× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 614699a4d0b7488c29c3d58ca8b90c212128498438f713893b03abf3baf7ff87
File name: ekegifyk.exe
Detection ratio: 4 / 55
Analysis date: 2016-03-04 07:30:10 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.C6ED 20160303
Kaspersky UDS:DangerousObject.Multi.Generic 20160304
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20160304
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160304
Ad-Aware 20160304
AegisLab 20160304
Yandex 20160303
AhnLab-V3 20160303
Alibaba 20160304
ALYac 20160304
Antiy-AVL 20160304
Arcabit 20160304
Avast 20160304
AVG 20160304
Avira (no cloud) 20160304
AVware 20160304
Baidu-International 20160303
BitDefender 20160304
ByteHero 20160304
CAT-QuickHeal 20160304
ClamAV 20160303
CMC 20160303
Comodo 20160304
Cyren 20160304
DrWeb 20160304
Emsisoft 20160229
ESET-NOD32 20160304
F-Prot 20160304
F-Secure 20160304
Fortinet 20160304
GData 20160304
Ikarus 20160304
Jiangmin 20160304
K7AntiVirus 20160303
K7GW 20160304
Malwarebytes 20160304
McAfee 20160304
Microsoft 20160304
eScan 20160304
NANO-Antivirus 20160304
nProtect 20160303
Panda 20160303
Rising 20160302
Sophos AV 20160304
SUPERAntiSpyware 20160304
Symantec 20160303
Tencent 20160304
TheHacker 20160302
TrendMicro 20160304
TrendMicro-HouseCall 20160304
VBA32 20160303
VIPRE 20160304
ViRobot 20160304
Zillya 20160303
Zoner 20160304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-08-24 14:42:04
Entry Point 0x00011206
Number of sections 4
PE sections
Overlays
MD5 7b728776c51fe0319e8865e55cb1198c
File type data
Offset 172032
Size 1112
Entropy 5.94
PE imports
GetCharABCWidthsW
DeleteEnhMetaFile
Polygon
GetWindowOrgEx
SetBitmapBits
PatBlt
GetGlyphOutlineW
CreatePen
GetRgnBox
SaveDC
GetEnhMetaFileBits
GetTextMetricsA
GetROP2
UpdateColors
GetObjectType
GetGlyphOutlineA
SetMapMode
GetBrushOrgEx
CreateDCA
GetEnhMetaFileHeader
SetPixel
ScaleViewportExtEx
FillPath
CreateDIBSection
EnumFontFamiliesA
SetTextColor
ExtFloodFill
GetObjectA
FillRgn
CreateEllipticRgn
SetPixelV
EqualRgn
PlayEnhMetaFile
ScaleWindowExtEx
PtVisible
SetPixelFormat
GdiFlush
CreateRoundRectRgn
SetViewportOrgEx
GetTextAlign
CreateFontW
GetTextFaceA
CloseEnhMetaFile
SetROP2
EndPage
RemoveFontResourceA
StartDocW
Pie
SetDIBColorTable
CancelDC
GetTextColor
Arc
GetKerningPairsA
DPtoLP
ExtCreatePen
GetClipRgn
GetBkColor
CreateCompatibleBitmap
GetStartupInfoA
GetNumberFormatA
GetModuleHandleA
FreeLibrary
CreateDirectoryExA
GetTempPathW
FillConsoleOutputCharacterW
Ord(324)
Ord(3825)
Ord(1001)
Ord(3147)
Ord(2124)
Ord(1002)
Ord(3830)
Ord(1043)
Ord(4627)
Ord(3597)
Ord(4853)
Ord(3136)
Ord(1069)
Ord(2982)
Ord(1013)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(1089)
Ord(1775)
Ord(2055)
Ord(4837)
Ord(1026)
Ord(1047)
Ord(3798)
Ord(3259)
Ord(3081)
Ord(2648)
Ord(4407)
Ord(2446)
Ord(4353)
Ord(4079)
Ord(1020)
Ord(2725)
Ord(5065)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(561)
Ord(3831)
Ord(6374)
Ord(3346)
Ord(5302)
Ord(1727)
Ord(1168)
Ord(2554)
Ord(2985)
Ord(5163)
Ord(2385)
Ord(815)
Ord(1018)
Ord(4486)
Ord(4078)
Ord(5300)
Ord(4698)
Ord(4998)
Ord(5280)
Ord(3922)
Ord(2976)
Ord(5277)
Ord(2514)
Ord(5307)
Ord(3749)
Ord(1078)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(5261)
Ord(4465)
Ord(5731)
Ord(5265)
_except_handler3
__p__fmode
_wmakepath
_acmdln
_adjust_fdiv
_winminor
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
atoi
__getmainargs
_initterm
_wcsset
_tell
_controlfp
__set_app_type
EqualRect
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 4
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ARABIC SAUDI ARABIA 9
ENGLISH AUS 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.52.149.18

UninitializedDataSize
0

LanguageCode
Unknown (CURI)

FileFlagsMask
0x003f

CharacterSet
Unknown (NG)

InitializedDataSize
98304

EntryPoint
0x11206

MIMEType
application/octet-stream

LegalCopyright
2016 (C) 2017

FileVersion
0.140.163.119

TimeStamp
2005:08:24 15:42:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Dome

ProductVersion
0.25.91.8

FileDescription
Declaim Coffins Enounced

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Jabber.org

CodeSize
69632

ProductName
Duchesses Disconnection

ProductVersionNumber
0.172.61.13

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e7724d081e271d0d679203ccacd5ba7c
SHA1 16022fcfe97382e8aff765cfb5985b11a2830935
SHA256 614699a4d0b7488c29c3d58ca8b90c212128498438f713893b03abf3baf7ff87
ssdeep
3072:DB8Whz0JEheQ0TMjvkvMAcABb3/d2ypvaOJI65zBlxr:CWVnheOjvkvAcD/sUW659lV

authentihash 6dc418d0c9f99f098346f87a808ef9633a1e05553102665c7f89b5b642064ba1
imphash 1eae73d2852fa3d91ddc9937e85e8080
File size 169.1 KB ( 173144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.8%)
Win64 Executable (generic) (31.7%)
Windows screen saver (15.0%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-03-04 06:18:46 UTC ( 3 years, 1 month ago )
Last submission 2016-04-27 07:58:14 UTC ( 2 years, 12 months ago )
File names ekegifyk.exe
ekegifyk.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!