× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 61c9461625c850658d5af7ee13169215be09770cfdc8725acca2abe31f39c460
File name: ProgramData.exe
Detection ratio: 18 / 61
Analysis date: 2017-04-07 09:10:15 UTC ( 1 year, 6 months ago )
Antivirus Result Update
AegisLab Backdoor.W32.DarkKomet.tntk 20170407
Antiy-AVL Trojan/Win32.BTSGeneric 20170407
Avira (no cloud) APPL/Cmdow.88576 20170407
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170406
CAT-QuickHeal Trojan.IGENERIC 20170407
Comodo Application.Win32.CMDOW.a 20170407
Cyren W32/Trojan.SYGE-6877 20170407
ESET-NOD32 a variant of Win32/CMDOW.A potentially unsafe 20170407
Fortinet Riskware/CMDOW 20170407
Ikarus Trojan.Cmdow 20170407
Sophos ML trojan.win32.swrort.a 20170203
K7AntiVirus Trojan ( 00470eed1 ) 20170407
K7GW Trojan ( 00470eed1 ) 20170407
NANO-Antivirus Trojan.Win32.Cmdow.dmjuol 20170407
TrendMicro HKTL_HIDEWIN 20170407
TrendMicro-HouseCall HKTL_HIDEWIN 20170407
VIPRE SecurityRisk.Cmdow (not malicious) 20170407
Yandex Riskware.Agent! 20170406
Ad-Aware 20170407
AhnLab-V3 20170407
Alibaba 20170407
ALYac 20170407
Arcabit 20170407
Avast 20170407
AVG 20170407
AVware 20170407
BitDefender 20170407
Bkav 20170407
ClamAV 20170407
CMC 20170407
CrowdStrike Falcon (ML) 20170130
DrWeb 20170407
Emsisoft 20170407
Endgame 20170407
F-Prot 20170407
F-Secure 20170407
GData 20170407
Jiangmin 20170407
Kaspersky 20170407
Kingsoft 20170407
Malwarebytes 20170407
McAfee 20170407
McAfee-GW-Edition 20170407
Microsoft 20170407
eScan 20170407
nProtect 20170407
Palo Alto Networks (Known Signatures) 20170407
Panda 20170406
Qihoo-360 20170407
Rising None
SentinelOne (Static ML) 20170330
Sophos AV 20170407
SUPERAntiSpyware 20170407
Symantec 20170406
Symantec Mobile Insight 20170406
Tencent 20170407
TheHacker 20170406
Trustlook 20170407
VBA32 20170406
ViRobot 20170407
Webroot 20170407
WhiteArmor 20170327
Zillya 20170406
ZoneAlarm by Check Point 20170407
Zoner 20170407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-14 19:15:49
Entry Point 0x0001CAB5
Number of sections 6
PE sections
Overlays
MD5 460cf91f4f6e5dde7a449c98c0626637
File type application/x-rar
Offset 259072
Size 53392406
Entropy 8.00
PE imports
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
FindNextFileA
EncodePointer
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
SetFilePointerEx
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
InitializeCriticalSection
AllocConsole
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
QueryPerformanceFrequency
LoadLibraryExA
SetThreadPriority
FindClose
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
FoldStringW
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
CreateSemaphoreW
IsProcessorFeaturePresent
TzSpecificLocalTimeToSystemTime
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
DecodePointer
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindFirstFileExA
FindNextFileW
ResetEvent
FreeConsole
FindFirstFileW
SetEvent
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
AttachConsole
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GetConsoleCP
FindResourceW
CompareStringW
GetEnvironmentStringsW
IsDBCSLeadByte
VirtualQuery
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
GetTempPathW
Sleep
GetOEMCP
CreateHardLinkW
Number of PE resources by type
RT_STRING 10
RT_DIALOG 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN NEUTRAL 23
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:14 20:15:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
188416

LinkerVersion
14.0

EntryPoint
0x1cab5

InitializedDataSize
69632

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 744b14a0380dd10a8921499a70b63552
SHA1 59badf5077532429cde5b5decfdbb23de05291a0
SHA256 61c9461625c850658d5af7ee13169215be09770cfdc8725acca2abe31f39c460
ssdeep
1572864:j/aNh62h8pIW9Y+Uc2iC9t/aDuiTy3tDDQ59h5:jY62Ch/p6ri2uTD

authentihash 000a0efddb369654d1225d71a4b6d6762d21f900d9033f3ea088fc7fa2f1533d
imphash 027ea80e8125c6dda271246922d4c3b0
File size 51.2 MB ( 53651478 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-04-07 09:10:15 UTC ( 1 year, 6 months ago )
Last submission 2017-04-07 09:10:15 UTC ( 1 year, 6 months ago )
File names ProgramData.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!