× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 82e0b9d053201efef1c84e8d2f2e00ee594b96df1c191369ed82d12be5dd7ba9
File name: b9d053201efef1c84e8d2f2e00ee594b96df1c191369ed82d12be5dd7ba9.bin
Detection ratio: 28 / 55
Analysis date: 2016-08-22 16:35:06 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.298142 20160822
AhnLab-V3 Spyware/Win32.Zbot.N2084407101 20160822
ALYac Gen:Variant.Graftor.298142 20160822
Arcabit Trojan.Graftor.D48C9E 20160822
AVG Generic_r.MNZ 20160822
Avira (no cloud) TR/ATRAPS.midx 20160822
AVware Trojan.Win32.Injector.cdgy (v) 20160822
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160820
BitDefender Gen:Variant.Graftor.298142 20160822
Cyren W32/Trojan.HSNH-7108 20160822
DrWeb Trojan.PWS.Panda.2401 20160822
Emsisoft Gen:Variant.Graftor.298142 (B) 20160822
ESET-NOD32 a variant of Win32/Injector.DEAJ 20160822
F-Secure Gen:Variant.Graftor.298142 20160822
GData Gen:Variant.Graftor.298142 20160822
Ikarus Trojan.Win32.Injector 20160822
Jiangmin Backdoor.Androm.jzz 20160822
K7AntiVirus Trojan ( 004f69fd1 ) 20160822
K7GW Trojan ( 004f69fd1 ) 20160822
Kaspersky Trojan-Spy.Win32.Zbot.wzrk 20160822
Malwarebytes Backdoor.Agent.QAZ 20160822
McAfee RDN/Generic.bfr 20160822
McAfee-GW-Edition BehavesLike.Win32.Expiro.dc 20160822
eScan Gen:Variant.Graftor.298142 20160822
NANO-Antivirus Trojan.Win32.ATRAPS.efoche 20160822
Panda Trj/CI.A 20160822
Sophos AV Mal/Generic-S 20160822
VIPRE Trojan.Win32.Injector.cdgy (v) 20160822
AegisLab 20160822
Alibaba 20160822
Antiy-AVL 20160822
Avast 20160822
Bkav 20160822
CAT-QuickHeal 20160822
ClamAV 20160822
CMC 20160822
Comodo 20160822
F-Prot 20160822
Fortinet 20160822
Kingsoft 20160822
Microsoft 20160822
nProtect 20160822
Qihoo-360 20160822
Rising 20160822
SUPERAntiSpyware 20160822
Symantec 20160822
Tencent 20160822
TheHacker 20160821
TotalDefense 20160822
TrendMicro 20160822
TrendMicro-HouseCall 20160822
VBA32 20160822
ViRobot 20160822
Yandex 20160821
Zillya 20160820
Zoner 20160822
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2007

Product jishiben1
Original name jishiben1.EXE
Internal name jishiben1
File version 1, 0, 0, 1
Description jishiben
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-06 14:35:20
Entry Point 0x00003406
Number of sections 8
PE sections
Overlays
MD5 620f0b67a91f7f74151bc5be745b7110
File type ASCII text
Offset 294912
Size 4096
Entropy 0.00
PE imports
GetTextExtentExPointA
CreateFileMappingW
LocalFree
CompareStringW
GetStartupInfoW
CreateProcessA
CreateThread
SetCommBreak
GetStringTypeA
CreateFileW
VirtualQuery
CompareStringA
GetSystemTimeAsFileTime
CreateFileA
GetModuleFileNameA
GetModuleHandleW
GetCurrentThread
Ord(3820)
Ord(2438)
Ord(4621)
Ord(5298)
Ord(2980)
Ord(6371)
Ord(5237)
Ord(4073)
Ord(6048)
Ord(2362)
Ord(5257)
Ord(3733)
Ord(755)
Ord(5727)
Ord(3744)
Ord(4616)
Ord(6370)
Ord(815)
Ord(3257)
Ord(2546)
Ord(641)
Ord(4155)
Ord(3917)
Ord(2506)
Ord(2388)
Ord(3076)
Ord(3142)
Ord(5285)
Ord(6330)
Ord(4667)
Ord(825)
Ord(5710)
Ord(5276)
Ord(4401)
Ord(540)
Ord(2858)
Ord(5273)
Ord(1767)
Ord(2371)
Ord(4480)
Ord(4229)
Ord(823)
Ord(2047)
Ord(2504)
Ord(800)
Ord(5157)
Ord(1569)
Ord(470)
Ord(5261)
Ord(2859)
Ord(2613)
Ord(3592)
Ord(4269)
Ord(2977)
Ord(2116)
Ord(4418)
Ord(4831)
Ord(4992)
Ord(4459)
Ord(2377)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(2640)
Ord(1089)
Ord(3254)
Ord(1165)
Ord(3341)
Ord(4692)
Ord(2971)
Ord(4347)
Ord(324)
Ord(5296)
Ord(4704)
Ord(3793)
Ord(3826)
Ord(5193)
Ord(4847)
Ord(1720)
Ord(4075)
Ord(1131)
Ord(4435)
Ord(5303)
Ord(2717)
Ord(861)
Ord(561)
Ord(1143)
Ord(6372)
Ord(3131)
Ord(5059)
Ord(3074)
Ord(4370)
Ord(860)
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??1_Winit@std@@QAE@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0Init@ios_base@std@@QAE@XZ
?good@ios_base@std@@QBE_NXZ
??0_Winit@std@@QAE@XZ
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??1Init@ios_base@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
_except_handler3
__wgetmainargs
__CxxFrameHandler
__p__fmode
_exit
_adjust_fdiv
__p__commode
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
_initterm
__set_app_type
__setusermatherr
_wcmdln
GetSystemMetrics
GetSystemMenu
GetParent
SendMessageW
EnableWindow
EndDialog
HideCaret
DrawIcon
FindWindowW
GetClientRect
LoadIconW
TrackPopupMenu
PostQuitMessage
IsIconic
SetActiveWindow
AppendMenuW
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 2
RT_DIALOG 1
NMKEFG 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
CHINESE SIMPLIFIED 5
HUNGARIAN DEFAULT 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
5.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Italian

FileFlagsMask
0x003f

CharacterSet
Windows, Cyrillic

InitializedDataSize
262144

EntryPoint
0x3406

OriginalFileName
jishiben1.EXE

MIMEType
application/octet-stream

LegalCopyright
(C) 2007

FileVersion
1, 0, 0, 1

TimeStamp
2016:08:06 15:35:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
jishiben1

ProductVersion
1, 0, 0, 1

FileDescription
jishiben

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
9457664

ProductName
jishiben1

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2de7d98ed09f663938bcda2ddeb481e8
SHA1 04683aa804e87b685d7aaee0216c1204eecf9a29
SHA256 82e0b9d053201efef1c84e8d2f2e00ee594b96df1c191369ed82d12be5dd7ba9
ssdeep
6144:0K77uZVbO7sfP2+vUCdWpFdQedmngL4Mro9xSHSoRIZp:j7oO4fP9vdWpIn94ESzIZ

authentihash b10695a9137eadba09f7ea571320bcde51af84b35e190c0e4e5b65bc37b86e5e
imphash 0dfdf4cf847fd6e841d8ba558db1089c
File size 292.0 KB ( 299008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-08-19 10:53:11 UTC ( 2 years, 7 months ago )
Last submission 2016-08-19 10:53:11 UTC ( 2 years, 7 months ago )
File names jishiben1.EXE
jishiben1
b9d053201efef1c84e8d2f2e00ee594b96df1c191369ed82d12be5dd7ba9.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!