× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9e2acb4176669e48f7a0aadd3fcbb39ade979b8843be87db9da5a42fe10ec290
File name: gplc.exe
Detection ratio: 0 / 46
Analysis date: 2013-03-06 01:42:59 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Yandex 20130305
AhnLab-V3 20130305
AntiVir 20130305
Antiy-AVL 20130305
Avast 20130306
AVG 20130305
BitDefender 20130306
ByteHero 20130304
CAT-QuickHeal 20130305
ClamAV 20130306
Commtouch 20130306
Comodo 20130306
DrWeb 20130306
Emsisoft 20130306
eSafe 20130211
ESET-NOD32 20130306
F-Prot 20130306
F-Secure 20130306
Fortinet 20130306
GData 20130306
Ikarus 20130306
Jiangmin 20130304
K7AntiVirus 20130305
Kaspersky 20130305
Kingsoft 20130304
Malwarebytes 20130306
McAfee 20130306
McAfee-GW-Edition 20130306
Microsoft 20130306
eScan 20130306
NANO-Antivirus 20130306
Norman 20130305
nProtect 20130305
Panda 20130305
PCTools 20130306
Rising 20130305
Sophos AV 20130306
SUPERAntiSpyware 20130306
Symantec 20130305
TheHacker 20130305
TotalDefense 20130305
TrendMicro 20130306
TrendMicro-HouseCall 20130306
VBA32 20130305
VIPRE 20130306
ViRobot 20130306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Packers identified
F-PROT appended, embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-10-10 16:35:34
Entry Point 0x000013F8
Number of sections 12
PE sections
Overlays
MD5 0c1ad37e7a50f60e2ae227bcf7b8552f
File type data
Offset 102400
Size 35780
Entropy 4.15
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
GetLastError
GetStdHandle
EnterCriticalSection
GetSystemInfo
LoadLibraryW
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetVersionExA
CreatePipe
GetCurrentProcess
GetCurrentProcessId
OpenProcess
UnhandledExceptionFilter
GetProcAddress
lstrcmpiA
GetModuleHandleA
DeleteCriticalSection
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
TerminateProcess
CreateProcessA
InitializeCriticalSection
VirtualQuery
SearchPathA
TlsGetValue
Sleep
GetCurrentThreadId
LeaveCriticalSection
strncmp
__lconv_init
malloc
_access
realloc
fclose
strcat
__dllonexit
_open_osfhandle
isprint
_tempnam
fprintf
_cexit
fgets
fopen
_fmode
_amsg_exit
fputc
strtol
isalnum
_errno
feof
strtoul
_lock
_onexit
__initenv
fputs
isalpha
_strdup
sprintf
vfprintf
_unlink
_spawnvp
isspace
_acmdln
exit
_fdopen
_unlock
strrchr
_mktemp
getenv
free
__getmainargs
calloc
setbuf
_stricmp
__setusermatherr
perror
signal
strchr
strcmp
strstr
abort
strcpy
islower
_initterm
__set_app_type
isxdigit
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:10:10 17:35:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
25600

LinkerVersion
2.22

EntryPoint
0x13f8

InitializedDataSize
95744

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
57344

File identification
MD5 5adcbfc7905fe09065f9654f912b7b26
SHA1 f924913593616288fef6318fca175c99bd5cb497
SHA256 9e2acb4176669e48f7a0aadd3fcbb39ade979b8843be87db9da5a42fe10ec290
ssdeep
1536:fMMu8NDPCUUzgAmtjfOWn/HXlSk7bUMFCWEv8lDpG:f68N5/H9NY

authentihash cf6f54cd38f4fa17d4c46fd2dd417b961b04588174edef2c258c4c02c848d642
imphash 37508a2f2c10b8b40710dfcf795dd076
File size 134.9 KB ( 138180 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.1%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-03-06 01:42:59 UTC ( 4 years, 9 months ago )
Last submission 2016-03-10 15:41:53 UTC ( 1 year, 9 months ago )
File names gplc.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.