× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a96f7f894b88f8521ec196a2da4527ba026b8134a99a55e02fd7c4d023a2554c
File name: edg1.exe
Detection ratio: 1 / 57
Analysis date: 2015-03-06 09:09:06 UTC ( 4 years, 2 months ago ) View latest
Antivirus Result Update
Norman Dridex.K 20150306
Ad-Aware 20150306
AegisLab 20150306
Yandex 20150228
AhnLab-V3 20150306
Alibaba 20150306
ALYac 20150306
Antiy-AVL 20150306
Avast 20150306
AVG 20150306
Avira (no cloud) 20150306
AVware 20150306
Baidu-International 20150306
BitDefender 20150306
Bkav 20150305
ByteHero 20150306
CAT-QuickHeal 20150306
ClamAV 20150306
CMC 20150304
Comodo 20150306
Cyren 20150306
DrWeb 20150306
Emsisoft 20150306
ESET-NOD32 20150306
F-Prot 20150306
F-Secure 20150306
Fortinet 20150306
GData 20150306
Ikarus 20150306
Jiangmin 20150306
K7AntiVirus 20150306
K7GW 20150306
Kaspersky 20150306
Kingsoft 20150306
Malwarebytes 20150306
McAfee 20150306
McAfee-GW-Edition 20150306
Microsoft 20150306
eScan 20150306
NANO-Antivirus 20150306
nProtect 20150306
Panda 20150306
Qihoo-360 20150306
Rising 20150305
Sophos AV 20150306
SUPERAntiSpyware 20150306
Symantec 20150306
Tencent 20150306
TheHacker 20150306
TotalDefense 20150306
TrendMicro 20150306
TrendMicro-HouseCall 20150306
VBA32 20150305
VIPRE 20150306
ViRobot 20150306
Zillya 20150305
Zoner 20150306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Publisher ?????????? ??????????
Product ???????????? ??????? Microsoft® Windows®
Original name TypePerf.exe
Internal name TypePerf.exe
File version 5.1.2600.0 (XPClient.010817-1148)
Description ????????? ??????? ??? ??????? ?? ????????? ??????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-10 10:14:15
Entry Point 0x00006020
Number of sections 11
PE sections
PE imports
GetLastError
Sleep
VirtualLock
GetHandleInformation
ExitThread
GetModuleHandleW
ShowOwnedPopups
MessageBoxA
malloc
fabs
Number of PE resources by type
RT_STRING 12
RT_VERSION 1
Number of PE resources by language
RUSSIAN 13
PE resources
ExifTool file metadata
UninitializedDataSize
4608

LinkerVersion
5.23

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.1.2600.0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
57344

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.0 (XPClient.010817-1148)

TimeStamp
2012:11:10 11:14:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TypePerf.exe

ProductVersion
5.1.2600.0

SubsystemVersion
4.1

OSVersion
4.1

OriginalFilename
TypePerf.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
21504

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.0

Warning
Possibly corrupt Version resource

EntryPoint
0x6020

ObjectFileType
Executable application

File identification
MD5 6c2cc02fb4dae96cdb94ba82db86517c
SHA1 a0b9b6c1f08122c5f8198342cb55a2d7720d3507
SHA256 a96f7f894b88f8521ec196a2da4527ba026b8134a99a55e02fd7c4d023a2554c
ssdeep
1536:IWApnhnBgP1Z2WX31Vym3gBz+aFCX62WyA4mehgeoeXnMl0wA4eVxdU6:IXn7i1ZL1VymOz+aFgu4HgeoYLzLdU6

authentihash 9a793ce8d904d9e0c7b700deb15e70825025e3806790abed43cac4aee94379cf
imphash 868a3126e84259966065b45a2893728d
File size 85.0 KB ( 87040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.4%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-03-06 09:09:06 UTC ( 4 years, 2 months ago )
Last submission 2015-03-06 15:37:56 UTC ( 4 years, 2 months ago )
File names edg7.exe
TypePerf.exe
edg1.exe
edg8DA.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
TCP connections