× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 918fe30209f3ef975ed68dc722f32aac3bd1fefa60aff54af5bcbc8ed998212e
File name: gdkxw-a.exe
Detection ratio: 27 / 55
Analysis date: 2015-12-05 23:24:47 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.777784 20151205
Yandex Trojan.Yakes!fYMyKAHOZWY 20151205
AhnLab-V3 Win-Trojan/Malpacked6.Gen 20151205
ALYac Gen:Variant.Kazy.777784 20151204
Arcabit Trojan.Kazy.DBDE38 20151205
Avast Win32:Malware-gen 20151205
AVG FileCryptor.FJE 20151205
Avira (no cloud) TR/Crypt.Xpack.336621 20151205
AVware Trojan.Win32.Generic!BT 20151205
BitDefender Gen:Variant.Kazy.777784 20151206
Bkav HW32.Packed.A01F 20151205
Emsisoft Gen:Variant.Kazy.777784 (B) 20151206
ESET-NOD32 Win32/Filecoder.EM 20151205
F-Secure Gen:Variant.Kazy.777784 20151205
Fortinet W32/Injector.CNRF!tr 20151204
GData Gen:Variant.Kazy.777784 20151206
Kaspersky Trojan.Win32.Yakes.npsm 20151205
Malwarebytes Ransom.FileCryptor 20151206
McAfee Ransomware-FBC!3C1739B8576D 20151205
eScan Gen:Variant.Kazy.777784 20151205
NANO-Antivirus Trojan.Win32.Encoder.dyzzbe 20151205
Panda Trj/CI.A 20151205
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20151206
Sophos Mal/Ransom-DL 20151205
TrendMicro-HouseCall Ransom_CRYPTESLA.SM 20151205
VBA32 SScope.Malware-Cryptor.Drixed 20151204
VIPRE Trojan.Win32.Generic!BT 20151205
AegisLab 20151205
Alibaba 20151208
Antiy-AVL 20151205
Baidu-International 20151205
ByteHero 20151206
CAT-QuickHeal 20151205
ClamAV 20151204
CMC 20151201
Comodo 20151202
Cyren 20151206
DrWeb 20151206
F-Prot 20151206
Ikarus 20151205
Jiangmin 20151205
K7AntiVirus 20151202
K7GW 20151202
McAfee-GW-Edition 20151205
Microsoft 20151205
nProtect 20151204
Rising 20151205
SUPERAntiSpyware 20151205
Symantec 20151205
Tencent 20151206
TheHacker 20151205
TrendMicro 20151205
ViRobot 20151205
Zillya 20151205
Zoner 20151205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-12-18 06:23:14
Entry Point 0x00009240
Number of sections 4
PE sections
PE imports
GetSecurityDescriptorGroup
IsValidAcl
AdjustTokenGroups
ImageList_Draw
ImageList_GetImageInfo
ImageList_SetDragCursorImage
CreateRoundRectRgn
SetMetaRgn
GlobalReAlloc
GetStringTypeA
GetPrivateProfileIntA
GetSystemDefaultLCID
GetTickCount
GetTimeFormatA
GlobalGetAtomNameA
HeapSize
WNetGetUniversalNameA
_mbsspnp
LPSAFEARRAY_UserSize
CreateIconFromResource
Number of PE resources by type
Struct(1000) 5
RT_ICON 5
RT_GROUP_ICON 5
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
HEBREW DEFAULT 18
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.201.256.135

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
3174400

EntryPoint
0x9240

OriginalFileName
Westwards.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

TimeStamp
2005:12:18 07:23:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Attracts

FileDescription
Stowed

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Ammonites (C) 2014

MachineType
Intel 386 or later, and compatibles

CompanyName
BeeNut.COM

CodeSize
49152

FileSubtype
0

ProductVersionNumber
0.138.158.13

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3c1739b8576db3903f152e80295ee0b2
SHA1 76d159c9e5184318150a94be1553600f6562fc26
SHA256 918fe30209f3ef975ed68dc722f32aac3bd1fefa60aff54af5bcbc8ed998212e
ssdeep
6144:BLHBMyPN6HhaTC88F2vjKCGzGVl2ypDA6BGNv/GeRv0q9OPLFrAY:BtHmisFAGzGVv+OeR8cCLFr

authentihash 3695c23525463fbfec361e7d9a2d8be654024e012804ed7945a18fa9eb738643
imphash 38b367c2379131a3e3b2fbe6e6b53ba3
File size 356.0 KB ( 364544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-05 23:24:47 UTC ( 1 year, 5 months ago )
Last submission 2015-12-07 09:33:15 UTC ( 1 year, 5 months ago )
File names gdkxw-a.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!