× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af4139e2c91341c2cade54b6adf67ddcfc41805103d4fb59419ec9973ee12a66
File name: f6w0p
Detection ratio: 7 / 55
Analysis date: 2016-11-01 10:48:45 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161101
Bkav HW32.Packed.3A91 20161031
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Sophos ML backdoor.win32.zegost.ci 20161018
Qihoo-360 HEUR/QVM39.1.0000.Malware.Gen 20161101
Symantec Heur.AdvML.B 20161101
VBA32 Malware-Cryptor.Grygoryi.3 20161031
Ad-Aware 20161101
AegisLab 20161101
AhnLab-V3 20161101
Alibaba 20161101
ALYac 20161101
Antiy-AVL 20161101
Arcabit 20161101
Avast 20161101
AVG 20161101
Avira (no cloud) 20161101
AVware 20161101
BitDefender 20161101
CAT-QuickHeal 20161101
ClamAV 20161101
CMC 20161101
Comodo 20161101
Cyren 20161031
DrWeb 20161101
Emsisoft 20161101
ESET-NOD32 20161101
F-Prot 20161031
F-Secure 20161101
Fortinet 20161101
GData 20161101
Ikarus 20161101
Jiangmin 20161031
K7AntiVirus 20161101
K7GW 20161101
Kaspersky 20161101
Kingsoft 20161101
Malwarebytes 20161101
McAfee 20161101
McAfee-GW-Edition 20161101
Microsoft 20161101
eScan 20161101
NANO-Antivirus 20161101
nProtect 20161101
Panda 20161031
Rising 20161101
Sophos AV 20161101
SUPERAntiSpyware 20161101
Tencent 20161101
TheHacker 20161101
TotalDefense 20161028
TrendMicro 20161101
TrendMicro-HouseCall 20161101
VIPRE 20161031
ViRobot 20161101
Yandex 20161031
Zillya 20161031
Zoner 20161101
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1994-2014 Paragon Software Group

Product Paragon System Utilities
Original name bluescrn.exe
Internal name bluescrn.exe
File version 10.1.25.377
Description A part of Paragon System Utilities
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-01 08:55:10
Entry Point 0x0000C000
Number of sections 6
PE sections
PE imports
RegOpenKeyA
GetCurrentProcess
GlobalFindAtomW
GetVersion
GetCurrentProcessId
GetModuleFileNameW
CreateFileW
GetCommandLineW
GetOEMCP
ExitProcess
CloseHandle
GetACP
GetCurrentThreadId
GetProcessHeap
CommandLineToArgvW
SendMessageA
CharUpperA
isdigit
malloc
exit
free
_wtoi
Number of PE resources by type
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
147456

ImageVersion
8.0

ProductName
Paragon System Utilities

FileVersionNumber
10.1.25.377

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, DLL

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
dll

OriginalFileName
bluescrn.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
10.1.25.377

TimeStamp
2016:11:01 09:55:10+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
bluescrn.exe

ProductVersion
10.1.25.377

FileDescription
A part of Paragon System Utilities

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 1994-2014 Paragon Software Group

MachineType
Intel 386 or later, and compatibles

CompanyName
Paragon Software Group

CodeSize
45568

FileSubtype
0

ProductVersionNumber
10.1.25.377

EntryPoint
0xc000

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 7419f2b55ca694bc7e06152e052705a5
SHA1 f942bc78b5c694670d350a398cf09b0bc31d835f
SHA256 af4139e2c91341c2cade54b6adf67ddcfc41805103d4fb59419ec9973ee12a66
ssdeep
1536:619+leYVNn2WBg9rzl4gQjvw71u8w5YDQYyIaU6g0ETYnmDK03GBQCAQ6VbKPT:uUl7M9rZS+1bDQYy+V+VBQlZI

authentihash 31d3b93230e3e1b5d88015b049bfac787eac948a73a7c807bbd6a6d2fa5bb038
imphash 4967afc6d7b1cc4cd8d05bcf6ad349fc
File size 117.5 KB ( 120320 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
pedll

VirusTotal metadata
First submission 2016-11-01 10:48:45 UTC ( 2 years, 5 months ago )
Last submission 2017-03-05 12:30:47 UTC ( 2 years, 1 month ago )
File names aa
61abfbaa364bda2c96e69c98d3527cbb39a14818
f6w0p
v_94.xml
output.104645036.txt
VirusShare_7419f2b55ca694bc7e06152e052705a5
f6w0p
bluescrn.exe
VirusShare_7419f2b55ca694bc7e06152e052705a5
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!