× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8d155dd7e6c8245a378b58f658037de7880a319e8d91650febbcbc6cf2105230
File name: AutoHotkey.exe
Detection ratio: 5 / 57
Analysis date: 2016-04-12 03:42:41 UTC ( 3 weeks ago )
Antivirus Result Update
CAT-QuickHeal Trojan.Agen.r4 20160411
Jiangmin Trojan/Fsysna.akh 20160412
K7AntiVirus Trojan ( 004973ee1 ) 20160411
K7GW Trojan ( 004973ee1 ) 20160404
VBA32 Trojan.Fsysna 20160410
ALYac 20160412
AVG 20160412
AVware 20160412
Ad-Aware 20160412
AegisLab 20160412
AhnLab-V3 20160412
Alibaba 20160412
Antiy-AVL 20160412
Arcabit 20160412
Avast 20160412
Avira (no cloud) 20160412
Baidu 20160411
Baidu-International 20160411
BitDefender 20160412
Bkav 20160411
CMC 20160412
ClamAV 20160408
Comodo 20160412
Cyren 20160412
DrWeb 20160412
ESET-NOD32 20160412
Emsisoft 20160412
F-Prot 20160412
F-Secure 20160412
Fortinet 20160404
GData 20160412
Ikarus 20160411
Kaspersky 20160412
Kingsoft 20160412
Malwarebytes 20160412
McAfee 20160412
McAfee-GW-Edition 20160412
eScan 20160412
Microsoft 20160412
NANO-Antivirus 20160412
Panda 20160411
Qihoo-360 20160412
Rising 20160412
SUPERAntiSpyware 20160412
Sophos 20160412
Symantec 20160412
Tencent 20160412
TheHacker 20160411
TotalDefense 20160411
TrendMicro 20160412
TrendMicro-HouseCall 20160412
VIPRE 20160412
ViRobot 20160412
Yandex 20160411
Zillya 20160411
Zoner 20160412
nProtect 20160411
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2012 Steve Gray

Product AutoHotkey_L
File version 1.1.09.04
Description AutoHotkey_L Setup
Packers identified
F-PROT appended, 7Z, Unicode, UTF-8
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-18 18:41:55
Entry Point 0x0000643F
Number of sections 4
PE sections
Overlays
MD5 a8eae83d2382019ef43ad2eebf8cb8c3
File type data
Offset 47104
Size 2576030
Entropy 8.00
PE imports
GetLastError
GetModuleFileNameW
WaitForSingleObject
GetTickCount
GetStartupInfoA
GetCurrentProcessId
SetFileTime
GetCommandLineW
CreateDirectoryW
DeleteFileW
GetModuleHandleA
RemoveDirectoryW
SetFilePointer
FindNextFileW
GetTempPathW
ReadFile
FindFirstFileW
WriteFile
CreateFileW
CreateProcessW
FindClose
SetFileAttributesW
GetCurrentThreadId
CloseHandle
__p__fmode
malloc
memset
strlen
_except_handler3
wcslen
wcscmp
exit
_XcptFilter
memcmp
__setusermatherr
_controlfp
_adjust_fdiv
_acmdln
__p__commode
free
wcscat
__getmainargs
memcpy
memmove
wcscpy
_initterm
_exit
__set_app_type
ShellExecuteExW
MessageBoxA
Number of PE resources by type
RT_ICON 7
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.9.4

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
32768

EntryPoint
0x643f

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2012 Steve Gray

FileVersion
1.1.09.04

TimeStamp
2010:11:18 19:41:55+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.1.09.04

FileDescription
AutoHotkey_L Setup

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
22016

ProductName
AutoHotkey_L

ProductVersionNumber
1.1.9.4

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
Compressed bundles
File identification
MD5 9917f2351bacfcc698082f52e4ce4bfc
SHA1 baf135c988dbd3f19cca92638c1b3e335455d8c5
SHA256 8d155dd7e6c8245a378b58f658037de7880a319e8d91650febbcbc6cf2105230
ssdeep
49152:2p6num0tjZN2RzhovbtYFMlusF7El8bAlHry7ozVbx8rGAFdmruk:2p6wj5uFJsF7ERHrIMKrFdK

authentihash 12b30eeb41929958d64fee09ee8ba6211ffa2b545d90509656332e2b99b10584
imphash fa4d5c869351014d1ce952f2833a7558
File size 2.5 MB ( 2623134 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2013-03-14 13:07:12 UTC ( 3 years, 1 month ago )
Last submission 2016-04-12 03:42:41 UTC ( 3 weeks ago )
File names test.exe
AutoHotkey_L_Install(1).exe
2844926
2AutoHotkey_L_Install.exe
AutoHotkey_L_Install110904.exe
AutoHotkey.exe
file-5259364_exe
9917f2351bacfcc698082f52e4ce4bfc
filename
AutoHotkey_L_Install (4).exe
AutoHotkey_L_Install_2.exe
Auto Hot Key By Palash.exe
AutoHotkey_L_Install.exe
AutoHotkey110904_Install.exe
autohotkey_l_install.exe
AutoHotkey_L_Install old.exe
AutoHotkey_L_Install.exe
AutoHotkey110904_Install.exe
AutoHotkey_L_Install (1).exe
autohotkey.exe
Auto Hot Key By Mr-Cracker.exe
output.2844926.txt
AUTOHO~1.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!