× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a9e3c6ff238cd1e4a5a2d3312bfad59091c25698e6c072623af279a58ebbe254
File name: picture.message.gif.exe
Detection ratio: 11 / 48
Analysis date: 2013-09-19 14:07:24 UTC ( 6 months, 4 weeks ago ) View latest
Antivirus Result Update
AntiVir TR/Sharik.B 20130919
Commtouch W32/Trojan.XTWU-6193 20130919
DrWeb Trojan.DownLoader9.22851 20130919
ESET-NOD32 Win32/TrojanDownloader.Zurgop.BH 20130919
F-Prot W32/Trojan2.NXHF 20130919
McAfee PWSZbot-FEN!5D69A364FFA8 20130919
McAfee-GW-Edition Artemis!5D69A364FFA8 20130919
Panda Trj/dtcontx.H 20130919
Sophos Mal/Generic-S 20130919
Symantec Trojan.Zbot 20130919
TrendMicro-HouseCall TROJ_GEN.F01WH0ZIJ13 20130919
AVG 20130919
Agnitum 20130919
AhnLab-V3 20130919
Antiy-AVL 20130919
Avast 20130919
Baidu-International 20130919
BitDefender 20130919
Bkav 20130919
ByteHero 20130919
CAT-QuickHeal 20130919
ClamAV 20130919
Comodo 20130919
Emsisoft 20130919
F-Secure 20130919
Fortinet 20130919
GData 20130919
Ikarus 20130919
Jiangmin 20130903
K7AntiVirus 20130918
K7GW 20130918
Kaspersky 20130919
Kingsoft 20130829
Malwarebytes 20130919
MicroWorld-eScan 20130919
Microsoft 20130919
NANO-Antivirus 20130918
Norman 20130919
PCTools 20130919
Rising 20130918
SUPERAntiSpyware 20130919
TheHacker 20130919
TotalDefense 20130918
TrendMicro 20130919
VBA32 20130919
VIPRE 20130919
ViRobot 20130919
nProtect 20130917
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright ? 2013

