× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5f14d435f3c1d40d8f56cb89845dd1c3d56df503fac76d76143a14c731968fa8
File name: 253334
Detection ratio: 1 / 61
Analysis date: 2017-06-03 00:31:07 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Bkav W32.eHeur.Malware03 20170602
Ad-Aware 20170602
AegisLab 20170602
AhnLab-V3 20170602
Alibaba 20170602
ALYac 20170602
Arcabit 20170603
Avast 20170602
AVG 20170602
Avira (no cloud) 20170603
AVware 20170602
Baidu 20170601
BitDefender 20170602
CAT-QuickHeal 20170602
ClamAV 20170602
CMC 20170602
Comodo 20170602
CrowdStrike Falcon (ML) 20170420
Cyren 20170603
DrWeb 20170602
Emsisoft 20170603
Endgame 20170515
ESET-NOD32 20170602
F-Prot 20170602
F-Secure 20170602
Fortinet 20170603
GData 20170602
Ikarus 20170602
Sophos ML 20170519
Jiangmin 20170602
K7AntiVirus 20170602
K7GW 20170602
Kaspersky 20170602
Kingsoft 20170603
Malwarebytes 20170602
McAfee 20170602
McAfee-GW-Edition 20170602
Microsoft 20170602
eScan 20170603
NANO-Antivirus 20170602
nProtect 20170602
Palo Alto Networks (Known Signatures) 20170603
Panda 20170602
Qihoo-360 20170603
Rising None
SentinelOne (Static ML) 20170516
Sophos AV 20170602
SUPERAntiSpyware 20170602
Symantec 20170603
Symantec Mobile Insight 20170601
Tencent 20170603
TheHacker 20170602
TotalDefense 20170602
TrendMicro 20170602
TrendMicro-HouseCall 20170602
Trustlook 20170603
VBA32 20170602
VIPRE 20170602
ViRobot 20170602
Webroot 20170603
WhiteArmor 20170601
Yandex 20170602
Zillya 20170602
ZoneAlarm by Check Point 20170602
Zoner 20170603
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2012 Gold-Software Development

Product Advanced MID Converter-new
Original name amidconv.exe
Internal name amidconv
File version 2.0
Description Advanced MID Converter-new Setup
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-09-02 04:13:09
Entry Point 0x00001D20
Number of sections 5
PE sections
Overlays
MD5 b4b0ac9d7fe9a5e2b0ec5982cb85f687
File type data
Offset 110592
Size 10293494
Entropy 8.00
PE imports
GetLastError
lstrlenA
GetFileAttributesA
FreeLibrary
ExitProcess
GetModuleFileNameA
LoadLibraryA
GetStartupInfoA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetProcAddress
CreateMutexA
GetTempPathA
GetModuleHandleA
lstrcmpA
lstrcpyA
CloseHandle
WriteFile
VirtualFree
CreateFileA
VirtualAlloc
_except_handler3
_acmdln
__p__fmode
_adjust_fdiv
__setusermatherr
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
_exit
_initterm
__set_app_type
wsprintfA
MessageBoxA
Number of PE resources by type
RT_DIALOG 11
RT_ICON 2
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
NEUTRAL 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Advanced MID Converter-new Setup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unknown (01B5)

InitializedDataSize
102400

EntryPoint
0x1d20

OriginalFileName
amidconv.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012 Gold-Software Development

FileVersion
2.0

TimeStamp
2010:09:01 21:13:09-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
amidconv

ProductVersion
2.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Gold-Software Development

CodeSize
4096

ProductName
Advanced MID Converter-new

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 299929b6bab8c86e464299cc677562d0
SHA1 3c1096079c8474ebdc0a21b9c1bef16604124f47
SHA256 5f14d435f3c1d40d8f56cb89845dd1c3d56df503fac76d76143a14c731968fa8
ssdeep
196608:BaMWpQRaRHv5gl4xQlVmEuAoo9Sw0IpX8+67NcdJorA5ol/D2/qq2FXX4ggy:BaT2gV5zMoEHwNGs+62darU4/D2/qTXn

authentihash 70bac76875c74abbd4646017ab657ccf796dce4a9e25a60fcd94d800a218f90b
imphash d221b1dc8c3a08622f6512e7876527c8
File size 9.9 MB ( 10404086 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Microsoft Visual C++ compiled executable (generic) (49.1%)
Win32 Dynamic Link Library (generic) (19.5%)
Win32 Executable (generic) (13.3%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2012-04-24 03:41:41 UTC ( 7 years ago )
Last submission 2018-05-26 09:22:52 UTC ( 11 months, 4 weeks ago )
File names amidconv.exr.exe
W5HF.dotm
amidconv.exe
amidconv.exe
5F14D435F3C1D40D8F56CB89845DD1C3D56DF503FAC76D76143A14C731968FA8
amidconv
687.exe
amidconv.exe
aa
10956775
5f14d435f3c1d40d8f56cb89845dd1c3d56df503fac76d76143a14c731968fa8
setup.exe
output.10956775.txt
253334
68a634179ac2fdd369f0197d7e60048253190b81
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!