× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5df55a2d3f688735e0d530a7639dadac3817d4b3f2972276fb3b046d381a9121
File name: mcdonalds.exe
Detection ratio: 10 / 70
Analysis date: 2019-01-17 08:35:44 UTC ( 2 months ago ) View latest
Antivirus Result Update
Cylance Unsafe 20190117
eGambit Unsafe.AI_Score_87% 20190117
Endgame malicious (high confidence) 20181108
McAfee-GW-Edition BehavesLike.Win32.PUPXDU.dh 20190117
Microsoft Trojan:Win32/Fuerboos.C!cl 20190117
Rising Malware.Heuristic.MLite(100%) (AI-LITE:IrLitCl+a14OlbasfOq2kA) 20190117
Symantec ML.Attribute.HighConfidence 20190117
Trapmine suspicious.low.ml.score 20190103
VBA32 BScope.Trojan.Fuery 20190116
Webroot W32.Adware.Installcore 20190117
Acronis 20190117
Ad-Aware 20190117
AegisLab 20190117
AhnLab-V3 20190117
Alibaba 20180921
ALYac 20190117
Antiy-AVL 20190116
Arcabit 20190117
Avast 20190117
Avast-Mobile 20190117
AVG 20190117
Avira (no cloud) 20190117
Babable 20180918
Baidu 20190117
BitDefender 20190117
Bkav 20190116
CAT-QuickHeal 20190116
ClamAV 20190117
CMC 20190116
Comodo 20190117
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190117
DrWeb 20190117
Emsisoft 20190117
ESET-NOD32 20190117
F-Prot 20190117
F-Secure 20190117
Fortinet 20190117
GData 20190117
Ikarus 20190116
Sophos ML 20181128
Jiangmin 20190117
K7AntiVirus 20190117
K7GW 20190117
Kaspersky 20190117
Kingsoft 20190117
Malwarebytes 20190117
MAX 20190117
McAfee 20190117
eScan 20190117
NANO-Antivirus 20190117
Palo Alto Networks (Known Signatures) 20190117
Panda 20190116
Qihoo-360 20190117
SentinelOne (Static ML) 20181223
Sophos AV 20190117
SUPERAntiSpyware 20190116
TACHYON 20190117
Tencent 20190117
TheHacker 20190115
TrendMicro 20190117
TrendMicro-HouseCall 20190117
Trustlook 20190117
VIPRE 20190117
ViRobot 20190117
Yandex 20190117
Zillya 20190116
ZoneAlarm by Check Point 20190117
Zoner 20190117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-26 04:13:38
Entry Point 0x00005072
Number of sections 5
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
TlsAlloc
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GlobalGetAtomNameW
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
SetProcessShutdownParameters
SetFileApisToANSI
GetEnvironmentStringsW
GetLocaleInfoW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetStdHandle
GetACP
VirtualFree
HeapSetInformation
GetCurrentProcess
EnumSystemLocalesA
GetCPInfoExW
GetLocaleInfoA
SetConsoleCtrlHandler
LocalAlloc
GetUserDefaultLCID
GetCommandLineW
OpenFileMappingA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCPInfo
GetProcAddress
AddAtomW
HeapSize
EnumResourceLanguagesW
CompareStringW
RaiseException
GlobalReAlloc
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetStringTypeA
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
WideCharToMultiByte
HeapReAlloc
GetStringTypeW
GetModuleHandleW
LocalFree
TerminateProcess
QueryPerformanceCounter
DnsHostnameToComputerNameW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
HeapCreate
GlobalAlloc
CreateProcessW
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
IsBadCodePtr
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_STRING 15
RT_ICON 14
RT_GROUP_ICON 2
Struct(241) 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 34
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.45.8.4

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
222208

EntryPoint
0x5072

MIMEType
application/octet-stream

FileVersion
1.6.8.23

TimeStamp
2017:07:26 06:13:38+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.6.8.23

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
65536

FileSubtype
0

ProductVersionNumber
7.32.568.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 0673b159c2f01fadeadc3306f2bb5390
SHA1 34f0db8012defb9078bca6170844e4ca1a1888a3
SHA256 5df55a2d3f688735e0d530a7639dadac3817d4b3f2972276fb3b046d381a9121
ssdeep
3072:QSzpCgMLAxIJY5GEmj1GHBTfFhTWkCvaTdmGlpbZSzDnL7hOtbf:Qw6LAxivBIdfJC6BtZtb

authentihash 66f77145231a5c9a5045e960cae8d912dc437fe5a0c72e21388a95cce19a5491
imphash 17adea6d6b38ca9533638ea109ca9b5d
File size 278.5 KB ( 285184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-17 08:19:48 UTC ( 2 months ago )
Last submission 2019-01-21 02:02:46 UTC ( 1 month, 3 weeks ago )
File names mcdonalds.exe
winsvcs.exe
tempfeq44.exe
temputn19.exe
tempwmn36.exe
tempwmn36.exe
0673b159c2f01fadeadc3306f2bb5390.virobj
TempWMn36.exe
tempanv84.exe
tempuxs88.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections