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
UnhookWindowsHookEx
RegisterClipboardFormatA
SetRectEmpty
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
IsWindowVisible
GetDesktopWindow
UnpackDDElParam
WinHelpA
InvalidateRect
wsprintfA
TranslateAcceleratorA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetMenu
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
OMG 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:07:21 08:10:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
151552

LinkerVersion
8.0

EntryPoint
0x143fa

InitializedDataSize
61440

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
File identification
MD5 2ee9b66854485a6df647c444dbb11d73
SHA1 4c0a79514874b883c5d920a5ed9a53a7d1931701
SHA256 5bb19f644703852e38c72487d61fe2f30a916b100927cfbedca303a21b706436
ssdeep
3072:LQmtV4slq5ZgNzjO0Dw+frk9bI0HjhyZEFBfz5CFAZt2sX0qWYMTqU:LJXvvNzjPE+foBFyZAcCkqWYMt

authentihash 1bdc89344955fa1b2f184971b7809b310caafedc6861b11f66d7436406a57250
imphash d6646ed861b44072d586b9250fa78231
File size 212.0 KB ( 217088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-07-21 20:51:52 UTC ( 2 years, 9 months ago )
Last submission 2016-07-21 20:51:52 UTC ( 2 years, 9 months ago )
File names attrib.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.