× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a029c9967809cb681ae1ff5e8db986b2d9db8d6c2e7593c9c9bbfde15412d76
File name: 1decf2cde4ea96ed27b9baca310d32c5b295444b
Detection ratio: 16 / 56
Analysis date: 2014-12-18 00:48:21 UTC ( 4 years, 3 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.167490 20141218
AhnLab-V3 Trojan/Win32.Ransom 20141217
ALYac Gen:Variant.Graftor.167490 20141218
AVG Inject2.BIKS 20141217
BitDefender Gen:Variant.Graftor.167490 20141217
Comodo UnclassifiedMalware 20141218
Emsisoft Gen:Variant.Graftor.167490 (B) 20141218
ESET-NOD32 Win32/Spy.Zbot.ACB 20141218
GData Gen:Variant.Graftor.167490 20141217
Kaspersky Trojan-Spy.Win32.Zbot.usie 20141218
Malwarebytes Trojan.Agent.ED 20141217
McAfee Generic-FAVU!1035683C8E94 20141217
Microsoft PWS:Win32/Zbot.gen!VM 20141218
eScan Gen:Variant.Graftor.167490 20141218
Panda Trj/CI.A 20141217
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141217
AegisLab 20141218
Yandex 20141217
Antiy-AVL 20141217
Avast 20141217
Avira (no cloud) 20141218
AVware 20141218
Baidu-International 20141217
Bkav 20141217
ByteHero 20141218
CAT-QuickHeal 20141216
ClamAV 20141218
CMC 20141215
Cyren 20141218
DrWeb 20141218
F-Prot 20141218
F-Secure 20141231
Fortinet 20141218
Ikarus 20141217
Jiangmin 20141217
K7AntiVirus 20141217
K7GW 20141217
Kingsoft 20141218
McAfee-GW-Edition 20141231
NANO-Antivirus 20141217
Norman 20141217
nProtect 20141217
Qihoo-360 20141231
Sophos AV 20141218
SUPERAntiSpyware 20141217
Symantec 20141218
Tencent 20141231
TheHacker 20141229
TotalDefense 20141218
TrendMicro 20141218
TrendMicro-HouseCall 20141217
VBA32 20141217
VIPRE 20141218
ViRobot 20141217
Zillya 20141231
Zoner 20141216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1995-2014

Publisher Spencer Kimball, Peter Mattis and the GIMP Development Team
Product GNU Image Manipulation Program
Original name gimp-2.8.exe
Internal name gimp-2.8
File version 2.8.14.0
Description GNU Image Manipulation Program
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-16 17:09:41
Entry Point 0x00004A63
Number of sections 4
PE sections
PE imports
LsaQueryInformationPolicy
LsaFreeMemory
RegQueryValueExA
InitializeSecurityDescriptor
LsaNtStatusToWinError
RegOpenKeyExA
GetOpenFileNameA
CreateICA
TextOutW
GetRgnBox
TextOutA
CreateFontIndirectA
GetTextMetricsA
UpdateColors
GetDeviceCaps
CreateDCA
DeleteDC
GetTextExtentPointA
GetBitmapDimensionEx
BitBlt
CreateDIBSection
CreateBitmapIndirect
RealizePalette
SetTextColor
CreateBitmap
SelectPalette
GetDIBits
CreateCompatibleDC
GetFontLanguageInfo
SelectObject
CreateSolidBrush
SetBkMode
DeleteObject
CreateCompatibleBitmap
GetStdHandle
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
InterlockedDecrement
GetProfileIntA
OutputDebugStringA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
_lclose
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetStartupInfoW
GetProcAddress
GetProcessHeap
_lcreat
lstrcpyA
GetProfileStringA
GlobalLock
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
_lwrite
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
OleLoadPicture
glLoadIdentity
glClear
ExtractAssociatedIconA
SHParseDisplayName
PathFindFileNameW
RedrawWindow
EnumDesktopsA
ReleaseDC
IntersectRect
BeginPaint
OffsetRect
GetMonitorInfoA
PostQuitMessage
DefWindowProcA
FindWindowA
SendDlgItemMessageA
GetWindowRect
EndPaint
DrawIcon
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetDC
GetCursorPos
DrawTextA
CreatePopupMenu
GetWindowLongA
GetKeyNameTextA
SendMessageA
GetClientRect
ScreenToClient
InvalidateRect
wsprintfA
LoadCursorA
FillRect
GetSysColorBrush
LoadImageA
SetForegroundWindow
SetCursor
DestroyWindow
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 8
RT_STRING 6
RT_BITMAP 5
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 23
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.8.14.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
58368

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright 1995-2014

FileVersion
2.8.14.0

TimeStamp
2014:12:16 18:09:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
gimp-2.8

FileAccessDate
2014:12:18 02:06:10+01:00

ProductVersion
2.8.14

FileDescription
GNU Image Manipulation Program

OSVersion
5.1

FileCreateDate
2014:12:18 02:06:10+01:00

OriginalFilename
gimp-2.8.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Spencer Kimball, Peter Mattis and the GIMP Development Team

CodeSize
222720

ProductName
GNU Image Manipulation Program

ProductVersionNumber
2.8.14.0

EntryPoint
0x4a63

ObjectFileType
Executable application

File identification
MD5 1035683c8e948648da25953920063b13
SHA1 1decf2cde4ea96ed27b9baca310d32c5b295444b
SHA256 9a029c9967809cb681ae1ff5e8db986b2d9db8d6c2e7593c9c9bbfde15412d76
ssdeep
6144:ufgwYhBbG9eRhFIdJShNK2Oar6TM4pskT7Cpq:KglhBbGMrWdJSh0Dar6TM4pswuc

authentihash e84d1540d6bf248ae77884480fa16d484294b0374e572254beca836fb38d1b3e
imphash 2d38eea6eedc7cfc7b3dd4586dd02235
File size 275.5 KB ( 282112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-18 00:48:21 UTC ( 4 years, 3 months ago )
Last submission 2014-12-18 00:48:21 UTC ( 4 years, 3 months ago )
File names gimp-2.8.exe
gimp-2.8
9a029c9967809cb681ae1ff5e8db986b2d9db8d6c2e7593c9c9bbfde15412d76.exe
1decf2cde4ea96ed27b9baca310d32c5b295444b
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.