× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7d51dda139ac4be3cee558d4c177e0056fbb04be8ceaadfcb12f8d809565c79c
File name: cfhr.exe
Detection ratio: 5 / 55
Analysis date: 2017-01-24 14:23:31 UTC ( 2 years ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20170124
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20161024
Sophos ML virus.win32.emdup.a 20170111
Kaspersky UDS:DangerousObject.Multi.Generic 20170124
Tencent Win32.Trojan.Inject.Auto 20170124
Ad-Aware 20170124
AegisLab 20170124
AhnLab-V3 20170124
Alibaba 20170122
ALYac 20170124
Antiy-AVL 20170124
Arcabit 20170124
Avast 20170124
AVG 20170124
Avira (no cloud) 20170124
AVware 20170124
BitDefender 20170124
Bkav 20170123
CAT-QuickHeal 20170124
ClamAV 20170124
CMC 20170124
Comodo 20170124
Cyren 20170124
DrWeb 20170124
Emsisoft 20170124
ESET-NOD32 20170124
F-Prot 20170124
F-Secure 20170124
Fortinet 20170124
GData 20170124
Ikarus 20170124
Jiangmin 20170124
K7AntiVirus 20170124
K7GW 20170124
Kingsoft 20170124
Malwarebytes 20170124
McAfee 20170124
McAfee-GW-Edition 20170124
Microsoft 20170124
eScan 20170124
NANO-Antivirus 20170124
nProtect 20170124
Panda 20170123
Qihoo-360 20170124
Rising 20170124
Sophos AV 20170124
SUPERAntiSpyware 20170124
Symantec 20170124
TheHacker 20170123
TrendMicro 20170124
Trustlook 20170124
VBA32 20170124
VIPRE 20170124
ViRobot 20170124
WhiteArmor 20170123
Yandex 20170123
Zillya 20170124
Zoner 20170124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©.

Product PrioritizedComputer
File version 7.1.71.7
Description Grassroots Wtg Latest Miscarriage
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-24 09:36:54
Entry Point 0x0000D232
Number of sections 4
PE sections
PE imports
GetTokenInformation
OpenThreadToken
OpenProcessToken
CryptAcquireContextA
SetNamedSecurityInfoA
DuplicateToken
CryptExportKey
AllocateAndInitializeSid
InitializeSecurityDescriptor
CryptAcquireContextW
InitializeAcl
GetLengthSid
CryptGenKey
Ord(412)
InitCommonControlsEx
GetFileTitleA
CreateICA
CreatePen
GetTextMetricsA
CreateRectRgnIndirect
CombineRgn
UpdateColors
GetObjectA
DeleteDC
GetTextExtentPointA
ChoosePixelFormat
BitBlt
CreateBitmapIndirect
RealizePalette
FillRgn
GetStockObject
SelectPalette
SetPixelFormat
CreateCompatibleDC
StretchBlt
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
DeleteObject
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LoadResource
InterlockedDecrement
SetLastError
CopyFileA
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
Process32Next
GetStartupInfoA
Process32First
GetProcAddress
GetProcessHeap
lstrcpyA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetEnvironmentStrings
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
LoadTypeLib
SysFreeString
SysAllocString
RasSetCustomAuthDataW
RasSetAutodialParamW
SHGetSpecialFolderLocation
ReleaseDC
BeginPaint
DestroyMenu
DefWindowProcA
GetIconInfo
RemoveMenu
SendDlgItemMessageA
GetWindowRect
GetTabbedTextExtentA
EndPaint
DrawIcon
MessageBoxA
SetScrollInfo
InsertMenuItemA
GetCursorPos
CreatePopupMenu
LoadMenuA
SetWindowTextA
DestroyIcon
GetSubMenu
SendMessageA
GetClientRect
GetDlgItem
ScreenToClient
SetRect
TrackPopupMenuEx
GetWindowLongA
LoadCursorA
LoadIconA
FillRect
GetSysColorBrush
LoadImageA
GetDC
CloseThemeData
WinHttpGetIEProxyConfigForCurrentUser
GetPrinterA
EnumJobsA
GetPrinterDriverDirectoryA
CoInitializeEx
CoTaskMemFree
CoInitialize
ProgIDFromCLSID
CoCreateInstance
StgOpenStorage
CLSIDFromString
Number of PE resources by type
RT_ICON 5
RCDATA 5
MAD 3
Struct(240) 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
PE resources
ExifTool file metadata
LegalTrademarks
Copyright .

SubsystemVersion
5.0

InitializedDataSize
187392

ImageVersion
0.0

ProductName
PrioritizedComputer

FileVersionNumber
7.1.71.7

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7.1.71.7

TimeStamp
2017:01:24 10:36:54+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
7.1.71.7

FileDescription
Grassroots Wtg Latest Miscarriage

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright .

MachineType
Intel 386 or later, and compatibles

CompanyName
InterGIS, Inc.

CodeSize
112128

FileSubtype
0

ProductVersionNumber
7.1.71.7

EntryPoint
0xd232

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 726d7952e41a04e5b6fa371b144df55f
SHA1 dd9b62a20b14384dba893c36bfd38caa7fb366bd
SHA256 7d51dda139ac4be3cee558d4c177e0056fbb04be8ceaadfcb12f8d809565c79c
ssdeep
6144:DHZIqVHWhNUOTapL47Ix5tyItslo4ZpMBHwxp:DHZImWhNZatmIx5jqlT

authentihash 0b0b35e39a397ee83125c00bdf667c88780c53871c1ed2c39338b5e2aeea4389
imphash e13d34328ff4d0b0a48cd206e584e4c1
File size 293.5 KB ( 300544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2017-01-24 12:25:02 UTC ( 2 years ago )
Last submission 2017-08-19 01:45:35 UTC ( 1 year, 6 months ago )
File names cfhr[1].exe
aa
4n5Zy.msi
cfhr.exe_
726d7952e41a04e5b6fa371b144df55f.exe
cfhr.exe
VirusShare_726d7952e41a04e5b6fa371b144df55f
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs