× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8f622e2e408a8d135d6eff6e8fe690589e483001c2f12c28b05f92a2402527fd
File name: phix.0.7.6.setup.exe
Detection ratio: 0 / 63
Analysis date: 2017-07-19 18:16:28 UTC ( 2 months ago )
Antivirus Result Update
Ad-Aware 20170719
AegisLab 20170719
AhnLab-V3 20170719
Alibaba 20170719
ALYac 20170719
Antiy-AVL 20170719
Arcabit 20170719
Avast 20170719
AVG 20170719
Avira (no cloud) 20170719
AVware 20170719
Baidu 20170719
BitDefender 20170719
Bkav 20170719
CAT-QuickHeal 20170719
ClamAV 20170719
CMC 20170719
Comodo 20170719
CrowdStrike Falcon (ML) 20170710
Cylance 20170719
Cyren 20170719
DrWeb 20170719
Emsisoft 20170719
Endgame 20170713
ESET-NOD32 20170719
F-Prot 20170719
F-Secure 20170719
Fortinet 20170719
GData 20170719
Ikarus 20170719
Sophos ML 20170607
Jiangmin 20170719
K7AntiVirus 20170719
K7GW 20170719
Kaspersky 20170719
Kingsoft 20170719
Malwarebytes 20170719
MAX 20170719
McAfee 20170719
McAfee-GW-Edition 20170719
Microsoft 20170719
eScan 20170719
NANO-Antivirus 20170719
nProtect 20170719
Palo Alto Networks (Known Signatures) 20170719
Panda 20170719
Qihoo-360 20170719
Rising 20170719
SentinelOne (Static ML) 20170718
Sophos AV 20170719
SUPERAntiSpyware 20170719
Symantec 20170719
Symantec Mobile Insight 20170719
Tencent 20170719
TheHacker 20170719
TrendMicro 20170719
TrendMicro-HouseCall 20170719
Trustlook 20170719
VBA32 20170719
VIPRE 20170719
ViRobot 20170719
Webroot 20170719
WhiteArmor 20170713
Yandex 20170719
Zillya 20170719
ZoneAlarm by Check Point 20170719
Zoner 20170719
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX, ZIP, maxorder, appended, UTF-8, Unicode
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-03-20 06:35:57
Entry Point 0x00019200
Number of sections 3
PE sections
Overlays
MD5 aeaba3c463b1f9e6740e4b23ad5f8d26
File type data
Offset 26112
Size 18373025
Entropy 7.99
PE imports
RegCloseKey
SetROP2
LoadLibraryA
ExitProcess
GetProcAddress
ShellExecuteA
CoInitialize
Number of PE resources by type
RT_DIALOG 5
RT_BITMAP 2
RT_GROUP_CURSOR 1
RT_ICON 1
RT_MENU 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2001:03:20 07:35:57+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
6.0

EntryPoint
0x19200

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
77824

File identification
MD5 5504e0de44323a05d6186eaa776342b7
SHA1 4d4609ab2c7fd1f2e161ecfdcdb6aba046dce379
SHA256 8f622e2e408a8d135d6eff6e8fe690589e483001c2f12c28b05f92a2402527fd
ssdeep
393216:8hquBxGDf0IhPznzRsSTJttNeEi4gneRM6rjmdR2KZg3ajQ:8Eu33IhzzRsStteEi5efjmdDGyQ

authentihash e280a5cdfb160369e5b368cd2515139511122e81ff61b01d98bf268342088107
imphash 4b8ea275b01195301d047f45b8ba14d3
File size 17.5 MB ( 18399137 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (25.2%)
UPX compressed Win32 Executable (24.7%)
Win32 EXE Yoda's Crypter (24.2%)
Windows screen saver (11.9%)
Win32 Dynamic Link Library (generic) (6.0%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2017-07-19 18:16:28 UTC ( 2 months ago )
Last submission 2017-07-19 18:16:28 UTC ( 2 months ago )
File names phix.0.7.6.setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!