× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8c306d794e0eb33e24e252f51aa19964c0f5a04cac742396f4b570a2c7b48ca9
File name: jDFXfL.exe
Detection ratio: 6 / 56
Analysis date: 2016-03-30 08:13:07 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Gen 20160330
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20160330
Cyren W32/Zbot.QB.gen!Eldorado 20160330
F-Prot W32/Zbot.QB.gen!Eldorado 20160330
McAfee-GW-Edition BehavesLike.Win32.Multiplug.cc 20160329
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20160330
Ad-Aware 20160330
AhnLab-V3 20160329
Alibaba 20160323
ALYac 20160330
Antiy-AVL 20160330
Arcabit 20160330
Avast 20160330
AVG 20160330
Avira (no cloud) 20160330
AVware 20160330
Baidu-International 20160329
BitDefender 20160330
Bkav 20160329
CAT-QuickHeal 20160330
ClamAV 20160330
CMC 20160322
Comodo 20160330
DrWeb 20160330
Emsisoft 20160330
ESET-NOD32 20160330
F-Secure 20160330
Fortinet 20160330
GData 20160330
Ikarus 20160330
Jiangmin 20160330
K7AntiVirus 20160329
K7GW 20160330
Kaspersky 20160330
Kingsoft 20160330
Malwarebytes 20160330
McAfee 20160330
Microsoft 20160330
eScan 20160330
NANO-Antivirus 20160330
nProtect 20160329
Panda 20160329
Rising 20160330
Sophos AV 20160330
SUPERAntiSpyware 20160330
Symantec 20160330
Tencent 20160330
TheHacker 20160328
TrendMicro 20160330
TrendMicro-HouseCall 20160330
VBA32 20160329
VIPRE 20160330
ViRobot 20160330
Yandex 20160316
Zillya 20160329
Zoner 20160330
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-29 23:50:00
Entry Point 0x00005189
Number of sections 4
PE sections
Overlays
MD5 c88ed200230331c1a9e5914b1310537d
File type data
Offset 73728
Size 124159
Entropy 7.99
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
CreateMailslotA
GetModuleFileNameA
RtlUnwind
GetACP
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
BackupWrite
GetCommandLineA
GetProcAddress
HeapSize
ExitProcess
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
ExitThread
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:03:30 00:50:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
51200

LinkerVersion
10.0

EntryPoint
0x5189

InitializedDataSize
25600

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 df0198d5368df1cd600292fcc77cd45e
SHA1 544478b0a0966634958c72f6ad5292626a95d8bd
SHA256 8c306d794e0eb33e24e252f51aa19964c0f5a04cac742396f4b570a2c7b48ca9
ssdeep
3072:B2tfsbnUv6dbxJJorkUn45AX536f/MMDFmOuSZsTvX1atUdupc8a2n:B6sbUvsNyn4tfEimTvUUspza2n

authentihash 3c58748bf84a28e48c4d435b490dc784ccef9e6c79df40b71eb55ee2f11b90c3
imphash ba03760e3cd10f5b616c332fad1ddd74
File size 193.2 KB ( 197887 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-03-30 08:08:42 UTC ( 1 year, 7 months ago )
Last submission 2017-08-20 23:55:31 UTC ( 3 months ago )
File names puBQOV.exe
PfuHDV.exe
zfn1lg.exe
jipQRc.exe
1 (1).exe
0gYNi4.exe
aywZi0.exe
Vm8dR_.exe
VPNQ4Z.exe
qJ_8o5.exe
8xA1hd.exe
proof.exe
2DBkaE.exe
9zidca.exe
EUTMGA.exe
rEwLAY.exe
y4RO58.exe
mBb4nf.exe
zFN1Lg.exe
BLK4U6.exe
4xUI1j.exe
EMchkl.exe
zFWvTM.exe
FkoQPd.exe
jDFXfL.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs