× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7b23fee16740c54dffe9bedae6b37f18072331051012e54747675f4e8c5dea75
File name: 56y4g45gh45h.exe
Detection ratio: 7 / 55
Analysis date: 2016-02-19 10:45:53 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
AegisLab W32.W.Palevo 20160219
Avira (no cloud) TR/ATRAPS.Gen 20160219
Kaspersky UDS:DangerousObject.Multi.Generic 20160219
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.nh 20160219
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20160219
TrendMicro PAK_Generic.001 20160219
TrendMicro-HouseCall PAK_Generic.001 20160219
Ad-Aware 20160219
Yandex 20160217
AhnLab-V3 20160218
Alibaba 20160219
ALYac 20160219
Antiy-AVL 20160219
Arcabit 20160219
Avast 20160219
AVG 20160219
AVware 20160219
Baidu-International 20160219
BitDefender 20160219
Bkav 20160218
ByteHero 20160219
CAT-QuickHeal 20160219
ClamAV 20160219
CMC 20160219
Comodo 20160219
Cyren 20160219
DrWeb 20160219
Emsisoft 20160219
ESET-NOD32 20160219
F-Prot 20160219
F-Secure 20160219
Fortinet 20160218
GData 20160219
Ikarus 20160219
Jiangmin 20160219
K7AntiVirus 20160219
K7GW 20160219
Malwarebytes 20160219
McAfee 20160219
Microsoft 20160219
eScan 20160219
NANO-Antivirus 20160219
nProtect 20160218
Panda 20160218
Rising 20160219
Sophos AV 20160219
SUPERAntiSpyware 20160219
Symantec 20160218
Tencent 20160219
TheHacker 20160217
VBA32 20160218
VIPRE 20160219
ViRobot 20160219
Zillya 20160218
Zoner 20160219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-04-14 05:02:54
Entry Point 0x00001AF5
Number of sections 6
PE sections
Overlays
MD5 c5144054ee1b1b1e23f5ea8ec84f2611
File type ASCII text
Offset 93696
Size 852
Entropy 0.85
PE imports
TerminateProcess
SwitchToThread
CreateThread
GetModuleHandleA
LoadLibraryW
WriteFile
WaitForSingleObject
GetCommandLineW
GetTempPathW
ExitProcess
CreateFileW
DeleteFileW
FlushFileBuffers
LoadLibraryA
lstrcpyA
GetProcAddress
CommandLineToArgvW
GetActiveWindow
EndPagePrinter
StartPagePrinter
StartDocPrinterA
OpenPrinterA
WritePrinter
Ord(201)
EndDocPrinter
ClosePrinter
NtClose
CoInitialize
Number of PE resources by type
Struct(28) 1
Number of PE resources by language
RUSSIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:04:14 06:02:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
88576

SubsystemVersion
5.1

EntryPoint
0x1af5

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 1f00e9b903b6915e684ab75a60cfbc1e
SHA1 af7a75ee6d054a1447f44f3abc099a271651e4b7
SHA256 7b23fee16740c54dffe9bedae6b37f18072331051012e54747675f4e8c5dea75
ssdeep
1536:xcTH+lYUJ6GmlGmTkHnTVCU8Wac3Ne//Y0y6PHvl4NmI264uH9a+NPltNohUe8p6:x0uB6GSGmTgnZ4f/g0y6vv5I2TuH91N+

authentihash 9cdf62608566ae1444969e50b8d07c82c051aa88919a1547d2cb72712d8cf0ed
imphash 1b3d911a03eee509b0be588e6b5aac6b
File size 92.3 KB ( 94548 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-02-19 09:26:51 UTC ( 1 year, 9 months ago )
Last submission 2016-08-09 12:38:31 UTC ( 1 year, 3 months ago )
File names 56Y4G45GH45H
9VD6nQ7a.scr
file_AF7A75EE6D054A1447F44F3ABC099A271651E4B7
7b23fee16740c54dffe9bedae6b37f18072331051012e54747675f4e8c5dea75.exe
7b23fee16740c54dffe9bedae6b37f18072331051012e54747675f4e8c5dea75.exe.000
56y4g45gh45h
lo.exe
XFHIKreQ.scr
8oUQGtc5.scr
56y4g45gh45h.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!