× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a5b117bda0c5d1b2551a7c5471784ac85457c1b8c8ec8a60b9be334e1e856b97
File name: 5fdbd791ac7946ff19c405ee0b7fa3450d8d1cd9
Detection ratio: 6 / 56
Analysis date: 2015-11-28 03:11:15 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.Xpack.331143 20151128
ESET-NOD32 Win32/TrojanDownloader.Agent.BXE 20151128
Fortinet W32/Waldek.BXE!tr 20151128
Kaspersky Trojan.Win32.Waldek.kr 20151128
Malwarebytes Trojan.Injector 20151127
Qihoo-360 QVM07.1.Malware.Gen 20151128
Ad-Aware 20151128
AegisLab 20151127
Yandex 20151127
AhnLab-V3 20151127
Alibaba 20151127
ALYac 20151128
Antiy-AVL 20151128
Arcabit 20151128
Avast 20151128
AVG 20151128
AVware 20151127
Baidu-International 20151127
BitDefender 20151128
Bkav 20151127
ByteHero 20151128
CAT-QuickHeal 20151126
ClamAV 20151128
CMC 20151127
Comodo 20151128
Cyren 20151128
DrWeb 20151128
Emsisoft 20151128
F-Prot 20151128
F-Secure 20151128
GData 20151128
Ikarus 20151128
Jiangmin 20151127
K7AntiVirus 20151127
K7GW 20151128
McAfee 20151128
McAfee-GW-Edition 20151128
Microsoft 20151128
eScan 20151128
NANO-Antivirus 20151127
nProtect 20151127
Panda 20151127
Rising 20151127
Sophos AV 20151128
SUPERAntiSpyware 20151127
Symantec 20151127
Tencent 20151128
TheHacker 20151127
TotalDefense 20151127
TrendMicro 20151128
TrendMicro-HouseCall 20151128
VBA32 20151126
VIPRE 20151128
ViRobot 20151128
Zillya 20151127
Zoner 20151128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-04-10 09:56:05
Entry Point 0x000110EA
Number of sections 4
PE sections
Overlays
MD5 9b7696e91ad526600fd95f0d1ec63d63
File type data
Offset 229376
Size 2227
Entropy 6.15
PE imports
DestroyPrivateObjectSecurity
LookupSecurityDescriptorPartsA
CreateProcessAsUserA
BuildImpersonateTrusteeA
RegOpenKeyExA
ImpersonateNamedPipeClient
MapGenericMask
ImageList_GetIcon
ImageList_GetDragImage
CreateEllipticRgnIndirect
CreatePalette
GetRasterizerCaps
AnimatePalette
SetMetaFileBitsEx
ImmSetConversionStatus
ImmGetDefaultIMEWnd
ImmGetContext
GetLastError
GetStartupInfoA
GetLogicalDrives
DosDateTimeToFileTime
GetTimeZoneInformation
GetModuleHandleA
GetSystemDirectoryW
GetCommState
GetCurrentProcess
HeapSize
GetFullPathNameW
GetFileAttributesExA
GetStringTypeExA
GetModuleFileNameA
FlushInstructionCache
GenerateConsoleCtrlEvent
WNetGetProviderNameA
_adjust_fdiv
__p__fmode
fabs
_acmdln
_cputs
__setusermatherr
_dup
abs
__getmainargs
_initterm
_controlfp
__p__commode
__set_app_type
RasHangUpA
MessageBeep
CommDlgExtendedError
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 9
RT_DIALOG 5
RT_VERSION 1
Struct(111) 1
Number of PE resources by language
ENGLISH AUS 14
ESTONIAN DEFAULT 11
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
1617920

ImageVersion
0.0

FileVersionNumber
0.61.252.203

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Never

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Meeter.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0,234,162,18

TimeStamp
2008:04:10 09:56:05+00:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0,197,2,79

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Reels (C) 2016

MachineType
Intel 386 or later, and compatibles

CompanyName
QUALCOMM Incorporated.

CodeSize
69632

FileSubtype
0

ProductVersionNumber
0.108.204.242

EntryPoint
0x110ea

ObjectFileType
Executable application

File identification
MD5 e8e18a4bca24ed7f82ce4f4312982382
SHA1 5fdbd791ac7946ff19c405ee0b7fa3450d8d1cd9
SHA256 a5b117bda0c5d1b2551a7c5471784ac85457c1b8c8ec8a60b9be334e1e856b97
ssdeep
3072:yJ0/jlnCohV4iaAhYPQ+g5zCnWEVGPLNfBTF0PgP/8DENPMNfQefExo:yJ05nvLnmoTzoWEEJrJMNQi

authentihash ebd1a7827573f6f664f3acf05cb6ad2a8ad2ad2da6dc8d4c929e2f8bea438575
imphash 1a314afa5766253058b48bfc3423b53b
File size 226.2 KB ( 231603 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-11-28 03:11:15 UTC ( 3 years, 2 months ago )
Last submission 2015-11-28 03:11:15 UTC ( 3 years, 2 months ago )
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00JC0DKU15.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections