× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 67b069d5930e3a7bd1f7bea28a554f6c7f11b02e05212a6c9101f7ff265453ef
File name: 3d5eeaa64da02d7066e5f57c25368757
Detection ratio: 38 / 67
Analysis date: 2018-01-15 17:11:19 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.VB.Agent.AIP 20180115
ALYac Trojan.VB.Agent.AIP 20180115
Antiy-AVL Trojan/Win32.TSGeneric 20180115
Arcabit Trojan.VB.Agent.AIP 20180115
Avast Win32:Malware-gen 20180115
AVG Win32:Malware-gen 20180115
BitDefender Trojan.VB.Agent.AIP 20180115
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.cce1d8 20171103
Cylance Unsafe 20180115
DrWeb Trojan.Trick.45236 20180115
Emsisoft Trojan.VB.Agent.AIP (B) 20180115
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Injector.DVAP 20180115
F-Secure Trojan.VB.Agent.AIP 20180115
Fortinet W32/GenKryptik.BLKY!tr 20180115
GData Trojan.VB.Agent.AIP 20180115
Sophos ML heuristic 20170914
Jiangmin Trojan.Mansabo.qx 20180115
K7AntiVirus Trojan ( 005239f41 ) 20180115
K7GW Trojan ( 005239f41 ) 20180115
Kaspersky Trojan.Win32.Mansabo.apq 20180115
MAX malware (ai score=88) 20180115
McAfee GenericRXDR-LX!3D5EEAA64DA0 20180115
McAfee-GW-Edition BehavesLike.Win32.Trojan.fc 20180115
Microsoft Trojan:Win32/Totbrick.A 20180115
eScan Trojan.VB.Agent.AIP 20180115
nProtect Trojan/W32.Mansabo.364544 20180115
Panda Trj/Genetic.gen 20180115
Qihoo-360 HEUR/QVM03.0.8641.Malware.Gen 20180115
SentinelOne (Static ML) static engine - malicious 20180115
Sophos AV Mal/Generic-S 20180115
Symantec Trojan.Gen 20180115
Tencent Win32.Trojan.Mansabo.Llrq 20180115
TrendMicro TROJ_GEN.R02DC0DAE18 20180115
TrendMicro-HouseCall TROJ_GEN.R02DC0DAE18 20180115
Webroot W32.Trojan.Gen 20180115
ZoneAlarm by Check Point Trojan.Win32.Mansabo.apq 20180115
AegisLab 20180115
AhnLab-V3 20180115
Alibaba 20180115
Avast-Mobile 20180115
Avira (no cloud) 20180115
AVware 20180103
Baidu 20180115
Bkav 20180115
CAT-QuickHeal 20180115
ClamAV 20180115
CMC 20180114
Comodo 20180115
Cyren 20180115
eGambit 20180115
F-Prot 20180115
Ikarus 20180115
Kingsoft 20180115
Malwarebytes 20180115
NANO-Antivirus 20180115
Palo Alto Networks (Known Signatures) 20180115
Rising 20180115
SUPERAntiSpyware 20180115
Symantec Mobile Insight 20180114
TheHacker 20180115
TotalDefense 20180115
Trustlook 20180115
VBA32 20180115
VIPRE 20180115
ViRobot 20180115
Yandex 20180112
Zillya 20180115
Zoner 20180115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
N6A 5B7

Product GoMoku
Original name GoMoku.exe
Internal name GoMoku
File version 1.00
Description List of all combinations of words containing DPIPA. Words that contain dpipa letters in them. Anagrams made from D P I P A letters
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-09 14:25:05
Entry Point 0x00001428
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaObjSetAddref
Ord(546)
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
__vbaVarDup
__vbaI4Abs
__vbaStrMove
_adj_fdivr_m64
Ord(534)
_adj_fprem
Ord(661)
__vbaLenBstr
__vbaAryMove
_adj_fpatan
_adj_fdiv_m32i
__vbaFreeObjList
Ord(650)
_adj_fdivr_m32
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaRedim
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
__vbaUbound
Ord(589)
Ord(100)
__vbaUI1I2
__vbaFreeVar
_adj_fprem1
EVENT_SINK_AddRef
Ord(519)
_adj_fdiv_r
_CItan
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaLenBstrB
_allmul
__vbaAryLock
_CIcos
Ord(595)
__vbaI2Abs
_adj_fptan
Ord(593)
__vbaStrVarCopy
__vbaAryUnlock
__vbaObjSet
__vbaErrorOverflow
_CIatan
__vbaI2I4
__vbaNew2
Ord(644)
__vbaR8IntI2
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrI2
__vbaStrR8
__vbaStrI4
__vbaFpR4
__vbaStrCat
__vbaVar2Vec
__vbaFreeStrList
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
NTGLIFECAM 3
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
319488

EntryPoint
0x1428

OriginalFileName
GoMoku.exe

MIMEType
application/octet-stream

LegalCopyright
N6A 5B7

FileVersion
1.0

TimeStamp
2018:01:09 15:25:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
GoMoku

ProductVersion
1.0

FileDescription
List of all combinations of words containing DPIPA. Words that contain dpipa letters in them. Anagrams made from D P I P A letters

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BCHomebotics

CodeSize
40960

ProductName
GoMoku

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 3d5eeaa64da02d7066e5f57c25368757
SHA1 3c4f43acce1d8874d2631164cde138cf773b1fd8
SHA256 67b069d5930e3a7bd1f7bea28a554f6c7f11b02e05212a6c9101f7ff265453ef
ssdeep
6144:F3itTgiZ06BEKYRCAmIEHRDwHf0NcN5kb6FM0/IIFiJhVN3IxXJ5yPaiFBM+jckI:FSdBEKABEHFw/8Z2+WhFiVN3IxHyPbrK

authentihash 53271a52c190fd8874148ade8ed1c0f4f2350bcf25410ba57140507ae0cacea4
imphash f75fe4f63124e3528a1b2930ee9df64c
File size 356.0 KB ( 364544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (64.7%)
Win64 Executable (generic) (21.7%)
Win32 Dynamic Link Library (generic) (5.1%)
Win32 Executable (generic) (3.5%)
OS/2 Executable (generic) (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-01-15 17:11:19 UTC ( 1 year ago )
Last submission 2018-05-22 09:05:06 UTC ( 8 months ago )
File names GoMoku
3d5eeaa64da02d7066e5f57c25368757.exe
3d5eeaa64da02d7066e5f57c25368757
GoMoku.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!