× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 923e4a450cb6c81077b9814e403b0a8329b47d4f094dc47c657b475c516a4951
File name: a901e57baae09e046d97f7e38a13892c8b9474c8
Detection ratio: 24 / 54
Analysis date: 2014-10-24 10:19:29 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1939217 20141024
AhnLab-V3 Trojan/Win32.Zbot 20141023
Avast Win32:Malware-gen 20141024
AVG Inject2.BBJQ 20141024
Avira (no cloud) TR/Crypt.Xpack.103413 20141024
Baidu-International Trojan.Win32.Yakes.aO 20141024
BitDefender Trojan.GenericKD.1939217 20141024
Emsisoft Trojan.GenericKD.1939217 (B) 20141024
ESET-NOD32 a variant of Win32/Injector.BOAI 20141024
F-Secure Trojan.GenericKD.1939217 20141024
GData Trojan.GenericKD.1939217 20141024
Ikarus Trojan.Win32.Inject 20141024
Kaspersky Trojan.Win32.Yakes.guim 20141024
Malwarebytes Trojan.FakeMS.ED 20141024
McAfee Artemis!7A5580DDF2EB 20141024
McAfee-GW-Edition BehavesLike.Win32.BadFile.ch 20141023
Microsoft Trojan:Win32/Backoff.A 20141024
Norman Suspicious_Gen4.HECHO 20141024
nProtect Trojan.GenericKD.1939217 20141024
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20141024
Sophos AV Mal/Wonton-J 20141024
Symantec Suspicious.Cloud.5 20141024
TrendMicro-HouseCall TROJ_GEN.R02PH01JN14 20141024
ViRobot Worm.Win32.P2P-Palevo.119808.A 20141024
AegisLab 20141024
Yandex 20141023
Antiy-AVL 20141024
AVware 20141024
Bkav 20141023
ByteHero 20141024
CAT-QuickHeal 20141022
ClamAV 20141023
CMC 20141024
Comodo 20141024
Cyren 20141024
DrWeb 20141024
F-Prot 20141021
Fortinet 20141024
Jiangmin 20141023
K7AntiVirus 20141024
K7GW 20141023
Kingsoft 20141024
eScan 20141022
NANO-Antivirus 20141024
Rising 20141023
SUPERAntiSpyware 20141024
Tencent 20141024
TheHacker 20141022
TotalDefense 20141024
TrendMicro 20141024
VBA32 20141023
VIPRE 20141024
Zillya 20141023
Zoner 20141020
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® .NET Framework
Original name mageui.exe
Internal name mageui.exe
File version 3.5.21022.8 (RTM.021022-0800)
Description Manifest Generation And Editing Tool
Comments Flavor=Retail
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-22 19:54:10
Entry Point 0x000077C3
Number of sections 4
PE sections
PE imports
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
WaitForSingleObject
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
MapViewOfFileEx
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
FindNextVolumeMountPointW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ResumeThread
TlsGetValue
MoveFileW
SetLastError
WriteProcessMemory
RemoveDirectoryW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
TerminateJobObject
CreateMutexA
CreateSemaphoreA
SetUnhandledExceptionFilter
PeekConsoleInputW
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
VirtualQuery
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
OpenProcess
ReadProcessMemory
GetProcAddress
CompareStringW
UnmapViewOfFile
CompareStringA
WaitForMultipleObjects
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LocalUnlock
InterlockedIncrement
GetLastError
LCMapStringW
VirtualAllocEx
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
VirtualFreeEx
GetCurrentProcessId
WideCharToMultiByte
GetCPInfoExA
HeapSize
GetCommandLineA
OpenMutexA
SuspendThread
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
PostQueuedCompletionStatus
VirtualFree
Sleep
VirtualAlloc
EmptyClipboard
GetMessagePos
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
ExitWindowsEx
EndPaint
SetWindowTextW
CharUpperW
DialogBoxParamW
GetClassInfoW
AppendMenuW
CharNextW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
DispatchMessageW
SetClipboardData
GetDC
GetWindowLongW
GetAsyncKeyState
BeginPaint
CreatePopupMenu
SendMessageW
SetDlgItemTextW
RegisterClassW
wsprintfW
IsWindowVisible
SetForegroundWindow
GetClientRect
GetDlgItem
SystemParametersInfoW
DrawTextW
CallWindowProcW
EnableMenuItem
ScreenToClient
InvalidateRect
CreateDialogParamW
wsprintfA
SetTimer
LoadImageW
TrackPopupMenu
FillRect
IsDlgButtonChecked
CharNextA
CheckDlgButton
LoadCursorW
GetSystemMenu
FindWindowExW
CreateWindowExW
EnableWindow
CloseClipboard
DestroyWindow
SetCursor
SendMessageTimeoutW
OpenClipboard
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
SymSetOptions
SymGetModuleInfo64
MakeSureDirectoryPathExists
SymGetSymNext64
SymGetModuleInfoW
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 4
RT_ACCELERATOR 1
RT_MENU 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
HEBREW DEFAULT 7
ARABIC SYRIA 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Flavor=Retail

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.5.21022.8

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Manifest Generation And Editing Tool

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
51712

PrivateBuild
DDBLD634

EntryPoint
0x77c3

OriginalFileName
mageui.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
3.5.21022.8 (RTM.021022-0800)

TimeStamp
2014:10:22 20:54:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
mageui.exe

ProductVersion
3.5.21022.8

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
69632

ProductName
Microsoft .NET Framework

ProductVersionNumber
3.5.21022.8

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7a5580ddf2eb2fc4f4a0ea28c40f0da9
SHA1 e50b12aeeb19bd101fd6fccb802b4d02f25c5840
SHA256 923e4a450cb6c81077b9814e403b0a8329b47d4f094dc47c657b475c516a4951
ssdeep
3072:UzfOP9J2h1WGsTJOdnRyHy5VCysCuBgpiml+/:UzfOPk192EkynCjxOpimQ

authentihash fac3d7c916cbf67163f3f35a1f2f12bb390933c5aab737840d0e0ada94913293
imphash 476dcc691328afc2620c3d149949b6af
File size 119.5 KB ( 122368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-10-22 21:31:04 UTC ( 4 years, 7 months ago )
Last submission 2018-10-04 21:20:28 UTC ( 7 months, 2 weeks ago )
File names r0.exe
923e4a450cb6c81077b9814e403b0a8329b47d4f094dc47c657b475c516a4951.exe
7a5580ddf2eb2fc4f4a0ea28c40f0da9.virus
a901e57baae09e046d97f7e38a13892c8b9474c8
mageui.exe
7a5580ddf2eb2fc4f4a0ea28c40f0da9_INFA5FA.tmp
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs