× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 859a2768b23255c670039debcded01927c1e02290be41e393b42870bdbc93eb2
File name: ganjaman.jpg
Detection ratio: 7 / 56
Analysis date: 2016-10-27 14:20:41 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Gen.lNNz 20161027
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161027
Bkav HW32.Packed.B854 20161027
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Sophos ML trojan.win32.sirefef.p 20161018
Kaspersky UDS:DangerousObject.Multi.Generic 20161027
Symantec Heur.AdvML.B 20161027
Ad-Aware 20161027
AhnLab-V3 20161027
Alibaba 20161027
ALYac 20161027
Antiy-AVL 20161027
Arcabit 20161027
Avast 20161027
AVG 20161027
Avira (no cloud) 20161027
AVware 20161027
BitDefender 20161027
CAT-QuickHeal 20161027
ClamAV 20161027
CMC 20161027
Comodo 20161027
Cyren 20161027
DrWeb 20161027
Emsisoft 20161027
ESET-NOD32 20161027
F-Prot 20161027
F-Secure 20161024
Fortinet 20161027
GData 20161027
Ikarus 20161027
Jiangmin 20161027
K7AntiVirus 20161025
K7GW 20161027
Kingsoft 20161027
Malwarebytes 20161027
McAfee 20161027
McAfee-GW-Edition 20161027
Microsoft 20161027
eScan 20161027
NANO-Antivirus 20161027
nProtect 20161027
Panda 20161027
Qihoo-360 20161027
Rising 20161027
Sophos AV 20161027
SUPERAntiSpyware 20161027
Tencent 20161027
TheHacker 20161025
TrendMicro 20161027
TrendMicro-HouseCall 20161027
VBA32 20161027
VIPRE 20161027
ViRobot 20161027
Yandex 20161026
Zillya 20161027
Zoner 20161027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name winipsec.dll
Internal name winipsec.dll
File version 6.3.9600.17416 (winblue_r4.141028-1500)
Description Windows IPsec SPD Client DLL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-26 15:35:29
Entry Point 0x0000C750
Number of sections 7
PE sections
PE imports
SaveDC
GetSystemTime
GetLastError
DosDateTimeToFileTime
LCMapStringW
GetConsoleFontSize
GlobalFree
FreeLibrary
ReadConsoleInputW
LoadLibraryA
SetProcessWorkingSetSize
SetFileShortNameW
LocalAlloc
LoadLibraryExW
GetProcAddress
GetComputerNameW
GetTempPathA
RaiseException
SetCriticalSectionSpinCount
LocalFlags
InterlockedExchange
PulseEvent
QueryInformationJobObject
GlobalLock
GetOEMCP
DnsHostnameToComputerNameW
SetCurrentDirectoryW
Sleep
GetStringTypeExA
LocalUnlock
AddRefActCtx
MprAdminMIBEntryCreate
MprAdminMIBEntrySet
VarR4FromDec
DragQueryFileA
vprintf
realloc
fseek
wcstok
exit
vfwprintf
rewind
strftime
strncat
_chkstk
memset
isalpha
ispunct
vsprintf
isspace
CompareSecurityIds
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
0

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.3.9600.17415

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows IPsec SPD Client DLL

CharacterSet
Unicode

LinkerVersion
18.1

FileTypeExtension
exe

OriginalFileName
winipsec.dll

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
6.3.9600.17416 (winblue_r4.141028-1500)

TimeStamp
2016:10:26 16:35:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
winipsec.dll

ProductVersion
6.3.9600.17416

SubsystemVersion
5.0

OSVersion
3.1

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
49152

FileSubtype
0

ProductVersionNumber
6.3.9600.17415

EntryPoint
0xc750

ObjectFileType
Dynamic link library

File identification
MD5 a6103e9cae05732ab0e07b8085f78cd7
SHA1 f151739bad37d2f68fa4069f1381d5fce059ed54
SHA256 859a2768b23255c670039debcded01927c1e02290be41e393b42870bdbc93eb2
ssdeep
3072:izdEgVCXXjs5fDwwWcUd6yLnD7UrP3t2JNw:mdES+Xo5DwNx0z0Ju

authentihash c603c5d7ea1dc2d6e535ba020adddf36f21e186f0302d2ed4012e84c647e2b4a
imphash dfbb4d56933459b1869e96278515fe08
File size 136.4 KB ( 139632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.8%)
Clipper DOS Executable (19.1%)
Generic Win/DOS Executable (19.0%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-27 10:04:27 UTC ( 2 years, 4 months ago )
Last submission 2017-11-16 21:02:25 UTC ( 1 year, 4 months ago )
File names ganja.jpg-27oct16.txt
ganjaman.jpg
ganjaman.exe
ganja.jpg-27oct16.txt
a6103e9cae05732ab0e07b8085f78cd7.jpg
winipsec.dll
859a2768b23255c670039debcded01927c1e02290be41e393b42870bdbc93eb2
ganja.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Runtime DLLs
UDP communications