× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9fa09bc880d94778b92c28bc8eedda743aa6852dbb977fa724353744dd626be5
File name: fmt_01.exe
Detection ratio: 10 / 71
Analysis date: 2019-01-11 02:16:54 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20190110
AVG FileRepMalware 20190110
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181023
DrWeb Adware.WDJiange.58 20190110
eGambit Unsafe.AI_Score_99% 20190111
ESET-NOD32 a variant of Win32/TrojanDownloader.Adload.NTV 20190111
Ikarus Trojan-Downloader.Win32.Adload 20190110
Malwarebytes Trojan.Downloader 20190111
Microsoft TrojanDownloader:Win32/Adload 20190111
Symantec ML.Attribute.HighConfidence 20190110
Acronis 20190110
Ad-Aware 20190110
AegisLab 20190110
AhnLab-V3 20190110
Alibaba 20180921
ALYac 20190110
Antiy-AVL 20190110
Arcabit 20190110
Avast-Mobile 20190110
Avira (no cloud) 20190110
Babable 20180918
Baidu 20190110
BitDefender 20190110
Bkav 20190108
CAT-QuickHeal 20190110
ClamAV 20190110
CMC 20190110
Comodo 20190110
Cybereason 20190109
Cylance 20190111
Cyren 20190110
Emsisoft 20190110
Endgame 20181108
F-Prot 20190110
F-Secure 20190110
Fortinet 20190110
GData 20190110
Sophos ML 20181128
Jiangmin 20190110
K7AntiVirus 20190110
K7GW 20190110
Kaspersky 20190111
Kingsoft 20190111
MAX 20190111
McAfee 20190111
McAfee-GW-Edition 20190111
eScan 20190111
NANO-Antivirus 20190111
Palo Alto Networks (Known Signatures) 20190111
Panda 20190110
Qihoo-360 20190111
Rising 20190111
SentinelOne (Static ML) 20181223
Sophos AV 20190111
SUPERAntiSpyware 20190109
TACHYON 20190111
Tencent 20190111
TheHacker 20190106
TotalDefense 20190110
Trapmine 20190103
TrendMicro 20190111
TrendMicro-HouseCall 20190111
Trustlook 20190111
VBA32 20190110
VIPRE 20190111
ViRobot 20190111
Webroot 20190111
Yandex 20190110
Zillya 20190110
ZoneAlarm by Check Point 20190111
Zoner 20190111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2018

