× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 951d723f780fd5ecca06b45491f5865e10934fe986de06052630a53a4f2f4ade
File name: 43s5d6f7g.exe
Detection ratio: 0 / 54
Analysis date: 2015-12-14 13:33:46 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware 20151214
AegisLab 20151214
Yandex 20151213
AhnLab-V3 20151214
Alibaba 20151208
ALYac 20151214
Antiy-AVL 20151214
Arcabit 20151214
Avast 20151214
AVG 20151214
Avira (no cloud) 20151214
AVware 20151214
Baidu-International 20151214
BitDefender 20151214
Bkav 20151214
ByteHero 20151214
CAT-QuickHeal 20151214
ClamAV 20151214
CMC 20151214
Comodo 20151214
Cyren 20151214
DrWeb 20151214
Emsisoft 20151214
ESET-NOD32 20151214
F-Prot 20151214
F-Secure 20151214
Fortinet 20151214
GData 20151214
Ikarus 20151214
Jiangmin 20151213
K7AntiVirus 20151214
K7GW 20151214
Kaspersky 20151214
Malwarebytes 20151214
McAfee 20151214
McAfee-GW-Edition 20151214
Microsoft 20151214
eScan 20151214
NANO-Antivirus 20151214
nProtect 20151211
Panda 20151213
Qihoo-360 20151214
Rising 20151212
Sophos AV 20151214
SUPERAntiSpyware 20151214
Symantec 20151213
TheHacker 20151214
TrendMicro 20151214
TrendMicro-HouseCall 20151214
VBA32 20151211
VIPRE 20151214
ViRobot 20151214
Zillya 20151213
Zoner 20151214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Emco Software Ltd. Copyright 2000 - 2014 KG and its Licensors

Product Shader
Original name Shader
Internal name Shader
File version 6.2.3.28
Description Redirection Layout 00101011 Cutting Monies Fu
Comments Redirection Layout 00101011 Cutting Monies Fu
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-14 12:41:12
Entry Point 0x00004E89
Number of sections 4
PE sections
PE imports
ReadEventLogA
RegQueryValueExA
CryptAcquireContextA
GetUserNameW
DeregisterEventSource
GetOldestEventLogRecord
CloseEventLog
OpenEventLogA
ClearEventLogA
LsaRemoveAccountRights
RegisterEventSourceA
GetNumberOfEventLogRecords
RegOpenKeyExA
ReportEventA
GetAclInformation
CryptCreateHash
AVIFileInit
AVIFileOpenA
InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon
ImageList_Draw
ImageList_Add
ChooseFontA
GetObjectA
GetCurrentObject
LineTo
DeleteDC
SetDCPenColor
GetTextExtentPointA
BitBlt
CreatePen
GetStockObject
CreateBitmap
TextOutA
CreateFontIndirectA
ExtTextOutA
PatBlt
MoveToEx
SelectObject
SetBkColor
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
GetTcpStatistics
GetLastError
ReadConsoleInputA
GetStdHandle
FlushConsoleInputBuffer
lstrlenA
FillConsoleOutputCharacterA
QueryPerformanceCounter
GetNumberOfConsoleInputEvents
HeapAlloc
SetConsoleTextAttribute
SetConsoleCursorPosition
GlobalUnlock
LoadLibraryA
SetConsoleScreenBufferSize
GetStartupInfoA
GetCurrentDirectoryW
GetFileSize
FindClose
UnhandledExceptionFilter
GlobalLock
GetConsoleScreenBufferInfo
InterlockedCompareExchange
FillConsoleOutputAttribute
CreateFileMappingW
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
GetCurrentProcess
FindFirstFileA
GetSystemTimeAsFileTime
GetProcAddress
TerminateProcess
CreateEventW
SetConsoleMode
GlobalAlloc
AllocConsole
IsDebuggerPresent
Sleep
GetTickCount
CreateFileA
ExitProcess
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?sync_with_stdio@ios_base@std@@SA_N_N@Z
__p__fmode
malloc
?what@exception@std@@UBEPBDXZ
_invalid_parameter_noinfo
__dllonexit
_open_osfhandle
_controlfp_s
_CxxThrowException
printf
_invoke_watson
_cexit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??2@YAPAXI@Z
_lock
_onexit
wcslen
_unlock
_amsg_exit
exit
??_V@YAXPAX@Z
_encode_pointer
__setusermatherr
_initterm_e
_adjust_fdiv
_XcptFilter
_acmdln
memset
_ismbblead
_fdopen
memmove_s
_crt_debugger_hook
__p__commode
??3@YAXPAX@Z
__CxxFrameHandler3
_except_handler4_common
__getmainargs
_initterm
sprintf
??0exception@std@@QAE@ABV01@@Z
_wsetlocale
??1exception@std@@UAE@XZ
_decode_pointer
__iob_func
??0exception@std@@QAE@ABQBD@Z
_configthreadlocale
??0exception@std@@QAE@XZ
_exit
setvbuf
__set_app_type
NetUserGetInfo
NetApiBufferFree
SHGetFileInfoA
Shell_NotifyIconA
PathFileExistsA
EmptyClipboard
GetParent
UpdateWindow
EndDialog
BeginPaint
OffsetRect
CheckRadioButton
DestroyMenu
PostQuitMessage
DefWindowProcA
ShowWindow
DlgDirListComboBoxA
SetWindowPos
GetDesktopWindow
GetSystemMetrics
AppendMenuA
GetWindowRect
DispatchMessageA
EndPaint
LoadBitmapA
SetDlgItemInt
TranslateMessage
CheckDlgButton
GetDC
CopyImage
GetCursorPos
ReleaseDC
CreatePopupMenu
DestroyIcon
EnumDisplayMonitors
SetClipboardData
SendMessageA
CloseClipboard
GetClientRect
GetDlgItem
CreateDialogParamA
RegisterClassA
InvalidateRect
wsprintfA
CreateWindowExA
LoadCursorA
LoadIconA
GetMessageA
SetWindowTextA
IsDlgButtonChecked
GetSysColorBrush
LoadImageA
GetFocus
CreateWindowExW
SetForegroundWindow
RegisterClassExA
GetAncestor
IsDialogMessageA
WSAStartup
GdiplusShutdown
GdipFree
GdipLoadImageFromFile
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusStartup
ExifTool file metadata
LegalTrademarks
Emco Software Ltd. Copyright 2000 - 2014 KG and its Licensors

