× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8d155dd7e6c8245a378b58f658037de7880a319e8d91650febbcbc6cf2105230
File name: AutoHotkey.exe
Detection ratio: 5 / 56
Analysis date: 2016-06-23 02:59:18 UTC ( 2 months, 1 week ago )
Antivirus Result Update
CAT-QuickHeal Trojan.Agen.r4 20160622
Jiangmin TrojanDownloader.Murlo.cje 20160623
K7AntiVirus Trojan ( 004973ee1 ) 20160622
K7GW Trojan ( 004973ee1 ) 20160622
VBA32 Trojan.Fsysna 20160621
ALYac 20160623
AVG 20160623
AVware 20160623
Ad-Aware 20160623
AegisLab 20160622
AhnLab-V3 20160622
Alibaba 20160623
Antiy-AVL 20160623
Arcabit 20160623
Avast 20160623
Avira (no cloud) 20160623
Baidu 20160622
Baidu-International 20160614
BitDefender 20160623
Bkav 20160622
CMC 20160620
ClamAV 20160623
Comodo 20160623
Cyren 20160623
DrWeb 20160623
ESET-NOD32 20160622
Emsisoft 20160623
F-Prot 20160623
F-Secure 20160623
Fortinet 20160622
GData 20160623
Ikarus 20160622
Kaspersky 20160623
Kingsoft 20160623
Malwarebytes 20160622
McAfee 20160623
McAfee-GW-Edition 20160623
eScan 20160623
Microsoft 20160622
NANO-Antivirus 20160623
Panda 20160622
Qihoo-360 20160623
SUPERAntiSpyware 20160622
Sophos 20160623
Symantec 20160623
Tencent 20160623
TheHacker 20160621
TotalDefense 20160623
TrendMicro 20160623
TrendMicro-HouseCall 20160623
VIPRE 20160623
ViRobot 20160623
Yandex 20160621
Zillya 20160623
Zoner 20160623
nProtect 20160622
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2012 Steve Gray

Product AutoHotkey_L
File version 1.1.09.04
Description AutoHotkey_L Setup
Packers identified
F-PROT appended, 7Z, Unicode, UTF-8
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-18 18:41:55
Entry Point 0x0000643F
Number of sections 4
PE sections
Overlays
MD5 a8eae83d2382019ef43ad2eebf8cb8c3
File type data
Offset 47104
Size 2576030
Entropy 8.00
PE imports
GetLastError
GetModuleFileNameW
WaitForSingleObject
GetTickCount
GetStartupInfoA
GetCurrentProcessId
SetFileTime
GetCommandLineW
CreateDirectoryW
DeleteFileW
GetModuleHandleA
RemoveDirectoryW
SetFilePointer
FindNextFileW
GetTempPathW
ReadFile
FindFirstFileW
WriteFile
CreateFileW
CreateProcessW
FindClose
SetFileAttributesW
GetCurrentThreadId
CloseHandle
__p__fmode
malloc
memset
strlen
_except_handler3
wcslen
wcscmp
exit
_XcptFilter
memcmp
__setusermatherr
_controlfp
_adjust_fdiv
_acmdln
__p__commode
free
wcscat
__getmainargs
memcpy
memmove
wcscpy
_initterm
_exit
__set_app_type
ShellExecuteExW
MessageBoxA
Number of PE resources by type
RT_ICON 7
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.9.4

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
32768

EntryPoint
0x643f

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.1.09.04

TimeStamp
2010:11:18 19:41:55+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.1.09.04

FileDescription
AutoHotkey_L Setup

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (c) 2012 Steve Gray

MachineType
Intel 386 or later, and compatibles

CodeSize
22016

ProductName
AutoHotkey_L

ProductVersionNumber
1.1.9.4

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 9917f2351bacfcc698082f52e4ce4bfc
SHA1 baf135c988dbd3f19cca92638c1b3e335455d8c5
SHA256 8d155dd7e6c8245a378b58f658037de7880a319e8d91650febbcbc6cf2105230
ssdeep
49152:2p6num0tjZN2RzhovbtYFMlusF7El8bAlHry7ozVbx8rGAFdmruk:2p6wj5uFJsF7ERHrIMKrFdK

authentihash 12b30eeb41929958d64fee09ee8ba6211ffa2b545d90509656332e2b99b10584
imphash fa4d5c869351014d1ce952f2833a7558
File size 2.5 MB ( 2623134 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2013-03-14 13:07:12 UTC ( 3 years, 5 months ago )
Last submission 2016-06-23 02:59:18 UTC ( 2 months, 1 week ago )
File names test.exe
AutoHotkey_L_Install(1).exe
2844926
2AutoHotkey_L_Install.exe
AutoHotkey_L_Install110904.exe
AutoHotkey.exe
file-5259364_exe
9917f2351bacfcc698082f52e4ce4bfc
filename
AutoHotkey_L_Install (4).exe
AutoHotkey_L_Install_2.exe
Auto Hot Key By Palash.exe
AutoHotkey_L_Install.exe
AutoHotkey110904_Install.exe
autohotkey_l_install.exe
AutoHotkey_L_Install old.exe
AutoHotkey_L_Install.exe
AutoHotkey110904_Install.exe
AutoHotkey_L_Install (1).exe
autohotkey.exe
Auto Hot Key By Mr-Cracker.exe
output.2844926.txt
AUTOHO~1.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!