Product 迷你新闻
Original name ShowXXWnd.exe
Internal name ShowXXWnd.exe
File version 2018.8.2.10
Description 迷你新闻
Signature verification Signed file, verified signature
Signing date 2:16 PM 2/8/2019
Signers
[+] 杭州九天网络信息技术有限公司
Status Valid
Issuer GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
Valid from 04:18 AM 10/16/2018
Valid to 04:18 AM 10/16/2021
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint FA79D27ECCF3A9D33A7F4E5F6CB96BBF404FC368
Serial number 33 9C 47 B2 20 64 4D D3 95 ED 08 18
[+] GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
Status Valid
Issuer GlobalSign
Valid from 11:00 PM 06/14/2016
Valid to 11:00 PM 06/14/2024
Valid usage Code Signing, OCSP Signing
Algorithm sha256RSA
Thumbprint 87A63D9ADB627D777836153C680A3DFCF27DE90C
Serial number 48 1B 6A 07 A9 42 4C 1E AA FE F3 CD F1 0F
[+] GlobalSign
Status Valid
Issuer GlobalSign Root CA
Valid from 10:00 AM 11/18/2009
Valid to 10:00 AM 03/18/2019
Valid usage All
Algorithm sha256RSA
Thumbprint 4765557AF418C68A641199146A7E556AA8242996
Serial number 04 00 00 00 00 01 25 07 1D F9 AF
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-03 12:35:19
Entry Point 0x000A6ACB
Number of sections 7
PE sections
Overlays
MD5 abecf361aace94964d6ce12df83cbb33
File type data
Offset 1348096
Size 4512
Entropy 7.39
PE imports
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
Ord(17)
InitCommonControlsEx
_TrackMouseEvent
GetCharABCWidthsW
GetTextMetricsW
TextOutW
CreateFontIndirectW
SetBitmapBits
GetClipBox
CreatePen
SaveDC
GdiFlush
CreateRectRgnIndirect
CombineRgn
SetStretchBltMode
GetBitmapBits
GetDeviceCaps
CreateCompatibleDC
DeleteDC
RestoreDC
SetBkMode
PtInRegion
DeleteObject
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
CreateEnhMetaFileW
MoveToEx
SetWindowOrgEx
GetStockObject
CreateDIBitmap
PlayEnhMetaFile
LineTo
ExtSelectClipRgn
CreateRoundRectRgn
SelectClipRgn
RoundRect
StretchBlt
CloseEnhMetaFile
CreateRectRgn
SelectObject
GetEnhMetaFileHeader
CreateSolidBrush
SetBkColor
GetTextExtentPoint32W
CreateCompatibleBitmap
CreatePenIndirect
ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
GetStdHandle
GetDriveTypeW
VerifyVersionInfoA
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
ExpandEnvironmentStringsA
LoadLibraryExW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
FreeLibraryAndExitThread
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
SetLastError
PeekNamedPipe
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
VerSetConditionMask
GetPrivateProfileStringA
EnumSystemLocalesW
TlsGetValue
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
GetPrivateProfileStringW
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
GetSystemDirectoryA
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
CreateEventW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SleepEx
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
ExitThread
DosDateTimeToFileTime
GetFileSize
WaitForMultipleObjects
GetStartupInfoW
CreateDirectoryW
GetProcAddress
GetProcessHeap
CompareStringW
lstrcpyW
FindNextFileW
ResetEvent
FindFirstFileW
IsValidLocale
DuplicateHandle
FindFirstFileExW
GetUserDefaultLCID
SetEvent
ReadConsoleW
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
WaitForSingleObjectEx
lstrlenW
Process32NextW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
WritePrivateProfileStringW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
FreeResource
GetFileAttributesExW
FindResourceExW
IsValidCodePage
FindResourceW
Sleep
SysFreeString
VariantClear
VariantInit
SysAllocString
Shell_NotifyIconW
ShellExecuteW
SHGetSpecialFolderPathW
CommandLineToArgvW
DragQueryFileW
PathRemoveFileSpecW
SetFocus
GetForegroundWindow
SetWindowRgn
DestroyWindow
DestroyMenu
PostQuitMessage
SetWindowPos
IsWindow
EndPaint
WindowFromPoint
DispatchMessageW
GetCursorPos
ReleaseDC
SendMessageW
GetClientRect
DefWindowProcW
DrawTextW
ScreenToClient
LoadImageW
GetActiveWindow
MapVirtualKeyExW
GetWindowTextLengthW
InvalidateRgn
PtInRect
GetParent
GetPropW
CreateCaret
GetWindowTextW
GetMessageW
ShowWindow
GetCaretPos
SetPropW
EnableWindow
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
IsZoomed
SetWindowLongW
EnableMenuItem
SetTimer
GetKeyboardLayout
FillRect
CreateAcceleratorTableW
CreateWindowExW
GetWindowLongW
GetUpdateRect
GetGUIThreadInfo
CharNextW
MapWindowPoints
GetMonitorInfoW
BeginPaint
OffsetRect
SetCaretPos
KillTimer
CharPrevW
GetClassInfoExW
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
PostMessageW
InvalidateRect
CreatePopupMenu
ShowCaret
SetWindowTextW
ClientToScreen
TrackPopupMenu
GetDesktopWindow
LoadCursorW
LoadIconW
GetDC
SetForegroundWindow
GetCaretBlinkTime
IntersectRect
HideCaret
FindWindowW
GetShellWindow
GetWindowThreadProcessId
MessageBoxW
RegisterClassExW
MoveWindow
AppendMenuW
GetSysColor
GetKeyState
GetWindowRgn
UpdateLayeredWindow
IsWindowVisible
UnionRect
MonitorFromWindow
SetRect
GetKeyNameTextW
CallWindowProcW
GetClassNameW
IsRectEmpty
GetFocus
SetCursor
DeleteUrlCacheEntryW
Ord(301)
Ord(50)
Ord(143)
Ord(79)
Ord(41)
Ord(22)
Ord(46)
Ord(211)
Ord(30)
Ord(60)
Ord(200)
Ord(33)
Ord(32)
Ord(26)
Ord(27)
Ord(35)
getaddrinfo
accept
ioctlsocket
WSAStartup
freeaddrinfo
connect
getsockname
htons
WSASetLastError
select
gethostname
getsockopt
closesocket
send
ntohs
WSAGetLastError
listen
__WSAFDIsSet
WSACleanup
gethostbyname
getpeername
recv
WSAIoctl
setsockopt
socket
bind
recvfrom
sendto
GdipCreateFontFromDC
GdipDrawRectangleI
GdipLoadImageFromStreamICM
GdipDrawImageRectI
GdipDeleteBrush
GdipCreateSolidFill
GdipSetSmoothingMode
GdipMeasureString
GdiplusShutdown
GdipCreatePen1
GdipImageGetFrameDimensionsCount
GdipSetStringFormatTrimming
GdipImageSelectActiveFrame
GdiplusStartup
GdipDeleteGraphics
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFromHDC
GdipLoadImageFromStream
GdipCloneBrush
GdipSetStringFormatAlign
GdipImageGetFrameCount
GdipGetImageWidth
GdipGetPropertyItem
GdipAlloc
GdipGetPropertyItemSize
GdipStringFormatGetGenericTypographic
GdipDeletePen
GdipFillRectangleI
GdipSetInterpolationMode
GdipCloneStringFormat
GdipFree
GdipDrawString
GdipSetStringFormatFlags
GdipGetImageHeight
GdipDeleteStringFormat
GdipSetPenMode
GdipDisposeImage
GdipCloneImage
GdipImageGetFrameDimensionsList
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
CreateStreamOnHGlobal
OleLockRunning
CoUninitialize
CoInitialize
ReleaseStgMedium
RegisterDragDrop
CoCreateInstance
CLSIDFromProgID
DoDragDrop
RevokeDragDrop
OleDuplicateData
CLSIDFromString
URLDownloadToFileW
Number of PE resources by type
RT_ICON 19
RT_GROUP_ICON 3
DATA 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 29
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
0.0