Product S0egwehr
Original name sgsh.exe
Internal name sgrsh
File version 1, 0, 0, 1
Description gsbersb
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-17 16:47:53
Entry Point 0x00008166
Number of sections 6
PE sections
PE imports
GetCharABCWidthsFloatA
GetTextExtentExPointW
GetTextMetricsA
GetTimeFormatW
TerminateProcess
GetStartupInfoW
LCMapStringW
GetModuleFileNameW
GetFileType
LoadLibraryW
LCMapStringA
QueryPerformanceCounter
UnhandledExceptionFilter
Sleep
CompareStringA
CreateFileA
GetModuleFileNameA
GetModuleHandleW
GetCurrentThread
Ord(3820)
Ord(4525)
Ord(1131)
Ord(2438)
Ord(5573)
Ord(4621)
Ord(6642)
Ord(5298)
Ord(354)
Ord(2980)
Ord(6371)
Ord(4364)
Ord(1971)
Ord(6113)
Ord(642)
Ord(459)
Ord(665)
Ord(5208)
Ord(4073)
Ord(1089)
Ord(5996)
Ord(5278)
Ord(5006)
Ord(3733)
Ord(5736)
Ord(2244)
Ord(6798)
Ord(4523)
Ord(4442)
Ord(5727)
Ord(4267)
Ord(807)
Ord(4420)
Ord(4884)
Ord(4616)
Ord(3167)
Ord(2478)
Ord(2873)
Ord(327)
Ord(4518)
Ord(4717)
Ord(4852)
Ord(1569)
Ord(4539)
Ord(6611)
Ord(6370)
Ord(815)
Ord(4520)
Ord(366)
Ord(3257)
Ord(2717)
Ord(5236)
Ord(3917)
Ord(6858)
Ord(4583)
Ord(3449)
Ord(2388)
Ord(5277)
Ord(5256)
Ord(338)
Ord(6332)
Ord(4343)
Ord(2502)
Ord(3076)
Ord(3345)
Ord(1202)
Ord(6805)
Ord(1739)
Ord(4430)
Ord(3142)
Ord(3060)
Ord(3193)
Ord(4414)
Ord(4617)
Ord(4381)
Ord(1165)
Ord(794)
Ord(5097)
Ord(6799)
Ord(5092)
Ord(3998)
Ord(825)
Ord(6836)
Ord(4604)
Ord(5710)
Ord(5237)
Ord(641)
Ord(5276)
Ord(4146)
Ord(4401)
Ord(2874)
Ord(1203)
Ord(6050)
Ord(4957)
Ord(4335)
Ord(4692)
Ord(4886)
Ord(6803)
Ord(4233)
Ord(1196)
Ord(5070)
Ord(1767)
Ord(4613)
Ord(975)
Ord(4480)
Ord(4229)
Ord(2028)
Ord(4582)
Ord(6048)
Ord(6850)
Ord(2047)
Ord(4537)
Ord(4954)
Ord(5286)
Ord(813)
Ord(2504)
Ord(5867)
Ord(5257)
Ord(823)
Ord(6837)
Ord(800)
Ord(5157)
Ord(5468)
Ord(6847)
Ord(6617)
Ord(5261)
Ord(3074)
Ord(4334)
Ord(1934)
Ord(2613)
Ord(3592)
Ord(4609)
Ord(6806)
Ord(554)
Ord(4269)
Ord(6510)
Ord(6683)
Ord(6814)
Ord(2977)
Ord(2116)
Ord(5233)
Ord(1718)
Ord(4714)
Ord(2641)
Ord(1834)
Ord(3053)
Ord(796)
Ord(4665)
Ord(674)
Ord(4831)
Ord(6826)
Ord(4670)
Ord(6838)
Ord(4158)
Ord(6830)
Ord(4606)
Ord(6606)
Ord(6076)
Ord(2715)
Ord(4426)
Ord(3398)
Ord(4955)
Ord(6846)
Ord(4992)
Ord(5297)
Ord(4608)
Ord(4883)
Ord(4459)
Ord(5239)
Ord(3743)
Ord(986)
Ord(2377)
Ord(4893)
Ord(3825)
Ord(4419)
Ord(4074)
Ord(1719)
Ord(2640)
Ord(303)
Ord(2109)
Ord(5180)
Ord(4421)
Ord(3744)
Ord(2079)
Ord(3254)
Ord(2506)
Ord(4947)
Ord(3341)
Ord(4237)
Ord(2615)
Ord(1220)
Ord(4451)
Ord(5273)
Ord(4958)
Ord(6849)
Ord(4847)
Ord(6487)
Ord(2534)
Ord(1817)
Ord(4347)
Ord(5248)
Ord(1658)
Ord(324)
Ord(4341)
Ord(2391)
Ord(5296)
Ord(2527)
Ord(6823)
Ord(1768)
Ord(4704)
Ord(3793)
Ord(6561)
Ord(3826)
Ord(5193)
Ord(2971)
Ord(4298)
Ord(1720)
Ord(4075)
Ord(652)
Ord(5255)
Ord(5094)
Ord(6589)
Ord(3313)
Ord(6350)
Ord(6796)
Ord(743)
Ord(520)
Ord(1244)
Ord(4435)
Ord(5303)
Ord(620)
Ord(4817)
Ord(6171)
Ord(2546)
Ord(6848)
Ord(6051)
Ord(561)
Ord(6348)
Ord(527)
Ord(3054)
Ord(6372)
Ord(3131)
Ord(4154)
Ord(5059)
Ord(5285)
Ord(6583)
Ord(617)
Ord(6211)
Ord(4072)
Ord(4103)
Ord(529)
Ord(4370)
Ord(4607)
Ord(296)
Ord(6791)
Ord(5649)
Ord(4418)
Ord(6475)
Ord(6807)
Ord(5496)
Ord(2382)
Ord(4690)
Ord(6813)
_except_handler3
__p__fmode
malloc
__CxxFrameHandler
__wgetmainargs
_exit
__p__commode
__setusermatherr
__dllonexit
_onexit
exit
_XcptFilter
_initterm
_controlfp
_wcmdln
_adjust_fdiv
__set_app_type
GetCursorPos
SetTimer
UpdateWindow
EnableWindow
BeginPaint
GetDlgItemTextA
WinHelpA
GetDlgItem
PostQuitMessage
SetForegroundWindow
Number of PE resources by type
RT_STRING 14
RT_DIALOG 3
RT_ICON 2
RT_HTML 1
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
FRENCH 20
NEUTRAL 3
CHINESE SIMPLIFIED 2
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
40960

ImageVersion
0.0

ProductName
S0egwehr

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Slovenian

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
sgsh.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2013:09:17 17:47:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
sgrsh

ProductVersion
1, 0, 0, 1

FileDescription
gsbersb

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright ? 2013

MachineType
Intel 386 or later, and compatibles

CodeSize
40960

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x8166

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 5d69a364ffa8d641237baf4ec7bd641f
SHA1 9f02e92f8a381074b87766426dbf9988530379f1
SHA256 a9e3c6ff238cd1e4a5a2d3312bfad59091c25698e6c072623af279a58ebbe254
ssdeep
3072:N+uJ58HoGHQ9qa4kFBd0ov3NSXipzmawp:N+ukHoGw0Yvd5zmaQ

File size 118.2 KB ( 121045 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-09-19 09:25:21 UTC ( 6 months, 4 weeks ago )
Last submission 2013-10-31 15:33:33 UTC ( 5 months, 2 weeks ago )
File names sgsh.exe
c-b3c32-196-1379582703
5d69a364ffa8d641237baf4ec7bd641f
picture.messageID65932980.gif.exe
sgrsh
picture.message.gif.exe
Ticket Details.ticketweb.659037.pdf.exe
picture_messageID65932980_gif_exe
5d69a364ffa8d641237baf4ec7bd641f
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!