× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 644b19d2e0b77bc6fc3f19a8f7d7eb2b7fce5c2b1713c0cc809ea088682c61eb
File name: BlockSleep.exe
Detection ratio: 1 / 63
Analysis date: 2017-08-05 11:02:21 UTC ( 3 months, 2 weeks ago )
Antivirus Result Update
Cylance Unsafe 20170805
Ad-Aware 20170805
AegisLab 20170805
AhnLab-V3 20170804
Alibaba 20170804
ALYac 20170805
Antiy-AVL 20170805
Arcabit 20170805
Avast 20170805
AVG 20170805
Avira (no cloud) 20170805
AVware 20170805
Baidu 20170804
BitDefender 20170805
Bkav 20170805
CAT-QuickHeal 20170805
ClamAV 20170805
CMC 20170805
Comodo 20170805
CrowdStrike Falcon (ML) 20170710
Cyren 20170805
DrWeb 20170805
Emsisoft 20170805
Endgame 20170721
ESET-NOD32 20170805
F-Prot 20170805
F-Secure 20170805
Fortinet 20170805
GData 20170805
Ikarus 20170805
Sophos ML 20170607
Jiangmin 20170805
K7AntiVirus 20170804
K7GW 20170805
Kaspersky 20170805
Kingsoft 20170805
Malwarebytes 20170805
MAX 20170805
McAfee 20170804
McAfee-GW-Edition 20170805
Microsoft 20170805
eScan 20170805
NANO-Antivirus 20170805
nProtect 20170805
Palo Alto Networks (Known Signatures) 20170805
Panda 20170805
Qihoo-360 20170805
Rising 20170805
SentinelOne (Static ML) 20170718
Sophos AV 20170805
SUPERAntiSpyware 20170805
Symantec 20170804
Symantec Mobile Insight 20170804
Tencent 20170805
TheHacker 20170804
TrendMicro 20170805
TrendMicro-HouseCall 20170805
Trustlook 20170805
VBA32 20170803
VIPRE 20170805
ViRobot 20170805
Webroot 20170805
WhiteArmor 20170731
Yandex 20170801
Zillya 20170804
ZoneAlarm by Check Point 20170805
Zoner 20170805
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-31 01:18:24
Entry Point 0x0000104C
Number of sections 3
PE sections
PE imports
CreateProcessW
LocalFree
GetStdHandle
WriteConsoleA
LocalAlloc
WaitForSingleObject
GetCommandLineW
GetExitCodeProcess
WriteConsoleW
ExitProcess
CloseHandle
SetThreadExecutionState
PathGetArgsW
PathRemoveArgsW
PathUnquoteSpacesW
wsprintfA
wsprintfW
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:01:31 02:18:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1024

LinkerVersion
5.12

FileTypeExtension
exe

InitializedDataSize
18432

SubsystemVersion
4.0

EntryPoint
0x104c

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 3d424e5f8e62755aaa20d442757ee25b
SHA1 df31a973a7cb625dfbfb8c73148b1d199380161f
SHA256 644b19d2e0b77bc6fc3f19a8f7d7eb2b7fce5c2b1713c0cc809ea088682c61eb
ssdeep
48:K9CWElQwIY04+/3wxgeBCaI8Q/gTwdmBKnlv5R:3lQw/094x5CaI8YyYB

authentihash 8d86c7caed10e538ce361607da684a54575fa03d21c67a033666ff5d7e1af6bb
imphash fafba793ca0c331632fd515893a61f79
File size 3.5 KB ( 3584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-01-31 01:18:44 UTC ( 1 year, 9 months ago )
Last submission 2017-08-05 11:02:21 UTC ( 3 months, 2 weeks ago )
File names blocksleep.exe
BlockSleep.exe
BlockSleep.exe
BlockSleep.exe
BlockSleep.exe
BlockSleep.exe
BlockSleep.exe
BlockSleep.exe
BlockSleep.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications