× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5c57d389563a2b37ee3e8850d761e5370c4b121073a605b27bdd19c569f70f84
File name: 1a6deb3.exe
Detection ratio: 10 / 66
Analysis date: 2018-05-28 13:18:28 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
Avast FileRepMalware 20180528
AVG FileRepMalware 20180528
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180528
Cylance Unsafe 20180528
Endgame malicious (high confidence) 20180507
Sophos ML heuristic 20180503
Qihoo-360 HEUR/QVM20.1.774F.Malware.Gen 20180528
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANX 20180528
Symantec ML.Attribute.HighConfidence 20180528
Ad-Aware 20180528
AegisLab 20180528
AhnLab-V3 20180528
Alibaba 20180528
ALYac 20180528
Antiy-AVL 20180528
Arcabit 20180528
Avast-Mobile 20180527
Avira (no cloud) 20180528
AVware 20180528
Babable 20180406
BitDefender 20180528
Bkav 20180528
CAT-QuickHeal 20180528
ClamAV 20180528
CMC 20180528
Comodo 20180528
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cyren 20180528
DrWeb 20180528
eGambit 20180528
Emsisoft 20180528
ESET-NOD32 20180528
F-Prot 20180528
F-Secure 20180528
Fortinet 20180528
GData 20180528
Ikarus 20180528
Jiangmin 20180527
K7AntiVirus 20180528
K7GW 20180528
Kaspersky 20180528
Kingsoft 20180528
Malwarebytes 20180528
MAX 20180528
McAfee 20180528
McAfee-GW-Edition 20180528
Microsoft 20180528
eScan 20180528
NANO-Antivirus 20180528
nProtect 20180528
Palo Alto Networks (Known Signatures) 20180528
Panda 20180528
Rising 20180528
SUPERAntiSpyware 20180528
Symantec Mobile Insight 20180525
Tencent 20180528
TheHacker 20180524
TotalDefense 20180528
TrendMicro 20180528
TrendMicro-HouseCall 20180528
Trustlook 20180528
VBA32 20180528
VIPRE 20180528
ViRobot 20180528
Webroot 20180528
Yandex 20180528
Zillya 20180525
ZoneAlarm by Check Point 20180528
Zoner 20180528
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-28 13:07:33
Entry Point 0x000014BD
Number of sections 5
PE sections
PE imports
DeregisterEventSource
RegQueryReflectionKey
JetInit2
GetTextColor
GetFontLanguageInfo
GetNearestColor
GetCurrentPositionEx
GetCurrentProcess
TerminateProcess
GetProcessAffinityMask
GetCurrentConsoleFont
ReadFileEx
GetCommandLineA
ToUnicodeEx
IsDlgButtonChecked
ToAscii
GetPhysicalCursorPos
GetCaretPos
GetMenuDefaultItem
Number of PE resources by type
RT_STRING 6
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:05:28 14:07:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
15.0

EntryPoint
0x14bd

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
135168

Compressed bundles
File identification
MD5 55400d9b2f846ecef4387ea7ec7b49f3
SHA1 417c079faeacdf8e75311899ae2cbb2d7e9dd1de
SHA256 5c57d389563a2b37ee3e8850d761e5370c4b121073a605b27bdd19c569f70f84
ssdeep
3072:6mlKFchqwgYeAENN/8P2ZqQRRv47Irmcm4:6KXhNe3p8PfQRRv47Um

authentihash dc22e4bfd3d318ab7a89cf4fee35d4f178ab509cc93ce62b5a5958533e1ccd3a
imphash 37860091598e4285571f8ba161a5c382
File size 168.0 KB ( 172032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-28 13:18:28 UTC ( 8 months, 3 weeks ago )
Last submission 2018-05-28 13:18:28 UTC ( 8 months, 3 weeks ago )
File names 1a6deb3.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!