× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 64fa8660adf2ca87e845ec06ccb1eac209d4f78ad7fb894e358c01c23a68a1d9
Detection ratio: 23 / 66
Analysis date: 2018-04-27 15:34:00 UTC ( 10 months ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20180427
Avast Win32:GenMalicious-NYM [Trj] 20180427
AVG Win32:GenMalicious-NYM [Trj] 20180427
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180426
Bkav HW32.Packed.725F 20180426
Comodo CloudScanner.Trojan.Gen 20180427
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180427
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/GenKryptik.BYII 20180427
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180427
McAfee RDN/Generic.grp 20180427
McAfee-GW-Edition Artemis!Trojan 20180425
Palo Alto Networks (Known Signatures) generic.ml 20180427
Panda Trj/Genetic.gen 20180427
Qihoo-360 HEUR/QVM20.1.C906.Malware.Gen 20180427
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180427
Symantec ML.Attribute.HighConfidence 20180427
TrendMicro-HouseCall Suspicious_GEN.F47V0427 20180427
Webroot W32.Trojan.Emotet 20180427
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180427
Ad-Aware 20180427
AhnLab-V3 20180427
Alibaba 20180427
ALYac 20180427
Antiy-AVL 20180427
Arcabit 20180427
Avast-Mobile 20180426
Avira (no cloud) 20180427
AVware 20180427
Babable 20180406
BitDefender 20180427
CAT-QuickHeal 20180427
ClamAV 20180427
CMC 20180427
Cybereason 20180225
Cyren 20180427
DrWeb 20180427
eGambit 20180427
Emsisoft 20180427
F-Prot 20180427
F-Secure 20180427
Fortinet 20180427
GData 20180427
Ikarus 20180427
Jiangmin 20180427
K7AntiVirus 20180427
K7GW 20180427
Kingsoft 20180427
Malwarebytes 20180427
MAX 20180427
Microsoft 20180427
eScan 20180427
NANO-Antivirus 20180427
nProtect 20180427
Rising 20180427
SUPERAntiSpyware 20180427
Symantec Mobile Insight 20180424
Tencent 20180427
TheHacker 20180426
TrendMicro 20180427
Trustlook 20180427
VBA32 20180427
VIPRE 20180427
ViRobot 20180427
Yandex 20180427
Zoner 20180426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product MediaShow
Original name MediaShow.exe
Internal name Media Shower
Description Helper On
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-27 13:20:38
Entry Point 0x000054B5
Number of sections 7
PE sections
PE imports
RegOpenCurrentUser
CryptQueryObject
JetInit2
GetEnhMetaFileBits
GetTextColor
SetColorSpace
GetConsoleSelectionInfo
GetFileTime
GetCurrentProcess
SwitchToThread
GetLargePageMinimum
SetConsoleCP
GetTickCount
GetProcessTimes
SetMailslotInfo
GetVersion
InterlockedIncrement
SetupDiGetDeviceInstallParamsA
IsCharAlphaNumericA
UnhookWindowsHookEx
GetMenuState
GetClientRect
ChangeClipboardChain
InSendMessage
Number of PE resources by type
RT_STRING 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
237056

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.10.6

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
12.0

EntryPoint
0x54b5

OriginalFileName
MediaShow.exe

MIMEType
application/octet-stream

TimeStamp
2018:04:27 13:20:38+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Media Shower

ProductVersion
1.1.00.5-RELEASE-3261ab70162a15491f105139acb02100067d661b

FileDescription
Helper On

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Helper On

CodeSize
15360

ProductName
MediaShow

ProductVersionNumber
1.2.10.6

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.1.00.5

File identification
MD5 d7a74678032f9ebd4c8b5213dc4666ec
SHA1 c14cb2ce24cdb91daffdc19d33273ec8bc303751
SHA256 64fa8660adf2ca87e845ec06ccb1eac209d4f78ad7fb894e358c01c23a68a1d9
ssdeep
6144:8lxcPgDMI++BTrLJZGoWTxhJ0sEufzkCC8iuFO2hpxnty:SogD9l2omXzQQgcy

authentihash de064fbe3b00e4a2e0fcc586ea42641048f08bad63c6b6345a8b357184ae01c5
imphash 3a00b3c320c4ce14ea5ea3a3492e86df
File size 243.5 KB ( 249344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-27 13:51:01 UTC ( 10 months ago )
Last submission 2018-05-08 00:21:43 UTC ( 9 months, 2 weeks ago )
File names 67311.exe
sharpenserif.exe
output.113192586.txt
Media Shower
MediaShow.exe
sharpenserif.exe
zq8NM.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!