× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6e07b181ffca68dd35e449047f1c6d528ed4fc13e3f0464b75627891e397c301
File name: 05ae46460f7dc727c68e45718c2a7149
Detection ratio: 23 / 65
Analysis date: 2017-09-22 21:53:27 UTC ( 1 year, 6 months ago )
Antivirus Result Update
Antiy-AVL Trojan/Win32.AGeneric 20170922
Avast Win32:Malware-gen 20170922
AVG Win32:Malware-gen 20170922
Avira (no cloud) TR/AD.Derbit.ulxhm 20170922
AVware Trojan.Win32.Generic!BT 20170922
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170922
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170922
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Kryptik.FKEB 20170922
Sophos ML heuristic 20170914
Kaspersky HEUR:Trojan.Win32.Generic 20170922
McAfee Artemis!05AE46460F7D 20170922
McAfee-GW-Edition BehavesLike.Win32.Upatre.ch 20170922
Panda Generic Malware 20170922
Qihoo-360 HEUR/QVM20.1.334B.Malware.Gen 20170922
Rising Malware.Heuristic!ET#96% (RDM+:cmRtazoKThlP5KuDrdNBGAss1qn+) 20170922
Sophos AV Mal/Generic-S 20170922
TrendMicro-HouseCall TROJ_GEN.R039H0CIM17 20170922
VIPRE Trojan.Win32.Generic!BT 20170922
Webroot W32.Trojan.Gen 20170922
WhiteArmor Malware.HighConfidence 20170829
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170922
Ad-Aware 20170922
AegisLab 20170922
AhnLab-V3 20170922
Alibaba 20170911
ALYac 20170922
Arcabit 20170922
Avast-Mobile 20170922
BitDefender 20170922
CAT-QuickHeal 20170922
ClamAV 20170922
CMC 20170920
Comodo 20170922
Cyren 20170922
DrWeb 20170922
Emsisoft 20170922
F-Prot 20170922
F-Secure 20170922
Fortinet 20170922
GData 20170922
Ikarus 20170922
Jiangmin 20170922
K7AntiVirus 20170922
K7GW 20170922
Kingsoft 20170922
Malwarebytes 20170922
MAX 20170922
Microsoft 20170922
eScan 20170922
NANO-Antivirus 20170922
nProtect 20170922
Palo Alto Networks (Known Signatures) 20170922
SentinelOne (Static ML) 20170806
SUPERAntiSpyware 20170922
Symantec 20170922
Symantec Mobile Insight 20170922
Tencent 20170922
TheHacker 20170921
TotalDefense 20170922
TrendMicro 20170922
Trustlook 20170922
VBA32 20170922
ViRobot 20170922
Yandex 20170908
Zillya 20170922
Zoner 20170922
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Buick Dso

Product gulleying upsun
Original name gulleying.exe
Internal name gulleying
File version 4.6.1679.39200
Description gulleying lub hosen
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-07-20 17:06:44
Entry Point 0x00001411
Number of sections 3
PE sections
PE imports
WmiSetSingleItemA
BuildTrusteeWithSidA
LsaSetTrustedDomainInfoByName
CloseEncryptedFileRaw
SystemFunction025
QueryTraceW
GetFullPathNameA
GetTempFileNameW
GetFileTime
HeapFree
GetCurrentDirectoryA
HeapAlloc
MulDiv
GetFullPathNameW
DeleteTimerQueueTimer
CreateFileA
DeleteFileW
CloseHandle
GetProcessHeap
VirtualAlloc
GetFileAttributesW
GetCurrentThread
_amsg_exit
asin
wcscoll
__crtGetStringTypeW
strxfrm
_mbsinc
_mbsnextc
_mbsncmp
GetWindowLongA
SetInternalWindowPos
GetKeyState
GetWindowTextW
GetFocus
GetWindowTextA
FindWindowA
CreateAcceleratorTableA
DeregisterShellHookWindow
SetSystemMenu
Number of PE resources by type
RT_ICON 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
120832

ImageVersion
10.0

ProductName
gulleying upsun

FileVersionNumber
4.6.1679.39200

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
gulleying lub hosen

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
gulleying.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.6.1679.39200

TimeStamp
2010:07:20 18:06:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
gulleying

ProductVersion
4.6.1679.39200

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright Buick Dso

MachineType
Intel 386 or later, and compatibles

CompanyName
Buick Dso

CodeSize
57856

FileSubtype
0

ProductVersionNumber
4.6.1679.39200

EntryPoint
0x1411

ObjectFileType
Executable application

File identification
MD5 05ae46460f7dc727c68e45718c2a7149
SHA1 f0385ef11053d1e2afb4c78f3742f6ccc8aec5d2
SHA256 6e07b181ffca68dd35e449047f1c6d528ed4fc13e3f0464b75627891e397c301
ssdeep
3072:flS1C1mx0P4/+tXk3ouMdCV5S+VC2nETJQCFS/ziG6oWckLPskOPgA6:fcM0yZdtdl+pAhF4z19LkLEo

authentihash d58e90259a7985c587588bc4074a8cab9facae5384098ad5084ed7b5c0058ac3
imphash f8aafbc484a5da637111ba4525f5c3d4
File size 155.5 KB ( 159232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-22 21:53:27 UTC ( 1 year, 6 months ago )
Last submission 2017-09-22 21:53:27 UTC ( 1 year, 6 months ago )
File names gulleying
gulleying.exe
05ae46460f7dc727c68e45718c2a7149
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!