× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8dadac786b969e244b720076baa573ef4f822552528cdc8bb31fb3dbe36a3ae9
File name: Y5CEfUMn0KEQyW.exe
Detection ratio: 15 / 66
Analysis date: 2018-03-24 17:49:09 UTC ( 11 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180324
AVG FileRepMalware 20180324
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180323
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cybereason malicious.487c27 20180225
Cylance Unsafe 20180324
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win32/GenKryptik.BUQE 20180324
Fortinet W32/GenKryptik.BUNZ!tr 20180324
Sophos ML heuristic 20180121
Malwarebytes Trojan.Emotet 20180324
Qihoo-360 HEUR/QVM20.1.0AC7.Malware.Gen 20180324
SentinelOne (Static ML) static engine - malicious 20180225
TrendMicro TSPY_HPEMOTET.SMDX4 20180324
TrendMicro-HouseCall TSPY_HPEMOTET.SMDX4 20180324
Ad-Aware 20180324
AegisLab 20180324
AhnLab-V3 20180324
Alibaba 20180323
ALYac 20180324
Antiy-AVL 20180324
Arcabit 20180324
Avast-Mobile 20180324
Avira (no cloud) 20180324
AVware 20180324
BitDefender 20180324
Bkav 20180322
CAT-QuickHeal 20180324
ClamAV 20180324
CMC 20180324
Comodo 20180324
Cyren 20180324
DrWeb 20180324
eGambit 20180324
Emsisoft 20180324
F-Prot 20180324
F-Secure 20180324
GData 20180324
Ikarus 20180324
Jiangmin 20180324
K7AntiVirus 20180324
K7GW 20180324
Kaspersky 20180324
Kingsoft 20180324
MAX 20180324
McAfee 20180324
McAfee-GW-Edition 20180324
Microsoft 20180324
eScan 20180324
NANO-Antivirus 20180324
nProtect 20180324
Palo Alto Networks (Known Signatures) 20180324
Panda 20180324
Rising 20180324
Sophos AV 20180324
SUPERAntiSpyware 20180324
Symantec 20180323
Symantec Mobile Insight 20180311
Tencent 20180324
TheHacker 20180319
TotalDefense 20180324
Trustlook 20180324
VBA32 20180323
VIPRE 20180324
ViRobot 20180324
WhiteArmor 20180324
Yandex 20180324
Zillya 20180323
ZoneAlarm by Check Point 20180324
Zoner 20180324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2009-2017 Oracle Corporation

Product Oracle VM VirtualBox Guest Additions
Original name VBoxOGLerrorspu.dll
Internal name VBoxOGLerrorspu
File version 5.1.26.117224
Description VirtualBox crOpenGL ICD
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-25 01:43:45
Entry Point 0x000036C0
Number of sections 5
PE sections
PE imports
DeleteAce
RegNotifyChangeKeyValue
CryptDestroyHash
CertCloseStore
CryptMsgControl
CryptImportPublicKeyInfo
SelectPalette
CreatePolygonRgn
AngleArc
GetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryW
ReadConsoleOutputW
GetModuleHandleA
VirtualUnlock
ProcessIdToSessionId
FlsGetValue
LocalUnlock
GetCommandLineA
GetModuleFileNameA
FlsFree
lstrlenW
GetProcessHeap
MprConfigTransportGetInfo
DrawDibClose
DsCrackNamesW
LPSAFEARRAY_UserFree
VarUI2FromStr
SysReAllocString
DispCallFunc
glTexImage2D
RasGetCustomAuthDataW
RasGetProjectionInfoW
NdrGetUserMarshalInfo
UuidCreate
NdrConformantArrayUnmarshall
SetupDiRemoveDevice
CM_Get_Device_ID_List_ExW
SHFileOperationA
PathMakePrettyW
StrCpyNW
StrDupA
StrRChrA
UrlGetPartA
SHRegGetValueW
QuerySecurityPackageInfoW
MakeSignature
SetFocus
DdeDisconnectList
GetActiveWindow
EndDialog
EnumDesktopWindows
TileWindows
LoadCursorW
IsMenu
SetCursorPos
TrackMouseEvent
GetClipboardOwner
RegisterDeviceNotificationW
IsCharLowerW
EnableMenuItem
UnpackDDElParam
UnlockUrlCacheEntryStream
DeleteUrlCacheEntryW
mixerGetID
DeletePrinter
CryptCATStoreFromHandle
g_rgSCardRawPci
SCardListReaderGroupsA
Ord(30)
_time64
iswlower
StgIsStorageILockBytes
ReleaseStgMedium
HICON_UserMarshal
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
r117224

SubsystemVersion
5.0

LinkerVersion
0.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.26.17224

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
VirtualBox crOpenGL ICD

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
59392

EntryPoint
0x36c0

OriginalFileName
VBoxOGLerrorspu.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2009-2017 Oracle Corporation

FileVersion
5.1.26.117224

TimeStamp
2018:03:25 03:43:45+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
VBoxOGLerrorspu

ProductVersion
5.1.26.117224

UninitializedDataSize
4096

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Oracle Corporation

CodeSize
24576

ProductName
Oracle VM VirtualBox Guest Additions

ProductVersionNumber
5.1.26.17224

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 7153963ac55b568214c53266a0766aa4
SHA1 ee67eb6487c278901108c860184d6801241682a6
SHA256 8dadac786b969e244b720076baa573ef4f822552528cdc8bb31fb3dbe36a3ae9
ssdeep
3072:553NK5tuZGnM1x7h894PSCPLdeX9ZZ7FQku:r38uknKrA4PHPpeXdxQ

authentihash ae5661a4455be57068b8aea0da6401651c3351132d9a6f4458f44e718d3b0eee
imphash 2addf1e3775d327c33f9aa2a76a8100d
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-24 17:49:09 UTC ( 11 months ago )
Last submission 2018-05-08 03:59:21 UTC ( 9 months, 2 weeks ago )
File names VBoxOGLerrorspu
VBoxOGLerrorspu.dll
Y5CEfUMn0KEQyW.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!