× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6d98f81e1a1cfa8c688c3f979e44a88bbbbbd50897b0a7f8fa77f94873ea18ec
File name: 8778h4g.exe
Detection ratio: 2 / 56
Analysis date: 2016-04-28 10:46:36 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160428
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160428
Ad-Aware 20160428
AegisLab 20160428
AhnLab-V3 20160428
Alibaba 20160428
ALYac 20160428
Antiy-AVL 20160428
Arcabit 20160428
Avast 20160428
AVG 20160428
Avira (no cloud) 20160428
AVware 20160428
Baidu-International 20160427
BitDefender 20160428
Bkav 20160427
CAT-QuickHeal 20160428
ClamAV 20160427
CMC 20160428
Comodo 20160428
Cyren 20160428
DrWeb 20160428
Emsisoft 20160428
ESET-NOD32 20160428
F-Prot 20160428
F-Secure 20160428
Fortinet 20160428
GData 20160428
Ikarus 20160428
Jiangmin 20160428
K7AntiVirus 20160428
K7GW 20160428
Kaspersky 20160427
Kingsoft 20160428
Malwarebytes 20160428
McAfee 20160428
McAfee-GW-Edition 20160428
Microsoft 20160428
eScan 20160428
NANO-Antivirus 20160428
nProtect 20160428
Panda 20160427
Rising 20160428
Sophos AV 20160428
SUPERAntiSpyware 20160428
Symantec 20160428
Tencent 20160428
TheHacker 20160426
TrendMicro 20160428
TrendMicro-HouseCall 20160428
VBA32 20160427
VIPRE 20160428
ViRobot 20160428
Yandex 20160427
Zillya 20160428
Zoner 20160428
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-04-20 18:40:26
Entry Point 0x00001F5C
Number of sections 3
PE sections
Overlays
MD5 3b6a44490707d203a637f435c3450906
File type ASCII text
Offset 111104
Size 1121
Entropy 0.00
PE imports
InitCommonControlsEx
ImageList_Add
GetLastError
ReleaseMutex
LoadLibraryW
CreateThread
Sleep
CloseHandle
ExitProcess
LoadLibraryA
FlushInstructionCache
DbgPrint
RtlInitAnsiString
LdrGetProcedureAddress
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2006:04:20 19:40:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7680

LinkerVersion
10.0

EntryPoint
0x1f5c

InitializedDataSize
102400

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 628d9f2ba204f99e638a91494be3648e
SHA1 8834579d01bc93e55d1dbf2b24b466bfa1e27fad
SHA256 6d98f81e1a1cfa8c688c3f979e44a88bbbbbd50897b0a7f8fa77f94873ea18ec
ssdeep
3072:CRWCz7jS7KKJ7GOv78P/5hIivcVjYmKNSq:if7jkB7ORhIKcSVwq

authentihash fdc2b9dce4c90c46043a3bf0c1f8c33ddfe4c2cd0c7e4d777c5c01428fca5de4
imphash bff41081c3ec50d03770add847cea631
File size 109.6 KB ( 112225 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-04-28 09:24:51 UTC ( 1 year, 5 months ago )
Last submission 2017-08-02 23:03:27 UTC ( 2 months, 2 weeks ago )
File names 3774.tmp.exe
628d9f2ba204f99e638a91494be3648e.exe
7.tmp
7E53.tmp
FCB.exe
8778h4g.exe
C0CE.tmp
3774.tmp.exe
284c49bdc91b24974a3957fc25f87cd6.safe
8778h4g
1.tmp
PRamvt.exe
8778h4g.txt
FDAF.tmp
[1] 8778h4g.txt
OIuxaQS.exe
xcfMSHoH.exe
zVLpkxbcn.exe.1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs