× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8497c88c615862076f96e3689a334eb451ddd08457d16d6b9008bb6fcf260610
File name: phix.0.7.9.setup.exe
Detection ratio: 0 / 65
Analysis date: 2018-04-15 13:43:58 UTC ( 6 days, 3 hours ago )
Antivirus Result Update
Ad-Aware 20180415
AegisLab 20180415
AhnLab-V3 20180415
Alibaba 20180413
ALYac 20180415
Antiy-AVL 20180415
Arcabit 20180415
Avast 20180415
Avast-Mobile 20180415
AVG 20180415
Avira (no cloud) 20180415
AVware 20180415
Baidu 20180413
BitDefender 20180415
Bkav 20180410
CAT-QuickHeal 20180415
ClamAV 20180415
CMC 20180415
Comodo 20180415
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180415
Cyren 20180415
DrWeb 20180415
eGambit 20180415
Emsisoft 20180415
Endgame 20180403
ESET-NOD32 20180415
F-Prot 20180415
F-Secure 20180415
Fortinet 20180415
GData 20180415
Sophos ML 20180121
Jiangmin 20180415
K7AntiVirus 20180415
K7GW 20180415
Kaspersky 20180415
Kingsoft 20180415
Malwarebytes 20180415
MAX 20180415
McAfee 20180415
McAfee-GW-Edition 20180414
Microsoft 20180415
eScan 20180415
NANO-Antivirus 20180415
nProtect 20180415
Palo Alto Networks (Known Signatures) 20180415
Panda 20180415
Qihoo-360 20180415
Rising 20180415
SentinelOne (Static ML) 20180225
Sophos AV 20180415
SUPERAntiSpyware 20180415
Symantec 20180414
Symantec Mobile Insight 20180412
Tencent 20180415
TheHacker 20180410
TrendMicro 20180415
TrendMicro-HouseCall 20180415
Trustlook 20180415
VBA32 20180414
VIPRE 20180415
ViRobot 20180415
Webroot 20180415
WhiteArmor 20180408
Yandex 20180414
Zillya 20180413
ZoneAlarm by Check Point 20180415
Zoner 20180414
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX, ZIP, maxorder, appended, UTF-8, Unicode
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-03-20 06:35:57
Entry Point 0x00019200
Number of sections 3
PE sections
Overlays
MD5 e4a362066274e9011a5fb975b4647296
File type data
Offset 26112
Size 19211870
Entropy 7.99
PE imports
RegCloseKey
SetROP2
LoadLibraryA
ExitProcess
GetProcAddress
ShellExecuteA
CoInitialize
Number of PE resources by type
RT_DIALOG 5
RT_BITMAP 2
RT_GROUP_CURSOR 1
RT_ICON 1
RT_MENU 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2001:03:20 07:35:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
6.0

EntryPoint
0x19200

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
77824

File identification
MD5 eede520f4ab5a2cadbe19bc3350f94d6
SHA1 e8a92497424a5deee1fdce4e172cd6f6237dd83c
SHA256 8497c88c615862076f96e3689a334eb451ddd08457d16d6b9008bb6fcf260610
ssdeep
393216:wXjw3B9m0HbkeIh+L1rissSTJqxZHdZe3keS38DFWNnskuBKJ1:wzwz1HbVIhssStqxZ9ebk0A9xusJ1

authentihash ae3642eaa8f840fcf9b0f5de999f113871aaa95f35f224a8acfc3f494d42375f
imphash 4b8ea275b01195301d047f45b8ba14d3
File size 18.3 MB ( 19237982 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (24.7%)
UPX compressed Win32 Executable (24.2%)
Win32 EXE Yoda's Crypter (23.8%)
Windows screen saver (11.7%)
Win32 Dynamic Link Library (generic) (5.9%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2018-04-15 13:43:58 UTC ( 6 days, 3 hours ago )
Last submission 2018-04-15 13:43:58 UTC ( 6 days, 3 hours ago )
File names phix.0.7.9.setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!