× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 89b4212555de4eccb54492792afd772fb047895e9d9e24dbc05a889437ab8858
File name: 89b4212555de4eccb54492792afd772fb047895e9d9e24dbc05a889437ab8858
Detection ratio: 11 / 69
Analysis date: 2018-12-01 11:40:34 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.727079 20180225
Cylance Unsafe 20181201
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GMLY 20181201
Sophos ML heuristic 20181128
Qihoo-360 HEUR/QVM20.1.9241.Malware.Gen 20181201
Rising Malware.Heuristic!ET#93% (RDM+:cmRtazrc1pj/qCbmqGz8YQ3FdNkv) 20181201
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181201
Trapmine malicious.high.ml.score 20181128
Ad-Aware 20181201
AegisLab 20181201
AhnLab-V3 20181201
Alibaba 20180921
ALYac 20181201
Antiy-AVL 20181201
Arcabit 20181201
Avast 20181201
Avast-Mobile 20181201
AVG 20181201
Avira (no cloud) 20181201
Babable 20180918
Baidu 20181130
BitDefender 20181201
Bkav 20181129
CAT-QuickHeal 20181130
ClamAV 20181201
CMC 20181201
Comodo 20181201
Cyren 20181201
DrWeb 20181201
eGambit 20181201
Emsisoft 20181201
F-Prot 20181201
F-Secure 20181201
Fortinet 20181201
GData 20181201
Ikarus 20181201
Jiangmin 20181201
K7AntiVirus 20181201
K7GW 20181201
Kaspersky 20181201
Kingsoft 20181201
Malwarebytes 20181201
MAX 20181201
McAfee 20181201
McAfee-GW-Edition 20181201
Microsoft 20181201
eScan 20181201
NANO-Antivirus 20181201
Palo Alto Networks (Known Signatures) 20181201
Panda 20181201
Sophos AV 20181201
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181201
Tencent 20181201
TheHacker 20181129
TotalDefense 20181201
TrendMicro 20181201
TrendMicro-HouseCall 20181201
Trustlook 20181201
VBA32 20181130
ViRobot 20181130
Webroot 20181201
Yandex 20181130
Zillya 20181130
ZoneAlarm by Check Point 20181201
Zoner 20181201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft Corp. 1990-1996

Product Bidi32
Internal name Bidi32
File version Version 4.0
Description Microsoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-01 11:37:24
Entry Point 0x00002940
Number of sections 4
PE sections
PE imports
AddAuditAccessAceEx
ReportEventA
AuthzInitializeContextFromToken
FrameRgn
SetBrushOrgEx
GdiSetBatchLimit
AnimatePalette
GetTextFaceA
IsDBCSLeadByteEx
GetNamedPipeClientComputerNameA
GetModuleHandleA
GetSystemDirectoryW
Sleep
TlsSetValue
HeapAlloc
AddRefActCtx
MprAdminMIBServerDisconnect
RpcBindingToStringBindingA
RpcServerRegisterIf
RpcBindingSetAuthInfoExA
RpcServerYield
CM_Get_First_Log_Conf
SetupDiOpenDeviceInterfaceW
PathRemoveFileSpecA
DrawAnimatedRects
DefRawInputProc
GetClassLongW
GetMenuItemRect
IsProcessDPIAware
CreateIconFromResource
SetCursorPos
PackDDElParam
GetIconInfo
GetClipboardData
GetFileVersionInfoW
midiInReset
WinVerifyTrustEx
Ord(30)
CoInvalidateRemoteMachineBindings
Number of PE resources by type
RT_STRING 3
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:01 12:37:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x2940

InitializedDataSize
483328

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 adc0db27270792c06d380f49a343614e
SHA1 29bca0851c1dba855cb5d4eef39e847e8519df21
SHA256 89b4212555de4eccb54492792afd772fb047895e9d9e24dbc05a889437ab8858
ssdeep
3072:8CzgTDKsXx+/6AfLQtoXTLSt3tKIKWMhzyvyzOpO7JU0z:8ogTnB+/bcaXTLSdEYvyzdJU0z

authentihash 3bed7ac40cbeac18af83a7a341ce00ef6e0bcf9b1ab143246941ed6e0ec0dc22
imphash acf1084619fda205e16268bb9f1fc01b
File size 488.0 KB ( 499712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-01 11:40:34 UTC ( 5 months, 3 weeks ago )
Last submission 2018-12-01 11:46:13 UTC ( 5 months, 3 weeks ago )
File names HjEnxBwBx4L.exe
Bidi32
20965776.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!