× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9bda3b96e97ab4d42a350f8d57ca1df8a26210bdd1d6dbb936416843cf852e03
File name: gogo.exe
Detection ratio: 0 / 42
Analysis date: 2012-07-16 23:04:54 UTC ( 1 year, 9 months ago )
Antivirus Result Update
AVG 20120716
AhnLab-V3 20120716
AntiVir 20120716
Antiy-AVL 20120712
Avast 20120716
BitDefender 20120716
ByteHero 20120716
CAT-QuickHeal 20120716
ClamAV 20120717
Commtouch 20120716
Comodo 20120716
DrWeb 20120717
ESET-NOD32 20120716
Emsisoft 20120717
F-Prot 20120716
F-Secure 20120717
Fortinet 20120716
GData 20120716
Ikarus 20120716
Jiangmin 20120716
K7AntiVirus 20120716
Kaspersky 20120716
McAfee 20120717
McAfee-GW-Edition 20120716
Microsoft 20120717
Norman 20120716
PCTools 20120717
Panda 20120716
Rising 20120716
SUPERAntiSpyware 20120715
Sophos 20120716
Symantec 20120716
TheHacker 20120716
TotalDefense 20120713
TrendMicro 20120717
TrendMicro-HouseCall 20120716
VBA32 20120716
VIPRE 20120717
ViRobot 20120716
VirusBuster 20120717
eSafe 20120717
nProtect 20120716
The file being studied is a Portable Executable file! More specifically, it is a unknown file for the Windows GUI subsystem.
Authenticode signature block
Copyright
(c) Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Windows_ Internet Explorer
Original name WEXTRACT.EXE .MUI
Internal name Wextract
File version 9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
Description Win32 Cabinet Self-Extractor
Packers identified
F-PROT SFX
PE header basic information
Target machine x64
Compilation timestamp 2011-03-08 12:37:13
Entry Point 0x0000C350
Number of sections 5
PE sections
PE imports
OpenProcessToken, GetTokenInformation, RegSetValueExA, EqualSid, RegQueryValueExA, LookupPrivilegeValueA, RegCreateKeyExA, RegOpenKeyExA, RegQueryInfoKeyA, RegDeleteValueA, AllocateAndInitializeSid, FreeSid, AdjustTokenPrivileges, RegCloseKey
GetDeviceCaps
GetCurrentProcess, GlobalLock, _lclose, ExpandEnvironmentStringsA, GetWindowsDirectoryA, GlobalAlloc, GetPrivateProfileIntA, GetFileAttributesA, IsDBCSLeadByte, GetSystemDirectoryA, GlobalUnlock, GetShortPathNameA, CreateDirectoryA, FindFirstFileA, GetLastError, GetProcAddress, RemoveDirectoryA, SetFileAttributesA, GlobalFree, FindClose, GetPrivateProfileStringA, LoadLibraryA, LocalAlloc, WritePrivateProfileStringA, GetModuleFileNameA, FindNextFileA, CompareStringA, _lopen, CloseHandle, LocalFree, DeleteFileA, ExitProcess, DosDateTimeToFileTime, FreeLibrary, FindResourceA, SetFilePointer, FreeResource, LoadResource, WaitForSingleObject, SetEvent, GetModuleHandleW, FormatMessageA, SetFileTime, WriteFile, GetDriveTypeA, GetVolumeInformationA, TerminateThread, SizeofResource, CreateEventA, GetExitCodeProcess, lstrlenA, ReadFile, SetCurrentDirectoryA, GetTempFileNameA, ResetEvent, LockResource, GetSystemInfo, LoadLibraryExA, CreateMutexA, GetCurrentDirectoryA, GetVersionExA, GetVersion, GetTempPathA, CreateThread, LocalFileTimeToFileTime, Sleep, CreateFileA, _llseek, lstrcmpA, GetStartupInfoW, OutputDebugStringA, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, EnumResourceLanguagesA, MulDiv, GetDiskFreeSpaceA, CreateProcessA
ReleaseDC, PeekMessageA, MessageBoxA, GetDC, SendMessageA, SetForegroundWindow, MsgWaitForMultipleObjects, SendDlgItemMessageA, GetWindowLongPtrA, GetWindowRect, SetWindowPos, ShowWindow, SetWindowLongPtrA, DispatchMessageA, SetWindowTextA, EnableWindow, CallWindowProcA, DialogBoxIndirectParamA, GetDlgItemTextA, LoadStringA, MessageBeep, CharUpperA, CharNextA, ExitWindowsEx, CharPrevA, EndDialog, GetDesktopWindow, SetDlgItemTextA, GetDlgItem, GetSystemMetrics
GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
__set_app_type, memcpy, memset, _terminate@@YAXXZ, _fmode, _acmdln, exit, _commode, __setusermatherr, _amsg_exit, _cexit, _ismbblead, _exit, _XcptFilter, __C_specific_handler, __getmainargs, _errno, _vsnprintf, _initterm
ExifTool file metadata
SubsystemVersion
5.2

LinkerVersion
10.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
9.0.8112.16421

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
236032

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

TimeStamp
2011:03:08 13:37:13+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
Wextract

ProductVersion
9.00.8112.16421

FileDescription
Win32 Cabinet Self-Extractor

OSVersion
6.1

OriginalFilename
WEXTRACT.EXE .MUI

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
Microsoft Corporation

CodeSize
53760

ProductName
Windows Internet Explorer

ProductVersionNumber
9.0.8112.16421

EntryPoint
0xc350

ObjectFileType
Executable application

File identification
MD5 d3776f1fcf6e1ffeab7b5dc893d1b8ef
SHA1 17593c1c8496737d7863bc06db4cf8299174cf08
SHA256 9bda3b96e97ab4d42a350f8d57ca1df8a26210bdd1d6dbb936416843cf852e03
ssdeep
6144:oWwCl8PaBsyVtp0yN90QE/0izsatThLIagGkG:oMnBs5y90mnatKa7

File size 284.0 KB ( 290816 bytes )
File type unknown
Magic literal
MS-DOS executable PE for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
VirusTotal metadata
First submission 2012-07-16 23:04:54 UTC ( 1 year, 9 months ago )
Last submission 2012-07-16 23:04:54 UTC ( 1 year, 9 months ago )
File names gogo.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!