× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 607bd005dd140bb2acbdb3c87ce411b84cad3195cd357b3ae353ab0a51ebdf40
File name: 23.exe
Detection ratio: 7 / 57
Analysis date: 2016-11-28 15:25:36 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
AVG Generic_r.PUM 20161128
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Sophos ML trojandownloader.win32.zemot.a 20161018
Kaspersky UDS:DangerousObject.Multi.Generic 20161128
Panda Trj/GdSda.A 20161128
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20161128
Rising Malware.Generic!c5x6D9BY86T@5 (thunder) 20161128
Ad-Aware 20161128
AegisLab 20161128
AhnLab-V3 20161128
Alibaba 20161128
ALYac 20161128
Antiy-AVL 20161128
Arcabit 20161128
Avast 20161128
Avira (no cloud) 20161128
AVware 20161128
Baidu 20161128
BitDefender 20161128
Bkav 20161128
CAT-QuickHeal 20161128
ClamAV 20161128
CMC 20161128
Comodo 20161128
Cyren 20161128
DrWeb 20161128
Emsisoft 20161128
ESET-NOD32 20161128
F-Prot 20161128
F-Secure 20161128
Fortinet 20161128
GData 20161128
Ikarus 20161128
Jiangmin 20161128
K7AntiVirus 20161128
K7GW 20161128
Kingsoft 20161128
Malwarebytes 20161128
McAfee 20161128
McAfee-GW-Edition 20161128
Microsoft 20161128
eScan 20161128
NANO-Antivirus 20161128
nProtect 20161128
Sophos AV 20161128
SUPERAntiSpyware 20161128
Symantec 20161128
Tencent 20161128
TheHacker 20161126
TotalDefense 20161128
TrendMicro 20161128
TrendMicro-HouseCall 20161128
Trustlook 20161128
VBA32 20161128
VIPRE 20161128
ViRobot 20161128
WhiteArmor 20161125
Yandex 20161128
Zillya 20161128
Zoner 20161128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
???? (C) 2003

Product Graph ????
Original name Graph.EXE
Internal name Graph
File version 1, 0, 0, 1
Description Graph Microsoft ???????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-24 02:57:55
Entry Point 0x0000A84F
Number of sections 4
PE sections
PE imports
SetPixel
GetPixel
Polyline
GetStartupInfoA
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(2362)
Ord(5252)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(4524)
Ord(554)
Ord(1842)
Ord(5237)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(4589)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(5290)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(807)
Ord(4163)
Ord(4964)
Ord(6215)
Ord(6625)
Ord(4529)
Ord(4531)
Ord(815)
Ord(2723)
Ord(366)
Ord(641)
Ord(2494)
Ord(796)
Ord(4353)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(5277)
Ord(4441)
Ord(4077)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(2379)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4242)
Ord(4823)
Ord(1746)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(2510)
Ord(1945)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(2117)
Ord(1727)
Ord(823)
Ord(4615)
Ord(813)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(4457)
Ord(3749)
Ord(2512)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4696)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(3147)
Ord(2124)
Ord(2621)
Ord(1726)
Ord(2366)
Ord(560)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(3748)
Ord(5065)
Ord(1665)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(520)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(2535)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(4376)
Ord(2626)
Ord(1776)
Ord(6000)
Ord(4623)
Ord(324)
Ord(296)
Ord(4238)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4613)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(4899)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(2364)
Ord(4622)
Ord(561)
Ord(2390)
Ord(4543)
Ord(4610)
Ord(4961)
Ord(2879)
Ord(4486)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4858)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(5731)
_except_handler3
__p__fmode
_acmdln
__CxxFrameHandler
_setmbcp
_exit
_adjust_fdiv
__setusermatherr
_purecall
__dllonexit
_onexit
_controlfp
_ftol
_XcptFilter
__getmainargs
exit
_initterm
__p__commode
__set_app_type
EnableWindow
UpdateWindow
FindWindowW
InvalidateRect
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
225280

ImageVersion
0.0

ProductName
Graph

FileVersionNumber
1.0.0.1

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

FileDescription
Graph Microsoft

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Graph.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2016:11:24 03:57:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Graph

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
(C) 2003

MachineType
Intel 386 or later, and compatibles

CodeSize
40960

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0xa84f

ObjectFileType
Executable application

File identification
MD5 3bbf9f3158e971400fc44eb0317bf929
SHA1 2ff98cf6c59bb2e17322b5b3b66e07c2611e3526
SHA256 607bd005dd140bb2acbdb3c87ce411b84cad3195cd357b3ae353ab0a51ebdf40
ssdeep
6144:SKs1MAsWfjgBoDzzzCm6NJi9vCcFLQWDxz3zn9bx/2QHp:SV1MIDzzX6NJsfFLQWDp3znf2w

authentihash cd7b19a747d21e1f28c749a2f466907a2f67ec3ddd0c1baaf260064dbe4729b7
imphash 344e41ade0091aa70a82cad40d1d8846
File size 264.0 KB ( 270336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-28 15:25:36 UTC ( 2 years, 2 months ago )
Last submission 2016-11-29 19:23:20 UTC ( 2 years, 2 months ago )
File names 23.exe
23.exe
23.exe
Graph
23.exe
23...exe
23.exe
Graph.EXE
23.exe
23.exe
23.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1129.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs