× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8c4586a133d6631144a0ea720f1bab03c78b2ac677e90a46af14aac0194b92c3
File name: 87i4g3d2d2.exe
Detection ratio: 4 / 52
Analysis date: 2015-11-20 12:56:30 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Cyren W32/Agent.XL.gen!Eldorado 20151120
F-Prot W32/Agent.XL.gen!Eldorado 20151120
Kaspersky UDS:DangerousObject.Multi.Generic 20151120
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20151120
AegisLab 20151120
Yandex 20151118
AhnLab-V3 20151119
Alibaba 20151120
ALYac 20151120
Antiy-AVL 20151120
Arcabit 20151120
Avast 20151120
AVG 20151120
Avira (no cloud) 20151120
AVware 20151120
Baidu-International 20151120
BitDefender 20151120
ByteHero 20151120
CAT-QuickHeal 20151119
ClamAV 20151120
CMC 20151118
Comodo 20151120
DrWeb 20151120
Emsisoft 20151120
ESET-NOD32 20151120
F-Secure 20151120
Fortinet 20151120
GData 20151120
Ikarus 20151120
Jiangmin 20151119
K7AntiVirus 20151120
K7GW 20151120
Malwarebytes 20151120
McAfee 20151120
McAfee-GW-Edition 20151120
Microsoft 20151120
eScan 20151120
NANO-Antivirus 20151120
nProtect 20151120
Panda 20151119
Rising 20151117
Sophos AV 20151120
Symantec 20151119
Tencent 20151120
TheHacker 20151119
TrendMicro 20151120
TrendMicro-HouseCall 20151120
VBA32 20151119
VIPRE 20151120
ViRobot 20151120
Zillya 20151119
Zoner 20151120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Malwarebytes Corporation

Product Malwarebytes Anti-Rootkit
Original name mbar.exe
Internal name mbar.exe
File version 1.09.1.1004
Description Malwarebytes Anti-Rootkit
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-20 11:53:33
Entry Point 0x0001F232
Number of sections 5
PE sections
PE imports
DeleteEnhMetaFile
SetBitmapBits
GetPaletteEntries
LPtoDP
UpdateColors
GetGlyphOutlineA
GetDeviceGammaRamp
SetWindowExtEx
TranslateCharsetInfo
GetMetaFileBitsEx
SetMapperFlags
GetEnhMetaFileDescriptionA
GdiSetBatchLimit
GetICMProfileW
CreateHatchBrush
GetColorSpace
EnumObjects
RectVisible
PlayEnhMetaFile
StrokePath
GetGraphicsMode
StrokeAndFillPath
CreateRectRgn
ArcTo
GetNearestPaletteIndex
SetDIBColorTable
GetGlyphIndicesW
DPtoLP
GetCharWidth32A
SetViewportExtEx
SetRectRgn
GetTextCharset
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
ReadFileScatter
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
ResumeThread
InitializeCriticalSection
LoadResource
InterlockedDecrement
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
DebugSetProcessKillOnExit
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
ConvertThreadToFiber
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
GetCurrentThreadId
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
FindVolumeClose
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetCommMask
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
GetProcAddress
CompareStringW
GetFileSizeEx
GetFileInformationByHandle
CompareStringA
GlobalLock
CreateEventW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
HeapCreate
GlobalFree
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
WinExec
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetACP
GetModuleHandleW
FreeResource
SizeofResource
GetProcessHandleCount
WideCharToMultiByte
IsValidCodePage
ResetWriteWatch
FindResourceW
VirtualFree
Sleep
VirtualAlloc
ResetEvent
SHGetFolderPathW
DragQueryFileW
DragAcceptFiles
ShellExecuteW
ExtractIconExW
CommandLineToArgvW
RedrawWindow
GetMessagePos
SetWindowRgn
UnregisterHotKey
LoadBitmapW
DestroyMenu
DrawStateW
IsWindow
GrayStringW
EndPaint
SendMessageW
SetActiveWindow
DispatchMessageW
GetAsyncKeyState
ReleaseDC
GetDlgCtrlID
DefFrameProcW
UnregisterClassW
GetClassInfoW
DefWindowProcW
DrawTextW
IsClipboardFormatAvailable
LoadImageW
TrackPopupMenu
GetActiveWindow
RegisterHotKey
MapVirtualKeyExW
CopyAcceleratorTableW
GetWindowTextLengthW
LoadAcceleratorsW
MapVirtualKeyExA
CopyImage
GetUserObjectInformationW
GetParent
UpdateWindow
GetMenuState
CreateCaret
GetWindowTextW
GetDesktopWindow
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
ScrollDC
TranslateMessage
GetWindow
DestroyCaret
SetMenuDefaultItem
SystemParametersInfoA
GetWindowPlacement
CloseWindow
DrawMenuBar
IsCharLowerW
IsIconic
InvertRect
DrawFocusRect
SetTimer
GetKeyboardLayout
FillRect
CreateAcceleratorTableW
DeferWindowPos
GetDialogBaseUnits
TabbedTextOutW
IsChild
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
DrawAnimatedRects
BeginPaint
DefMDIChildProcW
DrawIcon
KillTimer
ToAsciiEx
ArrangeIconicWindows
ToUnicodeEx
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
ReleaseCapture
EnumChildWindows
PostMessageW
CreatePopupMenu
ShowCaret
GetSubMenu
GetClassLongW
DrawIconEx
CreateMenu
ClientToScreen
GetKeyboardState
PostThreadMessageW
GetMenuItemCount
DestroyAcceleratorTable
ValidateRect
LoadCursorW
LoadIconW
ReuseDDElParam
GetMenuItemID
InsertMenuW
SetForegroundWindow
GetMenuStringW
GetCursorPos
DrawTextExW
GetScrollInfo
LoadMenuA
HideCaret
CopyRect
ScreenToClient
MessageBeep
LoadMenuW
RemoveMenu
MessageBoxW
GetMenu
GetKBCodePage
SetRectEmpty
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
SetScrollInfo
GetKeyState
GetWindowRgn
GetDoubleClickTime
DestroyIcon
SubtractRect
UnpackDDElParam
SystemParametersInfoW
MonitorFromWindow
DeleteMenu
InvalidateRect
CallWindowProcW
GetClientRect
EnableMenuItem
IsRectEmpty
GetFocus
TranslateAcceleratorW
GetFileVersionInfoSizeA
HttpQueryInfoW
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
CoRegisterMessageFilter
CoRevokeClassObject
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
PNG 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.9.1.1004

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Malwarebytes Anti-Rootkit

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
138752

PrivateBuild
August 8, 2013

EntryPoint
0x1f232

OriginalFileName
mbar.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Malwarebytes Corporation

FileVersion
1.09.1.1004

TimeStamp
2015:11:20 11:53:33+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
mbar.exe

ProductVersion
1.09.1.1004

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Malwarebytes Corp.

CodeSize
154112

ProductName
Malwarebytes Anti-Rootkit

ProductVersionNumber
1.9.1.1004

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ee5be0095669fb4456d2643359a174be
SHA1 f60b879bedac8a1381da314c6feaf5c750bd21d3
SHA256 8c4586a133d6631144a0ea720f1bab03c78b2ac677e90a46af14aac0194b92c3
ssdeep
6144:fP3RkvM87QLarDVSU4uEr8xgkCbq+DWe3fj5UjZu2Wp:HGvMKV+r8sq+fNUXWp

authentihash 1c733472aa2cc4555b9ff2037a5ff106bec3dbdd485ec5c84d3b478f0cb2c72c
imphash aa69a063a864838aff69dcaddd3685c3
File size 287.0 KB ( 293888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-11-20 12:08:17 UTC ( 3 years, 6 months ago )
Last submission 2019-03-27 16:45:53 UTC ( 1 month, 4 weeks ago )
File names mbar.exe
enviei o macro já.exe
trume1.exe
87i4g3d2d2(1).exe
ee5be0095669fb4456d2643359a174be
87i4g3d2d2_2.exe
87i4g3d2d2[1].exe.3652.dr
a.exe
joshig - trume1.exe
87i4g3d2d2-2.exe
87i4g3d2d2[1].exe.3828.dr
d2.exe
366992098618-9-4_1.87i4g3d2d2.exe
ee5be0095669fb4456d2643359a174be.exe
87i4g3d2d2.exe
mbar.exe
VirusShare_ee5be0095669fb4456d2643359a174be
87i4g3d2d2.exe
87i4g3d2d2[1].exe.2584.dr
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections