× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6a191b044be78957afbd984300fb65c7deae82c198652e89a93542792527e9c8
File name: 3lvHM0Yz3aQ8S98Vy.exe
Detection ratio: 13 / 65
Analysis date: 2018-03-24 15:08:19 UTC ( 11 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180324
AVG FileRepMalware 20180324
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180323
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cybereason malicious.6b80a1 20180225
Endgame malicious (high confidence) 20180316
Sophos ML heuristic 20180121
Malwarebytes Trojan.Emotet 20180324
Palo Alto Networks (Known Signatures) generic.ml 20180324
Qihoo-360 HEUR/QVM20.1.0976.Malware.Gen 20180324
SentinelOne (Static ML) static engine - malicious 20180225
TrendMicro TSPY_HPEMOTET.SMDX4 20180324
TrendMicro-HouseCall TSPY_HPEMOTET.SMDX4 20180324
Ad-Aware 20180324
AegisLab 20180324
AhnLab-V3 20180324
Alibaba 20180323
ALYac 20180324
Antiy-AVL 20180324
Arcabit 20180324
Avast-Mobile 20180324
Avira (no cloud) 20180324
AVware 20180324
BitDefender 20180324
Bkav 20180322
CAT-QuickHeal 20180324
ClamAV 20180324
CMC 20180324
Comodo 20180324
Cylance 20180324
Cyren 20180324
DrWeb 20180324
eGambit 20180324
Emsisoft 20180324
ESET-NOD32 20180324
F-Prot 20180324
F-Secure 20180324
Fortinet 20180324
GData 20180324
Ikarus 20180324
Jiangmin 20180324
K7AntiVirus 20180324
K7GW 20180324
Kaspersky 20180324
Kingsoft 20180324
MAX 20180324
McAfee 20180324
McAfee-GW-Edition 20180324
Microsoft 20180324
eScan 20180324
NANO-Antivirus 20180324
nProtect 20180324
Panda 20180324
Rising 20180324
Sophos AV 20180324
SUPERAntiSpyware 20180324
Symantec 20180323
Symantec Mobile Insight 20180311
Tencent 20180324
TheHacker 20180319
TotalDefense 20180324
Trustlook 20180324
VBA32 20180323
VIPRE 20180324
ViRobot 20180324
WhiteArmor 20180324
Yandex 20180324
Zillya 20180323
ZoneAlarm by Check Point 20180324
Zoner 20180324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2009-2017 Oracle Corporation

Product Oracle VM VirtualBox Guest Additions
Original name VBoxOGLerrorspu.dll
Internal name VBoxOGLerrorspu
File version 5.1.26.117224
Description VirtualBox crOpenGL ICD
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-24 15:02:46
Entry Point 0x00003840
Number of sections 5
PE sections
PE imports
DeleteAce
CryptDestroyHash
RegNotifyChangeKeyValue
CertCloseStore
CryptMsgControl
CryptImportPublicKeyInfo
SelectPalette
CreatePolygonRgn
AngleArc
GetLastError
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetCurrentDirectoryW
ReadConsoleOutputW
GetModuleHandleA
VirtualUnlock
ProcessIdToSessionId
FlsGetValue
GetCommandLineA
LocalUnlock
FlsFree
lstrlenW
GetProcessHeap
MprConfigTransportGetInfo
DrawDibClose
DsCrackNamesW
LPSAFEARRAY_UserFree
VarUI2FromStr
SysReAllocString
DispCallFunc
glTexImage2D
RasGetCustomAuthDataW
RasGetProjectionInfoW
NdrGetUserMarshalInfo
UuidCreate
NdrConformantArrayUnmarshall
SetupDiRemoveDevice
CM_Get_Device_ID_List_ExW
SHFileOperationA
PathMakePrettyW
StrCpyNW
StrDupA
StrRChrA
UrlGetPartA
SHRegGetValueW
QuerySecurityPackageInfoW
MakeSignature
SetFocus
DdeDisconnectList
GetActiveWindow
EndDialog
EnumDesktopWindows
TileWindows
LoadCursorW
IsMenu
RegisterDeviceNotificationW
TrackMouseEvent
GetClipboardOwner
SetCursorPos
IsCharLowerW
EnableMenuItem
UnpackDDElParam
UnlockUrlCacheEntryStream
DeleteUrlCacheEntryW
mixerGetID
DeletePrinter
CryptCATStoreFromHandle
g_rgSCardRawPci
SCardListReaderGroupsA
Ord(30)
_time64
iswlower
ReleaseStgMedium
StgIsStorageILockBytes
HICON_UserMarshal
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
r117224

SubsystemVersion
5.0

LinkerVersion
0.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.26.17224

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
VirtualBox crOpenGL ICD

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
59392

EntryPoint
0x3840

OriginalFileName
VBoxOGLerrorspu.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2009-2017 Oracle Corporation

FileVersion
5.1.26.117224

TimeStamp
2018:03:24 08:02:46-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
VBoxOGLerrorspu

ProductVersion
5.1.26.117224

UninitializedDataSize
4096

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Oracle Corporation

CodeSize
24576

ProductName
Oracle VM VirtualBox Guest Additions

ProductVersionNumber
5.1.26.17224

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 d231d77a582212ed00055581fc49f56f
SHA1 246227a6b80a16eca4788ece8398fcc9ebaa7953
SHA256 6a191b044be78957afbd984300fb65c7deae82c198652e89a93542792527e9c8
ssdeep
1536:sp08VUDdI9y29H/vEFWJHwLxq2w6IyjvCCwqzmDO01yaWj88Lcf8:f8Vo+y2J/cFEQfFIkCCw/1Zecf8

authentihash fdcfb3c8057157e41bd44616647b3595c2b84be7e7b114b0c5d6147c5099a85f
imphash 819613d94adff270e932470333a53226
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-24 15:08:19 UTC ( 11 months ago )
Last submission 2018-05-15 01:19:55 UTC ( 9 months, 1 week ago )
File names 71771.exe
3lvHM0Yz3aQ8S98Vy.exe
65748.exe
VBoxOGLerrorspu.dll
VBoxOGLerrorspu
2046.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!