× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 73203bbf5ec449161b5ebb051a9fa0210baa73116d93819e487e2a78ba77d696
File name: s.exe
Detection ratio: 1 / 57
Analysis date: 2016-10-30 08:23:37 UTC ( 2 years, 1 month ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Gen.lN4R 20161030
Ad-Aware 20161030
AhnLab-V3 20161029
Alibaba 20161028
ALYac 20161030
Antiy-AVL 20161030
Arcabit 20161030
Avast 20161030
AVG 20161030
Avira (no cloud) 20161029
AVware 20161030
Baidu 20161029
BitDefender 20161030
Bkav 20161030
CAT-QuickHeal 20161029
ClamAV 20161030
CMC 20161030
Comodo 20161030
CrowdStrike Falcon (ML) 20161024
Cyren 20161030
DrWeb 20161030
Emsisoft 20161030
ESET-NOD32 20161029
F-Prot 20161030
F-Secure 20161030
Fortinet 20161030
GData 20161030
Ikarus 20161029
Sophos ML 20161018
Jiangmin 20161030
K7AntiVirus 20161030
K7GW 20161030
Kaspersky 20161030
Kingsoft 20161030
Malwarebytes 20161030
McAfee 20161030
McAfee-GW-Edition 20161030
Microsoft 20161030
eScan 20161030
NANO-Antivirus 20161030
nProtect 20161028
Panda 20161029
Qihoo-360 20161030
Rising 20161030
Sophos AV 20161030
SUPERAntiSpyware 20161030
Symantec 20161030
Tencent 20161030
TheHacker 20161029
TotalDefense 20161028
TrendMicro 20161030
TrendMicro-HouseCall 20161030
VBA32 20161029
VIPRE 20161030
ViRobot 20161030
Yandex 20161029
Zillya 20161028
Zoner 20161030
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2009

Product AutoHotkey_L
Original name AutoHotkey.exe
Internal name AutoHotkey_L
File version 1, 0, 48, 05
Description AutoHotkey_L
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-09-04 01:21:43
Entry Point 0x000C3EE0
Number of sections 3
PE sections
PE imports
RegCloseKey
GetOpenFileNameW
BitBlt
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SysAllocString
DragFinish
VerQueryValueW
mixerOpen
gethostbyaddr
CoGetObject
Number of PE resources by type
RT_ICON 16
RT_GROUP_ICON 8
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 29
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
28672

ImageVersion
0.0

ProductName
AutoHotkey_L

FileVersionNumber
1.0.48.5

UninitializedDataSize
487424

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
AutoHotkey.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 48, 05

TimeStamp
2010:09:04 02:21:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AutoHotkey_L

ProductVersion
1, 0, 48, 05

FileDescription
AutoHotkey_L

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (C) 2009

MachineType
Intel 386 or later, and compatibles

CodeSize
315392

FileSubtype
0

ProductVersionNumber
1.0.48.5

EntryPoint
0xc3ee0

ObjectFileType
Executable application

File identification
MD5 5db7bad1443f93a205dc01789fcb8cb7
SHA1 df388d38cce69633f950af1a497d9531d8367f25
SHA256 73203bbf5ec449161b5ebb051a9fa0210baa73116d93819e487e2a78ba77d696
ssdeep
6144:03fNBB19IUNg+p1knhwBv9NC0Ou36fxXACGLomGhDPvQllcDLVvPWtHIIM:0V/15iG1+W00MXNlNxscvVu6

authentihash 37bb54e1978f492324ee24065d791c07aeac5c4c503b3c92f1355e1a42557169
imphash ac744ca1c17d0f40b3d27ef052f613c0
File size 332.0 KB ( 339968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2010-12-24 02:36:26 UTC ( 7 years, 11 months ago )
Last submission 2018-04-20 17:47:20 UTC ( 7 months, 3 weeks ago )
File names s-.exe
s.exe
1.exe
highlight and hit f6.exe
1.exe
AutoHotkey_L
s.exe
s.exe
AutoHotkey.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!