× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7e74ecfe0f9389fbfd037ae0eedbbfd9502600490977866850f90146eecad549
File name: guide.exe
Detection ratio: 21 / 60
Analysis date: 2017-05-01 19:51:38 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur2.GZ.mGW@ba3otdoG 20170501
Arcabit Trojan.Heur2.GZ.E025DF 20170501
AVG Win32/DH{gVQDNgo?} 20170501
Avira (no cloud) TR/Downloader.Gen 20170501
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9817 20170428
BitDefender Gen:Trojan.Heur2.GZ.mGW@ba3otdoG 20170501
Comodo TrojWare.Win32.TrojanDownloader.Delf.gen 20170501
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
DrWeb WIN.WORM.Virus 20170501
Emsisoft Gen:Trojan.Heur2.GZ.mGW@ba3otdoG (B) 20170501
Endgame malicious (high confidence) 20170419
ESET-NOD32 a variant of Win32/Filecoder.NKY 20170501
F-Secure Gen:Trojan.Heur2.GZ.mGW@ba3otdoG 20170501
GData Gen:Trojan.Heur2.GZ.mGW@ba3otdoG 20170501
Sophos ML worm.win32.rebhip.a 20170413
McAfee-GW-Edition BehavesLike.Win32.Kespo.cc 20170501
eScan Gen:Trojan.Heur2.GZ.mGW@ba3otdoG 20170501
Qihoo-360 HEUR/QVM05.1.DB04.Malware.Gen 20170501
Rising Malware.Generic.5!tfe (thunder:5:2OZEPn9lJsC) 20170501
SentinelOne (Static ML) static engine - malicious 20170330
Symantec ML.Attribute.HighConfidence 20170501
AegisLab 20170501
AhnLab-V3 20170501
Alibaba 20170428
ALYac 20170501
Antiy-AVL 20170501
Avast 20170501
AVware 20170501
CAT-QuickHeal 20170430
ClamAV 20170501
CMC 20170501
Cyren 20170501
F-Prot 20170501
Fortinet 20170501
Ikarus 20170501
Jiangmin 20170428
K7AntiVirus 20170501
K7GW 20170426
Kaspersky 20170501
Kingsoft 20170501
Malwarebytes 20170501
McAfee 20170501
Microsoft 20170501
NANO-Antivirus 20170501
nProtect 20170501
Palo Alto Networks (Known Signatures) 20170501
Panda 20170501
Sophos AV 20170501
SUPERAntiSpyware 20170501
Symantec Mobile Insight 20170428
Tencent 20170501
TheHacker 20170429
TrendMicro 20170501
TrendMicro-HouseCall 20170501
Trustlook 20170501
VBA32 20170429
VIPRE 20170501
ViRobot 20170501
Webroot 20170501
WhiteArmor 20170409
Yandex 20170428
Zillya 20170428
ZoneAlarm by Check Point 20170501
Zoner 20170501
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00027814
Number of sections 8
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
GetLastError
GetStringTypeExA
GetStdHandle
EnterCriticalSection
FileTimeToDosDateTime
lstrlenA
GetFileAttributesA
GlobalFree
FreeLibrary
QueryPerformanceCounter
CopyFileA
GetTickCount
GetThreadLocale
GetVersionExA
GlobalUnlock
GetModuleFileNameA
GlobalHandle
RtlUnwind
LoadLibraryA
WinExec
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
SizeofResource
GetLocaleInfoA
LocalAlloc
OpenProcess
LockResource
SetFileTime
DeleteFileA
CreateThread
UnhandledExceptionFilter
GetEnvironmentVariableA
GetShortPathNameA
GetCPInfo
GetCommandLineA
GetProcAddress
OpenMutexA
CreateMutexA
SetFilePointer
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
FileTimeToLocalFileTime
GetModuleHandleA
FindFirstFileA
GlobalReAlloc
WriteFile
EnumCalendarInfoA
ReadFile
lstrcpynA
FindNextFileA
GetACP
GlobalLock
GetCurrentThreadId
FreeResource
GlobalAlloc
GetDiskFreeSpaceA
LocalFree
MoveFileA
TerminateProcess
GetLocalTime
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
FindClose
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetVersion
FindResourceA
VirtualAlloc
GetFileSize
LeaveCriticalSection
WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum
SysReAllocStringLen
SysFreeString
ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA
SystemParametersInfoA
GetSystemMetrics
GetLastInputInfo
LoadStringA
CharNextA
CharUpperBuffA
MessageBoxA
GetKeyboardType
CharToOemA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
NEUTRAL SYS DEFAULT 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
158208

LinkerVersion
2.25

EntryPoint
0x27814

InitializedDataSize
41984

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 98c0c4e58a97cf92f9c6992ee65e3f0f
SHA1 12163f6d885ce9c594371b0847054cc648da8442
SHA256 7e74ecfe0f9389fbfd037ae0eedbbfd9502600490977866850f90146eecad549
ssdeep
6144:hGZOapXeYP6OlF546A6WVhyZqY3IlpP6OlF57:hILheErW+25

authentihash 76d2ec3146149e3dc04b449592755a2772eff2f923e2b1194169cd9d16b7f797
imphash 6b16042d2c9d97ac8a75354d149320c2
File size 196.5 KB ( 201216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (42.4%)
Win32 Dynamic Link Library (generic) (19.7%)
Win32 Executable (generic) (13.5%)
Win16/32 Executable Delphi generic (6.2%)
OS/2 Executable (generic) (6.0%)
Tags
bobsoft peexe

VirusTotal metadata
First submission 2017-05-01 19:51:38 UTC ( 1 year, 10 months ago )
Last submission 2017-11-13 04:55:23 UTC ( 1 year, 4 months ago )
File names guide.exe
update.exe
guide.exe
7e74ecfe0f9389fbfd037ae0eedbbfd9502600490977866850f90146eecad549
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Shell commands
Runtime DLLs