× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8379f3eee44cec9ccbf75c074902abca9791bb78359466370673c13642a6a2aa
File name: 1038471
Detection ratio: 0 / 62
Analysis date: 2018-04-07 04:40:15 UTC ( 10 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20180407
AegisLab 20180406
AhnLab-V3 20180406
Alibaba 20180404
ALYac 20180407
Antiy-AVL 20180407
Arcabit 20180407
Avast 20180407
Avast-Mobile 20180406
AVG 20180407
Avira (no cloud) 20180407
AVware 20180407
Baidu 20180404
BitDefender 20180407
Bkav 20180406
CAT-QuickHeal 20180406
ClamAV 20180407
CMC 20180406
Comodo 20180407
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cylance 20180407
Cyren 20180407
DrWeb 20180407
eGambit 20180407
Emsisoft 20180407
Endgame 20180403
ESET-NOD32 20180406
F-Prot 20180407
F-Secure 20180407
Fortinet 20180407
GData 20180407
Sophos ML 20180121
Jiangmin 20180407
K7AntiVirus 20180404
K7GW 20180407
Kingsoft 20180407
Malwarebytes 20180406
MAX 20180407
McAfee 20180406
McAfee-GW-Edition 20180406
Microsoft 20180406
eScan 20180406
nProtect 20180406
Palo Alto Networks (Known Signatures) 20180407
Panda 20180406
Qihoo-360 20180407
Rising 20180406
SentinelOne (Static ML) 20180225
Sophos AV 20180406
SUPERAntiSpyware 20180406
Symantec 20180406
Symantec Mobile Insight 20180406
Tencent 20180407
TheHacker 20180404
TotalDefense 20180406
TrendMicro 20180406
TrendMicro-HouseCall 20180406
Trustlook 20180407
VBA32 20180406
VIPRE 20180407
ViRobot 20180407
WhiteArmor 20180405
Yandex 20180406
Zillya 20180406
ZoneAlarm by Check Point 20180407
Zoner 20180407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT qp, appended, maxorder, docwrite, NSIS, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-16 07:48:41
Entry Point 0x0000324F
Number of sections 5
PE sections
Overlays
MD5 640734adf10a6e657541c165c7811a25
File type data
Offset 54272
Size 163035421
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
ReadFile
LoadLibraryA
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
GetFullPathNameA
GetModuleHandleA
GetTempPathA
CreateThread
GetFileAttributesA
SetFilePointer
lstrcmpA
FindFirstFileA
WriteFile
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
SetFileAttributesA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
SystemParametersInfoA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
DrawTextA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
SetForegroundWindow
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
ShowWindow
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 7
RT_ICON 4
RT_BITMAP 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:12:16 08:48:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24064

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
120320

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x324f

OSVersion
4.0

ImageVersion
6.0

UninitializedDataSize
1024

File identification
MD5 a02d3975e4d7acc1611d441ea133a0d2
SHA1 67ec4aff02f7ecceabeaee574f5bc5e62942a313
SHA256 8379f3eee44cec9ccbf75c074902abca9791bb78359466370673c13642a6a2aa
ssdeep
3145728:QjTDK6597vJWRiTcH3a7UIy9t6RLEPENNfCLj+B2RkQDeaVbHwXFV8YdriKmZ:Ai4tJWQTY3az1RAMNF6SkRkgtFHUDri5

authentihash 44db46d3a2db352ee8b301c51273b9f3eb21523ad9c65b95bddf82284a87f8fe
imphash ab6770b0a8635b9d92a5838920cfe770
File size 155.5 MB ( 163089693 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2018-04-07 04:40:15 UTC ( 10 months, 2 weeks ago )
Last submission 2018-06-16 13:04:23 UTC ( 8 months, 1 week ago )
File names 1038471
WinGRASS-7.4.0-1-Setup-x86.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!