× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c0b3a7f1247652af26a381a48d2da0aa6964e43b196d0b73eb3acd1f69032e3
File name: GsmDemo.exe
Detection ratio: 0 / 65
Analysis date: 2018-03-25 01:49:36 UTC ( 9 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20180325
AegisLab 20180325
AhnLab-V3 20180324
Alibaba 20180323
ALYac 20180325
Antiy-AVL 20180325
Arcabit 20180325
Avast 20180325
Avast-Mobile 20180324
AVG 20180325
Avira (no cloud) 20180324
AVware 20180325
Baidu 20180323
BitDefender 20180325
Bkav 20180325
CAT-QuickHeal 20180324
ClamAV 20180324
CMC 20180324
Comodo 20180325
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180325
Cyren 20180325
DrWeb 20180325
eGambit 20180325
Emsisoft 20180325
Endgame 20180316
ESET-NOD32 20180324
F-Prot 20180325
F-Secure 20180325
Fortinet 20180325
GData 20180325
Ikarus 20180324
Sophos ML 20180121
Jiangmin 20180324
K7AntiVirus 20180324
K7GW 20180325
Kaspersky 20180325
Kingsoft 20180325
Malwarebytes 20180324
MAX 20180325
McAfee 20180325
McAfee-GW-Edition 20180324
Microsoft 20180325
eScan 20180324
NANO-Antivirus 20180325
nProtect 20180325
Palo Alto Networks (Known Signatures) 20180325
Panda 20180324
Qihoo-360 20180325
Rising 20180325
SentinelOne (Static ML) 20180225
Sophos AV 20180325
SUPERAntiSpyware 20180324
Symantec 20180324
Symantec Mobile Insight 20180311
Tencent 20180325
TheHacker 20180319
TotalDefense 20180324
TrendMicro 20180325
TrendMicro-HouseCall 20180324
Trustlook 20180325
VBA32 20180323
VIPRE 20180325
ViRobot 20180324
Yandex 20180324
Zillya 20180323
ZoneAlarm by Check Point 20180325
Zoner 20180325
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2012 - MTKSOFT

File version 4.00
Description Servis Takip Plus
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2000-04-25 14:37:12
Entry Point 0x000021AF
Number of sections 4
PE sections
Overlays
MD5 32abd9781aac8d80656e9e333bbf751a
File type data
Offset 14848
Size 9202290
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetDeviceCaps
SelectPalette
SelectObject
PatBlt
CreateFontA
CreatePalette
GetStockObject
TextOutA
CreateSolidBrush
SetBkMode
DeleteObject
RealizePalette
SetTextColor
StretchDIBits
GetLastError
lstrlenA
GlobalFree
FreeLibrary
ExitProcess
GetVersionExA
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
WinExec
OpenFile
GetCurrentProcess
_lwrite
lstrcatA
GetWindowsDirectoryA
SetErrorMode
_llseek
GetCommandLineA
GetProcAddress
_lread
GetTempPathA
_lcreat
_lclose
GetModuleHandleA
lstrcpyA
_lopen
MulDiv
GetTempFileNameA
GlobalLock
LocalFree
GlobalAlloc
FormatMessageA
DrawTextA
CreateWindowExA
RegisterClassA
LoadIconA
LoadCursorA
ReleaseDC
EndPaint
BeginPaint
MessageBoxA
ExitWindowsEx
SendMessageA
GetClientRect
SetTimer
SetWindowPos
PostQuitMessage
DefWindowProcA
ShowWindow
UpdateWindow
wsprintfA
GetDC
InvalidateRect
PE exports
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
4.0

FileVersionNumber
4.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
5632

EntryPoint
0x21af

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.0

TimeStamp
2000:04:25 15:37:12+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Servis Takip Plus

OSVersion
4.0

FileOS
Windows 16-bit

LegalCopyright
2012 - MTKSOFT

MachineType
Intel 386 or later, and compatibles

CompanyName
MTKSOFT

CodeSize
8704

FileSubtype
0

ProductVersionNumber
4.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2c4c554c2ac787a6b982385dbb34e11c
SHA1 618f405fe8ac633afd2c1c9c8cc82bd6f41d416c
SHA256 6c0b3a7f1247652af26a381a48d2da0aa6964e43b196d0b73eb3acd1f69032e3
ssdeep
196608:RB1MmoKDnl/lrug8B68AzuoaReLJhyb7gng+A9Ez6IUGbWrTYKj:RXjoiJB5uoaaJhDxAqUGbKR

authentihash 1f7cf627d27a60fccdad1a2d9ff367735db1092439b23b366f4d836917e2ad87
imphash 5318cd03ef5b5da86800f1483484cfd0
File size 8.8 MB ( 9217138 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Wise Installer executable (96.5%)
Win32 Dynamic Link Library (generic) (1.3%)
Win32 Executable (generic) (0.9%)
OS/2 Executable (generic) (0.4%)
Generic Win/DOS Executable (0.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-09-30 18:06:47 UTC ( 3 years, 3 months ago )
Last submission 2018-03-25 01:49:36 UTC ( 9 months, 3 weeks ago )
File names GsmDemo.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Runtime DLLs