× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 86323543730fc67432854d6ff4eceaa6b0a8096befbce37fa6062d9e4450d4ff
File name: gplc.exe
Detection ratio: 0 / 46
Analysis date: 2013-03-06 01:49:36 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
Yandex 20130305
AhnLab-V3 20130305
AntiVir 20130305
Antiy-AVL 20130305
Avast 20130306
AVG 20130305
BitDefender 20130306
ByteHero 20130304
CAT-QuickHeal 20130305
ClamAV 20130306
Commtouch 20130306
Comodo 20130306
DrWeb 20130306
Emsisoft 20130306
eSafe 20130211
ESET-NOD32 20130306
F-Prot 20130306
F-Secure 20130306
Fortinet 20130306
GData 20130306
Ikarus 20130306
Jiangmin 20130304
K7AntiVirus 20130305
Kaspersky 20130305
Kingsoft 20130304
Malwarebytes 20130306
McAfee 20130306
McAfee-GW-Edition 20130306
Microsoft 20130306
eScan 20130306
NANO-Antivirus 20130306
Norman 20130305
nProtect 20130305
Panda 20130305
PCTools 20130306
Rising 20130305
Sophos AV 20130306
SUPERAntiSpyware 20130306
Symantec 20130305
TheHacker 20130305
TotalDefense 20130305
TrendMicro 20130306
TrendMicro-HouseCall 20130306
VBA32 20130305
VIPRE 20130306
ViRobot 20130306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Packers identified
F-PROT appended, embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-10 16:35:34
Entry Point 0x000013F8
Number of sections 12
PE sections
Overlays
MD5 0c1ad37e7a50f60e2ae227bcf7b8552f
File type data
Offset 102400
Size 35780
Entropy 4.15
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
GetLastError
GetStdHandle
EnterCriticalSection
GetSystemInfo
LoadLibraryW
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetVersionExA
CreatePipe
GetCurrentProcess
GetCurrentProcessId
OpenProcess
UnhandledExceptionFilter
GetProcAddress
lstrcmpiA
GetModuleHandleA
DeleteCriticalSection
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
TerminateProcess
CreateProcessA
InitializeCriticalSection
VirtualQuery
SearchPathA
TlsGetValue
Sleep
GetCurrentThreadId
LeaveCriticalSection
strncmp
__lconv_init
malloc
_access
realloc
fclose
strcat
__dllonexit
_open_osfhandle
isprint
_tempnam
fprintf
_cexit
fgets
fopen
_fmode
_amsg_exit
fputc
strtol
isalnum
_errno
feof
strtoul
_lock
_onexit
__initenv
fputs
isalpha
exit
sprintf
_unlink
__setusermatherr
isspace
_strdup
_mktemp
_acmdln
_fdopen
_unlock
strrchr
free
getenv
vfprintf
__getmainargs
calloc
setbuf
_stricmp
_spawnvp
perror
signal
strchr
strcmp
strstr
abort
strcpy
islower
_initterm
__set_app_type
isxdigit
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:10:10 17:35:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
25600

LinkerVersion
2.22

EntryPoint
0x13f8

InitializedDataSize
95744

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
57344

File identification
MD5 732fce7dd66f1c2f281369f2c3e2df5a
SHA1 91addca293e777ac028af156d9d53ccbfb06038d
SHA256 86323543730fc67432854d6ff4eceaa6b0a8096befbce37fa6062d9e4450d4ff
ssdeep
1536:zMMu8NDPCUUzgAmtjfOWn/HXlSk7bUMF7WEv8lDpG:z68N5/HUNY

authentihash aa6fa81fa623a7af59889a62d623c4db199e8f6abb05ed8e1d8727cd0f3181de
imphash 20e617b9a2fc49afda999faa3f1adf23
File size 134.9 KB ( 138180 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-03-06 01:49:36 UTC ( 4 years, 7 months ago )
Last submission 2016-03-10 15:43:58 UTC ( 1 year, 7 months ago )
File names gplc.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.