SubsystemVersion
5.0

Comments
Redirection Layout 00101011 Cutting Monies Fu

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.2.3.28

LanguageCode
Unknown (03EB)

FileFlagsMask
0x003f

FileDescription
Redirection Layout 00101011 Cutting Monies Fu

CharacterSet
Unicode

InitializedDataSize
114176

PrivateBuild
6.2.3.28

EntryPoint
0x4e89

OriginalFileName
Shader

MIMEType
application/octet-stream

LegalCopyright
Emco Software Ltd. Copyright 2000 - 2014 KG and its Licensors

FileVersion
6.2.3.28

TimeStamp
2015:12:14 13:41:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Shader

ProductVersion
6.2.3.28

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Emco Software Ltd.

CodeSize
18432

ProductName
Shader

ProductVersionNumber
6.2.3.28

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a0de2560362cc6dfc53d1cd5ff50559b
SHA1 67b434023be60235c9e2cd99dc89ade5ae346b9e
SHA256 951d723f780fd5ecca06b45491f5865e10934fe986de06052630a53a4f2f4ade
ssdeep
3072:pt1uJu/MidI/le2FyzOLggv7YEDg5wXO7+5NXZ/u:7mu/M5WOLgKg5GO7cW

authentihash bd046e7283720d4f7409497231c8423a30922c3446c3202cf772b83ddbf6958a
imphash f4d957bd569d770198d7a224945d942d
File size 130.5 KB ( 133632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-14 12:55:08 UTC ( 1 year, 10 months ago )
Last submission 2016-12-16 11:18:21 UTC ( 10 months, 1 week ago )
File names a0de2560362cc6dfc53d1cd5ff50559b.exe
exe
dimenas.exe_0000001C
dimenas.exe
dimenas.exe
Shader
43s5d6f7g.bad
43s5d6f7g[1].exe.3944.dr
43s5d6f7g[1].exe.3652.dr
43s5d6f7g.exe
43s5d6f7g(1).exe
43s5d6f7g[1].exe
dimenas.exe
43s5d6f7g_2.exe
723f780fd5ecca06b45491f5865e10934fe986de06052630a53a4f2f4ade.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections