× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 667cda76b582c0771f85ad12167238e0f4bb12f479030d99c8a15d7f08eb9975
File name: Q16s3zsnhTCQzdPE8F.exe
Detection ratio: 14 / 68
Analysis date: 2018-11-14 17:38:09 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Avast Win32:MdeClass 20181114
AVG Win32:MdeClass 20181114
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181022
Cybereason malicious.68267a 20180225
Cylance Unsafe 20181114
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181108
McAfee-GW-Edition BehavesLike.Win32.Emotet.gt 20181114
Microsoft Trojan:Win32/Emotet.AC!bit 20181114
NANO-Antivirus Virus.Win32.Gen.ccmw 20181114
Palo Alto Networks (Known Signatures) generic.ml 20181114
Qihoo-360 HEUR/QVM20.1.345E.Malware.Gen 20181114
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181114
Ad-Aware 20181112
AegisLab 20181114
AhnLab-V3 20181114
Alibaba 20180921
ALYac 20181114
Antiy-AVL 20181114
Arcabit 20181114
Avast-Mobile 20181114
Avira (no cloud) 20181114
Babable 20180918
Baidu 20181114
BitDefender 20181114
Bkav 20181114
CAT-QuickHeal 20181114
ClamAV 20181114
CMC 20181114
Cyren 20181114
DrWeb 20181114
eGambit 20181114
Emsisoft 20181114
ESET-NOD32 20181114
F-Prot 20181114
F-Secure 20181114
Fortinet 20181114
GData 20181114
Ikarus 20181114
Jiangmin 20181114
K7AntiVirus 20181113
K7GW 20181114
Kaspersky 20181114
Kingsoft 20181114
Malwarebytes 20181114
MAX 20181114
McAfee 20181114
eScan 20181114
Panda 20181114
Rising 20181114
Sophos AV 20181114
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
TACHYON 20181114
Tencent 20181114
TheHacker 20181113
TotalDefense 20181114
TrendMicro 20181114
TrendMicro-HouseCall 20181114
Trustlook 20181114
VBA32 20181114
VIPRE 20181114
ViRobot 20181114
Webroot 20181114
Yandex 20181113
Zillya 20181114
ZoneAlarm by Check Point 20181114
Zoner 20181114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Borland Corporation 1994,2005

Product Borland Developer Studio
Internal name Run Time Library
File version 8.0.0.0
Description Borland C++ Multi-thread RTL (WIN/VCL MT)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-15 01:23:10
Entry Point 0x0000ED6C
Number of sections 6
PE sections
PE imports
RegDisableReflectionKey
SetEvent
GetCurrentProcess
GetTickCount
GetModuleHandleW
I_RpcBindingToStaticStringBindingW
DdeAbandonTransaction
EndDialog
IsIconic
GetKeyboardType
VkKeyScanExA
timeGetTime
Number of PE resources by type
RT_STRING 5
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
ExifTool file metadata
SpecialBuild
[pre-release version: pre-alpha]

SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.1

FileSubtype
100

FileVersionNumber
8.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Borland C++ Multi-thread RTL (WIN/VCL MT)

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
368640

EntryPoint
0xed6c

MIMEType
application/octet-stream

LegalCopyright
Copyright Borland Corporation 1994,2005

FileVersion
8.0.0.0

TimeStamp
2018:11:15 02:23:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Run Time Library

ProductVersion
5.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Borland Corporation

CodeSize
0

ProductName
Borland Developer Studio

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Execution parents
File identification
MD5 bbba81368267a5a2bb2ac77853b8c78b
SHA1 7d38246873df7be0215c190f38074627d85442d5
SHA256 667cda76b582c0771f85ad12167238e0f4bb12f479030d99c8a15d7f08eb9975
ssdeep
3072:8tkpKL3aF1G9r3jMBG9kTWaktI23zvluB6q8xykNBJWaPPaGlyZ6gG0aa33/AdVM:8tdaF1G9Tj6TWaS9dw6qUnzZJlyFd1T

authentihash 8a1e46f3b69d8d109e740b25aa701190d1a759190108ce5dcf9d3f3f982c1636
imphash bb48fa32927c66fd65b337538e2e7dd9
File size 412.0 KB ( 421888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-14 17:33:54 UTC ( 3 months, 1 week ago )
Last submission 2018-11-27 16:20:45 UTC ( 2 months, 3 weeks ago )
File names qMKHqWMDbS.exe
bpI9WhRT.exe
Opg4rItO.exe
Taz2z9AkUG.exe
iqIHluEukmc.exe
shooterpython.exe
P1hbutDboe4.exe
cyysqcLkLbYL.exe
kC0ZSlRlINl1SuERE2k.exe
6NBrVf1BP.exe
Q16s3zsnhTCQzdPE8F.exe
historyiface.exe
pwdavi.exe
9ZT1zYoFUb.exe
sddlinv.exe
w4gV2Drp.exe
DKeGGpDnB.exe
mDescy5Bq6s.exe
CL30emOqlcF.exe
Zj2X1h6R4t.exe
EF5C83E4.exe
i3MDaPjX.exe
1YwPw81ZEoI.exe
0Sba5e.exe
invnirmala.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!