× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60e28bf2e78e10aadb550e74c67efa2672728981043e03a2f8331c3d104a19b3
File name: Extract_Bootmgr.exe
Detection ratio: 1 / 48
Analysis date: 2016-10-15 05:23:22 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20161015
Ad-Aware 20161015
AegisLab 20161015
AhnLab-V3 20161014
Alibaba 20161014
ALYac 20161015
Antiy-AVL 20161015
Arcabit 20161015
Avast 20161015
AVG 20161015
Avira (no cloud) 20161014
AVware 20161015
Baidu 20161014
BitDefender 20161015
Bkav 20161014
CAT-QuickHeal 20161014
ClamAV 20161015
CMC 20161015
Comodo 20161015
CrowdStrike Falcon (ML) 20160725
Cyren 20161015
DrWeb 20161015
Emsisoft 20161015
ESET-NOD32 20161015
F-Prot 20161015
F-Secure 20161015
Fortinet 20161015
GData 20161015
Ikarus 20161014
Sophos ML 20160928
Jiangmin 20161015
K7AntiVirus 20161014
K7GW 20161015
Kaspersky 20161015
Kingsoft 20161015
Malwarebytes 20161015
McAfee 20161015
McAfee-GW-Edition 20161015
Microsoft 20161015
eScan 20161015
NANO-Antivirus 20161015
nProtect 20161015
Panda 20161014
Rising 20161015
Sophos AV 20161015
SUPERAntiSpyware 20161015
Symantec 20161015
Tencent 20161015
TheHacker 20161014
TrendMicro 20161015
TrendMicro-HouseCall 20161015
VBA32 20161014
VIPRE 20161015
ViRobot 20161015
Yandex 20161014
Zillya 20161013
Zoner 20161015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Joker-2013

Product Extract_BMR
Original name Extract_BMR.exe
Internal name Extract_BMR
File version 1, 0, 0, 0
Description Extract_BMR
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 6:02 PM 3/3/2017
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-02 22:14:00
Entry Point 0x000193AF
Number of sections 4
PE sections
Overlays
MD5 66e867fe198c9d438946f9d5027757f3
File type data
Offset 141312
Size 69616
Entropy 7.99
PE imports
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
StretchBlt
SetThreadLocale
GetStdHandle
GetDriveTypeW
WaitForSingleObject
CreateIoCompletionPort
CreateJobObjectW
GetFileAttributesW
SetInformationJobObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetSystemDirectoryW
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
FindResourceExA
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetModuleFileNameW
ExitProcess
lstrcmpiW
SetProcessWorkingSetSize
GetSystemDefaultLCID
MultiByteToWideChar
SetFilePointer
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
GetExitCodeThread
MulDiv
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
EnterCriticalSection
TerminateThread
lstrcmpiA
GetVersionExW
SetEvent
GetTickCount
LoadLibraryA
GetStartupInfoA
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
AssignProcessToJobObject
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
lstrcmpW
GetProcAddress
CreateEventW
CreateFileW
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
lstrlenA
GlobalFree
lstrlenW
CreateProcessW
GetQueuedCompletionStatus
SizeofResource
CompareFileTime
LockResource
SetFileTime
GetCommandLineW
SuspendThread
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
GetCurrentDirectoryW
WriteFile
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
_purecall
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
strncpy
_except_handler3
??2@YAPAXI@Z
strncmp
_onexit
_wtol
exit
_XcptFilter
realloc
__setusermatherr
wcsncpy
__p__commode
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_adjust_fdiv
??3@YAXPAX@Z
memcpy
wcsncmp
free
__getmainargs
_controlfp
memmove
_beginthreadex
wcsstr
_initterm
_exit
_EH_prolog
__set_app_type
SysAllocString
SysFreeString
OleLoadPicture
VariantClear
SysAllocStringLen
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
MessageBoxW
GetMenu
GetWindowRect
ClientToScreen
UnhookWindowsHookEx
CharUpperW
LoadImageW
MessageBoxA
LoadIconW
GetWindowDC
GetWindow
GetSysColor
PtInRect
DispatchMessageW
CopyImage
ReleaseDC
SendMessageW
GetWindowLongW
DrawIconEx
SetWindowTextW
CreateWindowExA
GetDlgItem
SystemParametersInfoW
BringWindowToTop
IsWindow
GetDC
ScreenToClient
CallNextHookEx
wsprintfA
SetTimer
CallWindowProcW
GetSystemMenu
DialogBoxIndirectParamW
EnableWindow
GetClientRect
GetWindowTextW
EnableMenuItem
GetDesktopWindow
SetWindowsHookExW
GetClassNameA
GetWindowTextLengthW
CreateWindowExW
wsprintfW
GetKeyState
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
38912

ImageVersion
0.0

ProductName
Extract_BMR

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

PrivateBuild
April 1, 2016

FileTypeExtension
exe

FileType
Win32 EXE

OriginalFileName
Extract_BMR.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 0

Created
7z SFX Constructor (http://usbtor.ru/viewtopic.php?t=798)

TimeStamp
2016:04:02 23:14:00+01:00

Builder
CryptoNick 08:00:14 15/10/2016

PEType
PE32

InternalName
Extract_BMR

SubsystemVersion
4.0

ProductVersion
1, 0, 0, 0

FileDescription
Extract_BMR

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Joker-2013

MachineType
Intel 386 or later, and compatibles

CompanyName
Joker-2013

CodeSize
101888

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x193af

ObjectFileType
Executable application

File identification
MD5 77c69b5349be52f70883c94549486eed
SHA1 78c152995d793a20609f05ce779d07bcc961816a
SHA256 60e28bf2e78e10aadb550e74c67efa2672728981043e03a2f8331c3d104a19b3
ssdeep
3072:k1jaUW1yuwpk7U8P1AAAAA+X1sMsZFUcwXXnbULsqDjqm5OBUJp1g1NaPeT9Dg:k1jwMuKYU8rsXpynIxlIBUmPywDg

authentihash 1629a87dbd667850d15acb46bbb665486318034ad2863bea59f9ca9eca2a6c67
imphash a1a66d588dcf1394354ebf6ec400c223
File size 206.0 KB ( 210928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-10-15 05:23:22 UTC ( 1 year, 1 month ago )
Last submission 2017-03-03 17:02:18 UTC ( 8 months, 2 weeks ago )
File names Extract_Bootmgr.exe
Extract_BMR.exe
Extract_BMR
Extract_Bootmgr.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs