× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ab12a6b6d3f7ab00630fbb9558b725c2d25cf59a133ee0db807eaf3e851c3e4b
File name: ser1004.png
Detection ratio: 13 / 65
Analysis date: 2017-10-05 02:22:37 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20171005
AVG FileRepMalware 20171005
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170930
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20171005
Endgame malicious (high confidence) 20170821
Kaspersky UDS:DangerousObject.Multi.Generic 20171005
McAfee-GW-Edition BehavesLike.Win32.Downloader.gc 20171005
Palo Alto Networks (Known Signatures) generic.ml 20171005
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/Generic-S 20171005
Webroot W32.Trojan.Gen 20171005
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171005
Ad-Aware 20171004
AegisLab 20171005
AhnLab-V3 20171004
Alibaba 20170911
ALYac 20171005
Antiy-AVL 20171005
Arcabit 20171005
Avast-Mobile 20171004
Avira (no cloud) 20171004
AVware 20171005
BitDefender 20171005
Bkav 20171004
CAT-QuickHeal 20171004
ClamAV 20171005
CMC 20171004
Comodo 20171005
Cyren 20171005
DrWeb 20171005
Emsisoft 20171005
ESET-NOD32 20171005
F-Prot 20171005
F-Secure 20171005
Fortinet 20171005
GData 20171005
Ikarus 20171004
Sophos ML 20170914
Jiangmin 20171005
K7AntiVirus 20171004
K7GW 20171005
Kingsoft 20171005
Malwarebytes 20171005
MAX 20171005
McAfee 20171005
Microsoft 20171005
eScan 20171005
NANO-Antivirus 20171004
nProtect 20171005
Panda 20171004
Qihoo-360 20171005
Rising 20171005
SUPERAntiSpyware 20171005
Symantec 20171005
Symantec Mobile Insight 20171004
Tencent 20171005
TheHacker 20171002
TrendMicro 20171005
TrendMicro-HouseCall 20171004
Trustlook 20171005
VBA32 20171004
VIPRE 20171004
ViRobot 20171004
WhiteArmor 20170927
Yandex 20171004
Zillya 20171004
Zoner 20171005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-16 20:59:19
Entry Point 0x000013D0
Number of sections 4
PE sections
PE imports
CreateCompatibleDC
CreateFileMappingW
GetLastError
GetStartupInfoA
GetFileSize
GetModuleHandleA
GetCommandLineW
GetCurrentDirectoryA
CloseHandle
CreateFileA
_except_handler3
__p__fmode
memset
_adjust_fdiv
__setusermatherr
__p__commode
_controlfp
__p__acmdln
exit
_XcptFilter
__getmainargs
_initterm
_exit
strlen
strcmp
__set_app_type
CommandLineToArgvW
GetMessageA
UpdateWindow
GetScrollRange
EndDialog
LoadBitmapW
PostQuitMessage
DefWindowProcA
ShowWindow
SetScrollRange
DispatchMessageA
SetMenu
TranslateMessage
DialogBoxParamA
GetScrollInfo
RegisterClassExA
GetDlgCtrlID
LoadStringA
SendMessageA
CreateWindowExA
RemovePropW
ScreenToClient
InvalidateRect
LoadAcceleratorsA
wsprintfA
SetTimer
LoadCursorA
GetClassNameW
GetActiveWindow
TranslateAcceleratorA
GetDesktopWindow
LoadCursorW
RedrawWindow
GetWindowLongW
PtInRect
DestroyWindow
Number of PE resources by type
RT_STRING 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:12:16 21:59:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
113664

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
353792

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x13d0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 a10d22237dc19877f46434473f6d543a
SHA1 f15c6026a82aa3c5b13a970e705b6d5293d33511
SHA256 ab12a6b6d3f7ab00630fbb9558b725c2d25cf59a133ee0db807eaf3e851c3e4b
ssdeep
6144:ehC3IAVBrJ7M6fF2xiyUkPK6EPLDBhMwsfONGlth/fubs3FfjE1/ooE9r0:e83PdM6cpS6EjDcwsxhuI1fS/oo2r0

authentihash 8c5021cf6d54b477a0df5bd78d293ae4292404a260a1e311241faec990eac440
imphash f5f4f9f30b4eae1b8b487dbe292a13c8
File size 455.5 KB ( 466432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-04 22:07:08 UTC ( 1 year, 3 months ago )
Last submission 2018-02-20 11:04:15 UTC ( 11 months ago )
File names VirusShare_a10d22237dc19877f46434473f6d543a
ser1004.png
samples_05_10_2017 (4)
aqdccc.exE
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications