× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af3417ac8f5770a4d7da4abfe1ab35fef72dbddb2672efc60491cf7b9a1b3941
File name: XGwdKLWhYBDqWBb.exe
Detection ratio: 10 / 55
Analysis date: 2015-07-17 12:10:14 UTC ( 3 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.682238 20150717
Arcabit Trojan.Kazy.DA68FE 20150717
BitDefender Gen:Variant.Kazy.682238 20150717
Bkav HW32.Packed.AE9B 20150717
Emsisoft Gen:Variant.Kazy.682238 (B) 20150717
ESET-NOD32 Win32/Battdil.AH 20150717
GData Gen:Variant.Kazy.682238 20150717
eScan Gen:Variant.Kazy.682238 20150717
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150717
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150713
AegisLab 20150717
Yandex 20150717
AhnLab-V3 20150717
Alibaba 20150717
ALYac 20150717
Antiy-AVL 20150717
Avast 20150717
AVG 20150717
Avira (no cloud) 20150717
AVware 20150717
Baidu-International 20150717
ByteHero 20150717
CAT-QuickHeal 20150717
ClamAV 20150716
Comodo 20150717
Cyren 20150717
DrWeb 20150717
F-Prot 20150717
F-Secure 20150716
Fortinet 20150717
Ikarus 20150717
Jiangmin 20150716
K7AntiVirus 20150717
K7GW 20150717
Kaspersky 20150717
Kingsoft 20150717
Malwarebytes 20150717
McAfee 20150717
McAfee-GW-Edition 20150716
Microsoft 20150717
NANO-Antivirus 20150717
nProtect 20150717
Panda 20150717
Sophos AV 20150717
SUPERAntiSpyware 20150717
Symantec 20150717
Tencent 20150717
TheHacker 20150713
TrendMicro 20150717
TrendMicro-HouseCall 20150717
VBA32 20150717
VIPRE 20150717
ViRobot 20150717
Zillya 20150717
Zoner 20150717
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Microsystems High-Level Software©. All rights reserved.

Product Microsystems High-Level Software
File version 3.1
Description Microsystems High-Level Software
Comments Microsystems High-Level Software
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-18 10:05:43
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
OpenInputDesktop
PostMessageA
SetMenuItemInfoA
MessageBoxA
DrawMenuBar
PostQuitMessage
DefWindowProcA
DialogBoxIndirectParamA
DestroyWindow
Number of PE resources by type
RT_ACCELERATOR 1
RT_MANIFEST 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
CodeSize
484864

FileDescription
Microsystems High-Level Software

Comments
Microsystems High-Level Software

InitializedDataSize
4608

ImageVersion
0.0

ProductName
Microsystems High-Level Software

FileVersionNumber
3.1.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.1

TimeStamp
2015:06:18 11:05:43+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
0.3.1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Microsystems High-Level Software . All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Philip & Terence Co.

LegalTrademarks
Microsystems High-Level Software . 2012

FileSubtype
0

ProductVersionNumber
0.3.1.0

EntryPoint
0x1000

ObjectFileType
Executable application

File identification
MD5 efa2887ab892c34a5025aa3f943f49a9
SHA1 369036792d7830cfbb74f0e28723e9e72432e3ca
SHA256 af3417ac8f5770a4d7da4abfe1ab35fef72dbddb2672efc60491cf7b9a1b3941
ssdeep
12288:3KxV7CZYXiu8goveL3ZKf9szFhSgNPSGKw3od:3CwyioceLZOybVN3od

authentihash 3133e0e557867a1b191a117d9ef04173b9905312dd4eda48157fff0eb4340bd8
imphash a81f94eecf7e5736f9274cc018bf058e
File size 479.0 KB ( 490496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.2%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-07-17 11:49:27 UTC ( 3 years, 10 months ago )
Last submission 2015-07-17 12:10:14 UTC ( 3 years, 10 months ago )
File names XGwdKLWhYBDqWBb.exe.1232927218
XGwdKLWhYBDqWBb.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R0CCC0DGL15.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs