× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 793aa70288fdd4911ecd5a76ecb76bb1b9cac375663d6b4c2175747391904409
File name: gawk.exe
Detection ratio: 1 / 65
Analysis date: 2018-05-06 11:48:45 UTC ( 6 months, 2 weeks ago )
Antivirus Result Update
Cylance Unsafe 20180506
Ad-Aware 20180506
AegisLab 20180506
AhnLab-V3 20180506
Alibaba 20180503
ALYac 20180506
Antiy-AVL 20180506
Arcabit 20180506
Avast 20180506
Avast-Mobile 20180506
AVG 20180506
Avira (no cloud) 20180506
AVware 20180428
Babable 20180406
Baidu 20180503
BitDefender 20180506
Bkav 20180504
CAT-QuickHeal 20180505
ClamAV 20180506
CMC 20180506
Comodo 20180506
CrowdStrike Falcon (ML) 20180418
Cybereason None
Cyren 20180506
DrWeb 20180506
eGambit 20180506
Emsisoft 20180506
Endgame 20180504
ESET-NOD32 20180506
F-Prot 20180506
F-Secure 20180506
Fortinet 20180506
GData 20180506
Ikarus 20180506
Sophos ML 20180503
Jiangmin 20180506
K7AntiVirus 20180506
K7GW 20180506
Kaspersky 20180506
Kingsoft 20180506
Malwarebytes 20180506
MAX 20180506
McAfee 20180506
McAfee-GW-Edition 20180506
Microsoft 20180506
eScan 20180506
NANO-Antivirus 20180506
nProtect 20180506
Palo Alto Networks (Known Signatures) 20180506
Panda 20180506
Qihoo-360 20180506
Rising 20180506
SentinelOne (Static ML) 20180225
Sophos AV 20180506
SUPERAntiSpyware 20180506
Symantec 20180505
Symantec Mobile Insight 20180505
Tencent 20180506
TheHacker 20180504
TrendMicro 20180506
TrendMicro-HouseCall 20180506
Trustlook 20180506
VBA32 20180504
VIPRE 20180506
ViRobot 20180505
Webroot 20180506
Yandex 20180506
ZoneAlarm by Check Point 20180506
Zoner 20180505
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-01 13:31:04
Entry Point 0x000012E0
Number of sections 8
PE sections
Overlays
MD5 87b71ff333409b117dfb10a881228ecc
File type data
Offset 591360
Size 72478
Entropy 4.46
PE imports
GetLastError
EnterCriticalSection
FreeLibrary
ExitProcess
VirtualProtect
LoadLibraryA
DeleteCriticalSection
OpenProcess
GetCommandLineA
GetProcAddress
GetModuleHandleA
FindFirstFileA
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
FindNextFileA
SetHandleInformation
TerminateProcess
InitializeCriticalSection
VirtualQuery
FindClose
TlsGetValue
Sleep
FormatMessageA
LeaveCriticalSection
wctype
wcrtomb
btowc
mbrtowc
mbrlen
__WSAFDIsSet
getaddrinfo
WSASocketA
getsockopt
setsockopt
bind
accept
WSAStartup
select
freeaddrinfo
connect
shutdown
recvfrom
closesocket
WSAGetLastError
listen
__p__fmode
__p__environ
wctomb
fclose
strtoul
_fstat
_pclose
fflush
isxdigit
strtol
fputc
fwrite
mktime
realloc
exit
_spawnvp
_setjmp
_tzname
iswctype
wcscoll
ceil
_isatty
memcpy
strstr
ctime
memmove
signal
fmod
strcmp
memchr
strncmp
_stricoll
memset
strcat
_stricmp
atexit
_setmode
_chmod
strchr
_getpid
_strlwr
strrchr
mbstowcs
gmtime
free
__getmainargs
_stat
cos
_read
strcpy
_fpreset
__mb_cur_max
islower
isupper
strftime
_iob
toupper
_cwait
_putenv
setlocale
pow
_pipe
_open_osfhandle
isprint
_lseek
_dup
_assert
fopen
strncpy
_cexit
log
isalnum
qsort
_tzset
_open
_onexit
wcslen
isalpha
memcmp
_isctype
_pctype
getenv
vfprintf
_popen
localeconv
strerror
isspace
_strnicmp
localtime
malloc
sscanf
_spawnl
fgets
abort
isdigit
_close
towupper
ispunct
strlen
_fdopen
_errno
sqrt
_get_osfhandle
_strdup
towlower
sin
longjmp
tolower
_fullpath
_dup2
isgraph
calloc
setbuf
wcstombs
floor
iscntrl
atan2
exp
time
_flsbuf
__set_app_type
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:05:01 14:31:04+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
452096

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
590336

SubsystemVersion
4.0

EntryPoint
0x12e0

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
14336

File identification
MD5 ee536b4453839b80774f7cdd38a7f821
SHA1 3550662cc213492aa7e56149b16ff1ec6a8b27dd
SHA256 793aa70288fdd4911ecd5a76ecb76bb1b9cac375663d6b4c2175747391904409
ssdeep
12288:wtZlDp4TKCxnWywTLaMpWxR4vvncZ0aS09+Z2RWh/q:wt/Dp4T1xnTwTLaMpWxcvncZ0uE2RWhC

authentihash 45e71643381ddda968c3c9b303d678e024e39dbcc5f74baf7d9dc99e0d76ac11
imphash aba091d801728591db315919a5471acf
File size 648.3 KB ( 663838 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID InstallShield setup (47.1%)
Win32 Executable MS Visual C++ (generic) (34.1%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-06-15 05:59:49 UTC ( 1 year, 5 months ago )
Last submission 2018-05-06 11:48:45 UTC ( 6 months, 2 weeks ago )
File names gawk.exe
gawk.exe
793AA70288FDD4911ECD5A76ECB76BB1B9CAC375663D6B4C2175747391904409
gawk.exe
gawk.exe
gawk.exe
gawk.exe
gawk.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.