× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 700627688629541a16fbe69d5a65c0a5c581cedb226cb29bfa8164183a1a9576
File name: WinGRASS-7.4.0-1-Setup-x86_64.exe
Detection ratio: 0 / 61
Analysis date: 2018-02-22 09:02:52 UTC ( 11 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20180222
AegisLab 20180222
AhnLab-V3 20180222
Alibaba 20180222
ALYac 20180222
Antiy-AVL 20180222
Arcabit 20180222
Avast 20180222
Avast-Mobile 20180221
AVG 20180222
Avira (no cloud) 20180222
AVware 20180222
Baidu 20180208
BitDefender 20180222
Bkav 20180212
CAT-QuickHeal 20180222
ClamAV 20180222
CMC 20180222
Comodo 20180222
CrowdStrike Falcon (ML) 20170201
Cybereason 20180205
Cylance 20180222
Cyren 20180222
DrWeb 20180222
eGambit 20180222
Emsisoft 20180222
Endgame 20180216
ESET-NOD32 20180222
F-Prot 20180222
F-Secure 20180222
Fortinet 20180222
GData 20180222
Sophos ML 20180121
Jiangmin 20180222
K7AntiVirus 20180222
K7GW 20180222
Kingsoft 20180222
Malwarebytes 20180222
MAX 20180222
McAfee 20180221
McAfee-GW-Edition 20180222
Microsoft 20180222
eScan 20180222
nProtect 20180222
Palo Alto Networks (Known Signatures) 20180222
Panda 20180221
Qihoo-360 20180222
Rising 20180222
SentinelOne (Static ML) 20180115
Sophos AV 20180222
SUPERAntiSpyware 20180221
Symantec 20180222
Symantec Mobile Insight 20180220
Tencent 20180222
TheHacker 20180219
TrendMicro-HouseCall 20180222
Trustlook 20180222
VBA32 20180221
VIPRE 20180222
ViRobot 20180222
Webroot 20180222
WhiteArmor 20180205
Yandex 20180222
Zillya 20180221
ZoneAlarm by Check Point 20180222
Zoner 20180222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS, maxorder, appended, docwrite, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-16 07:48:41
Entry Point 0x0000324F
Number of sections 5
PE sections
Overlays
MD5 68de9ba70eff2d87eb18cc98927d620f
File type data
Offset 54272
Size 170945256
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
ReadFile
LoadLibraryA
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
GetFullPathNameA
GetModuleHandleA
GetTempPathA
CreateThread
GetFileAttributesA
SetFilePointer
lstrcmpA
FindFirstFileA
WriteFile
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
SetFileAttributesA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
SystemParametersInfoA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
DrawTextA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
SetForegroundWindow
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
ShowWindow
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 7
RT_ICON 4
RT_BITMAP 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:12:16 08:48:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24064

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x324f

InitializedDataSize
120320

SubsystemVersion
4.0

ImageVersion
6.0

OSVersion
4.0

UninitializedDataSize
1024

File identification
MD5 09d801b7937aecc9f85a0994170539f1
SHA1 b01376a423e59ee555836df6dc14198895ea9d7e
SHA256 700627688629541a16fbe69d5a65c0a5c581cedb226cb29bfa8164183a1a9576
ssdeep
3145728:+pdhOhy26h6NGivFBqV1sbG5PY5XYDG0txJKEP2oAQQlrnNKDV6JkIh/Q:ChOhyd69vFBqV1j5PY5XEG0txZP2oh44

authentihash 51cb6432ea0e1ec8a53e90659d5322ef9102954fee95576037614a5320677908
imphash ab6770b0a8635b9d92a5838920cfe770
File size 163.1 MB ( 170999528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2018-02-22 09:02:52 UTC ( 11 months, 4 weeks ago )
Last submission 2018-06-16 13:04:35 UTC ( 8 months ago )
File names 1038472
WinGRASS-7.4.0-1-Setup-x86_64.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!