× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7c7edbfeeca54560792fcf201266333a2cfb6d8e7036d97c20b742805bc8a161
File name: output.15810437.txt
Detection ratio: 22 / 68
Analysis date: 2018-06-23 23:43:15 UTC ( 11 months ago ) View latest
Antivirus Result Update
AegisLab Troj.Gen!c 20180622
Antiy-AVL Trojan/Win32.Tgenic 20180623
Avast Win32:Malware-gen 20180623
AVG Win32:Malware-gen 20180623
AVware Trojan.Win32.Generic!BT 20180623
CAT-QuickHeal Trojan.IGENERIC 20180623
Comodo UnclassifiedMalware 20180623
Cylance Unsafe 20180624
Cyren W32/Trojan.GCLV-5950 20180623
ESET-NOD32 a variant of Generik.DUEEIHA 20180624
Fortinet PossibleThreat 20180623
GData Win32.Trojan.Agent.NQ0N8S 20180623
Ikarus Trojan.Generik.DUEEIHA 20180623
Sophos ML heuristic 20180601
MAX malware (ai score=95) 20180624
McAfee Artemis!8A34DCBE76D3 20180624
McAfee-GW-Edition Generic.dx!0074F21004F2 20180623
Panda Generic Malware 20180623
Rising Malware.Undefined!8.C (CLOUD) 20180623
Symantec Trojan.Gen.2 20180623
VIPRE Trojan.Win32.Generic!BT 20180624
Webroot W32.Malware.Heur 20180624
Ad-Aware 20180623
AhnLab-V3 20180623
Alibaba 20180622
ALYac 20180624
Arcabit 20180623
Avast-Mobile 20180623
Avira (no cloud) 20180623
Babable 20180406
Baidu 20180622
BitDefender 20180623
Bkav 20180623
ClamAV 20180623
CMC 20180623
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
DrWeb 20180623
eGambit 20180624
Emsisoft 20180623
Endgame 20180612
F-Prot 20180623
F-Secure 20180622
Jiangmin 20180623
K7AntiVirus 20180623
K7GW 20180623
Kaspersky 20180623
Kingsoft 20180624
Malwarebytes 20180623
Microsoft 20180623
eScan 20180624
NANO-Antivirus 20180624
Palo Alto Networks (Known Signatures) 20180624
Qihoo-360 20180624
SentinelOne (Static ML) 20180618
Sophos AV 20180623
SUPERAntiSpyware 20180623
Symantec Mobile Insight 20180619
TACHYON 20180623
Tencent 20180624
TheHacker 20180622
TotalDefense 20180623
TrendMicro 20180624
TrendMicro-HouseCall 20180624
Trustlook 20180624
VBA32 20180622
ViRobot 20180623
Yandex 20180622
Zillya 20180622
ZoneAlarm by Check Point 20180624
Zoner 20180623
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000824C
Number of sections 8
PE sections
Overlays
MD5 b5f06c111ced87eae546285da6bda5c5
File type data
Offset 50688
Size 461548
Entropy 8.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitCommonControls
GetLastError
GetStdHandle
EnterCriticalSection
GetFileAttributesA
FreeLibrary
ExitProcess
GetThreadLocale
GetVersionExA
GetModuleFileNameA
GetFileSize
RtlUnwind
WinExec
DeleteCriticalSection
GetStartupInfoA
DosDateTimeToFileTime
GetCurrentDirectoryA
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
GetWindowsDirectoryA
UnhandledExceptionFilter
GetShortPathNameA
GetCommandLineA
CloseHandle
SetFilePointer
GetTempPathA
RaiseException
GetModuleHandleA
SetFileTime
ReadFile
WriteFile
FindFirstFileA
GetCurrentThreadId
LocalFree
InitializeCriticalSection
VirtualFree
LocalFileTimeToFileTime
FindClose
TlsGetValue
TlsSetValue
CreateFileA
GetVersion
VirtualAlloc
SetCurrentDirectoryA
LeaveCriticalSection
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SetFocus
EndDialog
ShowWindow
SetClassLongA
SetWindowPos
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
EnumChildWindows
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
IsWindowEnabled
SetWindowTextA
IsWindowVisible
SendMessageA
DialogBoxParamA
GetDlgItem
ScreenToClient
CreateWindowExA
LoadIconA
DefDlgProcA
CharNextA
GetClassNameA
GetKeyboardType
DestroyWindow
Number of PE resources by type
RT_ICON 4
RT_DIALOG 4
RT_RCDATA 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29696

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x824c

InitializedDataSize
19968

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 8a34dcbe76d35c62913966c90a058fdc
SHA1 0e430ccceee914dcad2bdfce79010c6787167cfa
SHA256 7c7edbfeeca54560792fcf201266333a2cfb6d8e7036d97c20b742805bc8a161
ssdeep
12288:w1Lms86Rjk5hDy+TIaBG2D6th0P1RkJvtmK:w1ytJy+TIIG22th0PTkn

authentihash 515d01cd4b7c3b0f88485017f22e68d29ddbc1624fb0b31372892c5b7bbc5b79
imphash 34710e36428d282d01ac403555050408
File size 500.2 KB ( 512236 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 5 (60.7%)
Win32 Executable Borland Delphi 6 (35.3%)
DOS Borland compiled Executable (generic) (1.3%)
Win32 Dynamic Link Library (generic) (0.8%)
Win32 Executable (generic) (0.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2008-10-24 22:23:13 UTC ( 10 years, 6 months ago )
Last submission 2018-12-21 17:29:02 UTC ( 4 months, 4 weeks ago )
File names aa
%21ogif.exe
-ogif.exe
_ogif.exe
!ogif.exe
Cp9b7IQ4YP.jpg
!ogif.exe
!ogif.exe
15810437
output.15810437.txt
2jJzeBe5.tar.gz
8a34dcbe76d35c62913966c90a058fdc
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!