FileVersionNumber
1.1.1.1

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
486912

EntryPoint
0xa6acb

OriginalFileName
ShowXXWnd.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2018

FileVersion
2018.8.2.10

TimeStamp
2019:01:03 13:35:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ShowXXWnd.exe

ProductVersion
2018.8.2.10

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
866304

FileSubtype
0

ProductVersionNumber
1.1.1.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5e48d5c2e6e1db621ce7815a403c0828
SHA1 44470e780084ffca3eb3641bdb22ab5f9042b9f5
SHA256 9fa09bc880d94778b92c28bc8eedda743aa6852dbb977fa724353744dd626be5
ssdeep
24576:U7nkM1F+DUPrsJfop8zzAb57DfTt7BBTNgQNUY5:U7kM1YDYrsJ1Yx7tTTCUv5

authentihash c4579cb35d560427d6d9171069651282a3f26a40aca2ce5c313e23aafb46a83d
imphash 2bb8153203457abdc899426e72167635
File size 1.3 MB ( 1352608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (87.1%)
Win32 Dynamic Link Library (generic) (4.9%)
Win32 Executable (generic) (3.3%)
OS/2 Executable (generic) (1.5%)
Generic Win/DOS Executable (1.4%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-01-11 02:16:54 UTC ( 1 month, 1 week ago )
Last submission 2019-01-28 08:18:28 UTC ( 3 weeks ago )
File names fmt_01.exe
tips_01.exe
ShowXXWnd.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.