× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7aca25556ef1c3ba67c352d2c4a1e75598ed3971d04d06cf7b0aa3ab6d73ec43
File name: 7aca25556ef1c3ba67c352d2c4a1e75598ed3971d04d06cf7b0aa3ab6d73ec43
Detection ratio: 14 / 71
Analysis date: 2019-01-26 13:14:47 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190124
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cybereason malicious.04e73e 20190109
Cylance Unsafe 20190126
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20190126
Microsoft Trojan:Win32/Fuerboos.A!cl 20190126
Qihoo-360 HEUR/QVM20.1.CE29.Malware.Gen 20190126
Rising Trojan.Emotet!8.B95/N3#91% (RDM+:cmRtazrrEvHeQ/vebEABzyT8hTFn) 20190126
Sophos AV Mal/EncPk-ANY 20190126
Symantec ML.Attribute.HighConfidence 20190125
Trapmine malicious.moderate.ml.score 20190123
VIPRE LooksLike.Win32.Dridex.e (v) 20190126
Ad-Aware 20190126
AegisLab 20190126
AhnLab-V3 20190126
Alibaba 20180921
ALYac 20190126
Antiy-AVL 20190126
Arcabit 20190126
Avast 20190126
Avast-Mobile 20190126
AVG 20190126
Avira (no cloud) 20190126
Babable 20180918
Baidu 20190125
BitDefender 20190126
Bkav 20190125
CAT-QuickHeal 20190126
ClamAV 20190126
CMC 20190126
Comodo 20190126
Cyren 20190126
DrWeb 20190126
eGambit 20190126
Emsisoft 20190126
ESET-NOD32 20190126
F-Prot 20190126
F-Secure 20190126
Fortinet 20190126
GData 20190126
Ikarus 20190126
Jiangmin 20190126
K7AntiVirus 20190126
K7GW 20190126
Kaspersky 20190126
Kingsoft 20190126
Malwarebytes 20190126
MAX 20190126
McAfee 20190126
eScan 20190126
NANO-Antivirus 20190126
Palo Alto Networks (Known Signatures) 20190126
Panda 20190126
SentinelOne (Static ML) 20190124
SUPERAntiSpyware 20190123
TACHYON 20190126
Tencent 20190126
TheHacker 20190125
TotalDefense 20190126
TrendMicro 20190126
TrendMicro-HouseCall 20190126
Trustlook 20190126
VBA32 20190125
ViRobot 20190126
Webroot 20190126
Yandex 20190125
Zillya 20190125
ZoneAlarm by Check Point 20190126
Zoner 20190125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1995 Microsoft Corporation

Product Microsoft Picstore
Original name amstoune.exe
Internal name amstoune
File version 2.2
Description picstore
Comments Built-in compression
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-01-09 08:08:07
Entry Point 0x00002D62
Number of sections 7
PE sections
PE imports
GetCurrentHwProfileW
GetServiceDisplayNameA
IsTokenRestricted
GetTextExtentPoint32W
GetBitmapDimensionEx
PathToRegion
GetClipBox
GetTextAlign
GetFontUnicodeRanges
WriteProfileSectionA
FlushProcessWriteBuffers
GetComputerNameExW
WriteProcessMemory
GetFileAttributesExA
DeactivateActCtx
GetConsoleTitleW
GetCommandLineW
ClearCommBreak
Sleep
GetThreadLocale
GetSystemTimeAsFileTime
lstrcpynA
DeleteAtom
lstrcmpW
GetLocaleInfoW
VirtualAlloc
GetTapePosition
CloseHandle
ExtractAssociatedIconA
GetWindowThreadProcessId
GetTitleBarInfo
DialogBoxParamW
GetFocus
VkKeyScanExA
IsWindowEnabled
FindClosePrinterChangeNotification
DeletePrinterDriverW
SCardLocateCardsW
tolower
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

Comments
Built-in compression

InitializedDataSize
4096

ImageVersion
6.0

ProductName
Microsoft Picstore

FileVersionNumber
2.0.0.2

UninitializedDataSize
102400

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
1.0

FileTypeExtension
exe

OriginalFileName
amstoune.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.2

TimeStamp
2003:01:09 00:08:07-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
amstoune

ProductVersion
2.2

FileDescription
picstore

OSVersion
6.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 1995 Microsoft Corporation

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
16384

FileSubtype
0

ProductVersionNumber
2.0.2.0

EntryPoint
0x2d62

ObjectFileType
Dynamic link library

File identification
MD5 608f8e72246786c3531330ffcbd24fe2
SHA1 4624dcf04e73e2df96a7290c51d6cc173184ecb9
SHA256 7aca25556ef1c3ba67c352d2c4a1e75598ed3971d04d06cf7b0aa3ab6d73ec43
ssdeep
3072:9HJms3Bd143v+G6AknffQum3/tq55/eajSvAys0W:FJms3zO3v56LfQuwq5lb0

authentihash bd4116d1020bdceab78fb1f98f0c8a9feb162c50f9a39cb4ee1651dda5af5647
imphash c799ff58bd1a503153a2fc096b05363c
File size 144.0 KB ( 147456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-26 13:14:47 UTC ( 1 month, 3 weeks ago )
Last submission 2019-01-26 13:14:47 UTC ( 1 month, 3 weeks ago )
File names amstoune
amstoune.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!