× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a79d77ddc2e4a6ee91df5bfb4f7baf48f3da1a84f38fb0f427f5d318f35fe9a
File name: winemenubuilder.exe
Detection ratio: 1 / 66
Analysis date: 2018-04-07 17:39:55 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Jiangmin Trojan/Genome.dlco 20180407
Ad-Aware 20180407
AegisLab 20180407
AhnLab-V3 20180407
Alibaba 20180404
ALYac 20180407
Antiy-AVL 20180407
Arcabit 20180407
Avast 20180407
Avast-Mobile 20180407
AVG 20180407
Avira (no cloud) 20180407
AVware 20180407
Baidu 20180404
BitDefender 20180407
Bkav 20180407
CAT-QuickHeal 20180407
ClamAV 20180407
CMC 20180406
Comodo 20180407
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180407
Cyren 20180407
DrWeb 20180407
eGambit 20180407
Emsisoft 20180407
Endgame 20180403
ESET-NOD32 20180407
F-Prot 20180407
F-Secure 20180407
Fortinet 20180407
GData 20180407
Ikarus 20180407
Sophos ML 20180121
K7AntiVirus 20180404
K7GW 20180407
Kaspersky 20180407
Kingsoft 20180407
Malwarebytes 20180407
MAX 20180407
McAfee 20180407
McAfee-GW-Edition 20180407
Microsoft 20180407
eScan 20180407
NANO-Antivirus 20180407
nProtect 20180407
Palo Alto Networks (Known Signatures) 20180407
Panda 20180407
Qihoo-360 20180407
Rising 20180407
SentinelOne (Static ML) 20180225
Sophos AV 20180407
SUPERAntiSpyware 20180407
Symantec 20180406
Symantec Mobile Insight 20180406
Tencent 20180407
TheHacker 20180404
TotalDefense 20180407
TrendMicro 20180407
TrendMicro-HouseCall 20180407
Trustlook 20180407
VBA32 20180406
VIPRE 20180407
ViRobot 20180407
WhiteArmor 20180405
Yandex 20180406
Zillya 20180406
ZoneAlarm by Check Point 20180407
Zoner 20180407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x00001020
Number of sections 2
PE sections
PE imports
_except_handler3
exit
_XcptFilter
__getmainargs
_exit
_controlfp
__set_app_type
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
0

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
0

SubsystemVersion
4.0

EntryPoint
0x1020

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 8f409fc904543688c4abe74b1fb54343
SHA1 b0d469d0ca6f0aba6ff692a2f36ce0c768ceb545
SHA256 9a79d77ddc2e4a6ee91df5bfb4f7baf48f3da1a84f38fb0f427f5d318f35fe9a
ssdeep
12:etGSGQ6Y+qhWJztAqXsrlylET/cNUhkTT3DlAvM0mPRj/AXFiNfKmreR:etGSB+pJJAysxna4kTqvMVcXFi8jR

imphash 50f433a443bc36990996bb4d4dd484aa
File size 1.5 KB ( 1536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-09 05:57:48 UTC ( 4 years, 10 months ago )
Last submission 2018-04-07 17:39:55 UTC ( 1 month, 2 weeks ago )
File names test.exe
main.exe
winemenubuilder.exe
basic.exe
winemenubuilder.exe
9A79D77DDC2E4A6EE91DF5BFB4F7BAF48F3DA1A84F38FB0F427F5D318F35FE9A
empty.exe
winemenubuilder.exe
winemenubuilder.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications