× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8fe73af085c528f4c891757998e7775d68b907678120d8022bbe9cd359b55146
File name: oizekbp.exe
Detection ratio: 2 / 55
Analysis date: 2015-07-01 11:43:00 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.A9E3 20150630
Tencent Win32.Trojan.Inject.Auto 20150701
Ad-Aware 20150701
AegisLab 20150701
Yandex 20150630
AhnLab-V3 20150630
Alibaba 20150630
ALYac 20150701
Antiy-AVL 20150701
Arcabit 20150630
Avast 20150701
AVG 20150701
Avira (no cloud) 20150701
AVware 20150701
Baidu-International 20150701
BitDefender 20150701
ByteHero 20150701
CAT-QuickHeal 20150701
ClamAV 20150701
Comodo 20150701
Cyren 20150701
DrWeb 20150701
Emsisoft 20150701
ESET-NOD32 20150701
F-Prot 20150701
F-Secure 20150701
Fortinet 20150701
GData 20150701
Ikarus 20150701
Jiangmin 20150630
K7AntiVirus 20150701
K7GW 20150701
Kaspersky 20150701
Kingsoft 20150701
Malwarebytes 20150701
McAfee 20150701
McAfee-GW-Edition 20150630
Microsoft 20150701
eScan 20150701
NANO-Antivirus 20150701
nProtect 20150701
Panda 20150701
Qihoo-360 20150701
Rising 20150630
Sophos AV 20150701
SUPERAntiSpyware 20150701
Symantec 20150701
TheHacker 20150701
TrendMicro 20150701
TrendMicro-HouseCall 20150701
VBA32 20150701
VIPRE 20150701
ViRobot 20150701
Zillya 20150701
Zoner 20150701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-11-01 17:18:05
Entry Point 0x0006D000
Number of sections 6
PE sections
PE imports
GetModuleHandleA
ExitProcess
GetCommandLineW
GetMessageA
CreateWindowExA
DispatchMessageA
TranslateMessage
DefWindowProcA
RegisterClassExA
Number of PE resources by type
RT_BITMAP 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2004:11:01 18:18:05+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
442880

LinkerVersion
1.71

EntryPoint
0x6d000

InitializedDataSize
437248

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

File identification
MD5 ba841ac5f7500b6ea59fcbbfd4d8da32
SHA1 b997a3a3fe5fb6948e2d9d32cc1a35e2e0f08c50
SHA256 8fe73af085c528f4c891757998e7775d68b907678120d8022bbe9cd359b55146
ssdeep
12288:iERwtRTlWT+eolzu8Kirv2umG2uJhS3JvbJdtz:iEyYi3lzrLvFmwbS3pFd

authentihash e6e7759471ba030f69c0db87ee5c1223b7a0fed49ed0893c565197b7bed6f992
imphash e3573fd5e5ee5f2485cdd850a7292e55
File size 437.0 KB ( 447488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (53.8%)
Windows screen saver (25.5%)
Win32 Executable (generic) (8.7%)
Win16/32 Executable Delphi generic (4.0%)
Generic Win/DOS Executable (3.8%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-01 11:15:35 UTC ( 3 years, 11 months ago )
Last submission 2015-08-27 15:22:12 UTC ( 3 years, 9 months ago )
File names ba841ac5f7500b6ea59fcbbfd4d8da32
jumhlur.exe.2285654066
from.bin
oizekbp.ex
oizekbp.exe
from-upatre2.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!