× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a38a209bbcc4c1af109e6d5a9a90223a6381a6400bc4ea52606463a0ffead11
File name: jsjd.jpg
Detection ratio: 25 / 71
Analysis date: 2019-03-05 14:59:12 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Gen:Variant.Mikey.94481 20190305
Avast Win32:Malware-gen 20190305
AVG Win32:Malware-gen 20190305
BitDefender Gen:Variant.Mikey.94481 20190305
Bkav W32.FamVT.RazyNHmA.Trojan 20190304
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.a8ccf0 20190109
Cylance Unsafe 20190305
DrWeb Trojan.PWS.Spy.21017 20190305
Emsisoft Gen:Variant.Mikey.94481 (B) 20190305
Endgame malicious (high confidence) 20190215
GData Gen:Variant.Mikey.94481 20190305
K7GW Riskware ( 0040eff71 ) 20190305
Kaspersky Trojan.Win32.Propagate.hxp 20190305
MAX malware (ai score=80) 20190305
Microsoft TrojanDownloader:Win32/Dofoil.AD 20190305
eScan Gen:Variant.Mikey.94481 20190305
Palo Alto Networks (Known Signatures) generic.ml 20190305
Panda Trj/GdSda.A 20190303
Qihoo-360 HEUR/QVM09.0.A44D.Malware.Gen 20190305
SentinelOne (Static ML) static engine - malicious 20190203
Trapmine malicious.moderate.ml.score 20190301
VIPRE LooksLike.Win32.Crowti.b (v) 20190305
ZoneAlarm by Check Point Trojan.Win32.Propagate.hxp 20190305
AegisLab 20190305
AhnLab-V3 20190305
Alibaba 20180921
ALYac 20190305
Antiy-AVL 20190305
Arcabit 20190305
Avast-Mobile 20190305
Avira (no cloud) 20190305
Babable 20180918
Baidu 20190215
CAT-QuickHeal 20190304
ClamAV 20190305
CMC 20190305
Comodo 20190305
Cyren 20190305
eGambit 20190305
ESET-NOD32 20190305
F-Prot 20190305
F-Secure 20190305
Fortinet 20190305
Ikarus 20190305
Sophos ML 20181128
Jiangmin 20190305
K7AntiVirus 20190304
Kingsoft 20190305
Malwarebytes 20190305
McAfee 20190305
McAfee-GW-Edition 20190304
NANO-Antivirus 20190305
Rising 20190305
Sophos AV 20190305
SUPERAntiSpyware 20190227
Symantec 20190305
Symantec Mobile Insight 20190220
TACHYON 20190305
Tencent 20190305
TheHacker 20190304
TotalDefense 20190305
TrendMicro 20190305
TrendMicro-HouseCall 20190305
Trustlook 20190305
VBA32 20190305
ViRobot 20190305
Webroot 20190305
Yandex 20190301
Zillya 20190304
Zoner 20190305
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 360.cn Inc. All Rights Reserved.

Product 360安全卫士
Original name 360Examine.dll
Internal name NewExamin
File version 7, 3, 0, 1015
Description 360安全卫士
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 11:21:53
Entry Point 0x0000CF79
Number of sections 6
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
InitCommonControlsEx
HeapSize
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
FreeLibrary
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetVersionExA
VirtualProtect
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetConsoleMode
FreeEnvironmentStringsW
GetCurrentProcessId
GetConsoleOutputCP
OpenProcess
SetFilePointer
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
ReadProcessMemory
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
SetStdHandle
GetModuleHandleA
GetCPInfo
GetModuleFileNameW
GetStringTypeA
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
HeapDestroy
GetOEMCP
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
HeapCreate
SetLastError
VirtualFree
GetEnvironmentStringsW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
WriteConsoleW
InterlockedIncrement
EnumProcesses
TranslateMessage
SendMessageW
UpdateWindow
EndPaint
BeginPaint
GetMessageW
MoveWindow
DefWindowProcW
GetClientRect
EnumWindowStationsW
CreateWindowExW
RegisterClassExW
PostQuitMessage
ShowWindow
TranslateAcceleratorW
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
7.3.0.1015

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

FileDescription
360

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
160768

EntryPoint
0xcf79

OriginalFileName
360Examine.dll

MIMEType
application/octet-stream

LegalCopyright
(C) 360.cn Inc. All Rights Reserved.

FileVersion
7, 3, 0, 1015

TimeStamp
2016:12:06 11:21:53+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
NewExamin

ProductVersion
7, 3, 0, 1015

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
360.cn

CodeSize
81920

ProductName
360

ProductVersionNumber
7.3.0.1015

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 4123e68610cf1af934237451fce87a97
SHA1 364cfb2a8ccf0abc33646d170e5366c69600160c
SHA256 9a38a209bbcc4c1af109e6d5a9a90223a6381a6400bc4ea52606463a0ffead11
ssdeep
3072:flSaQBUHapWqluvaQhu5kK2bi0Yxp3NXAp3cg6//eZxefJtAGmgjpOCQh498U/oA:s7pWuJQhu5CbDYaWGZAcGmgECQhAo3

authentihash c8cbbd1e65c2b828cf72c6bce120d959ac1a4d93758a5c0ed3d9b81c1a33b80f
imphash 73a669a06fdec12f09c1732ea4778efd
File size 238.0 KB ( 243712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-05 14:59:12 UTC ( 2 months, 2 weeks ago )
Last submission 2019-03-05 14:59:12 UTC ( 2 months, 2 weeks ago )
File names jsjd.jpg
360Examine.dll
NewExamin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs