× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af9a1f095db6839a397b89ddd2005a46809aa7e85b5a3c2dbc55229b6c76bfbe
File name: AFP_trialcase_6227.exe
Detection ratio: 4 / 56
Analysis date: 2016-03-31 02:36:27 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Gen 20160331
Baidu Win32.Trojan.WisdomEyes.151026.9950.9997 20160330
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.gh 20160331
Qihoo-360 QVM07.1.Malware.Gen 20160331
Ad-Aware 20160330
AhnLab-V3 20160330
Alibaba 20160323
ALYac 20160331
Antiy-AVL 20160330
Arcabit 20160330
Avast 20160331
AVG 20160330
Avira (no cloud) 20160331
AVware 20160331
Baidu-International 20160330
BitDefender 20160330
Bkav 20160330
CAT-QuickHeal 20160330
ClamAV 20160331
CMC 20160322
Comodo 20160330
Cyren 20160330
DrWeb 20160330
Emsisoft 20160330
ESET-NOD32 20160331
F-Prot 20160330
F-Secure 20160330
Fortinet 20160330
GData 20160330
Ikarus 20160330
Jiangmin 20160331
K7AntiVirus 20160330
K7GW 20160331
Kaspersky 20160331
Kingsoft 20160331
Malwarebytes 20160331
McAfee 20160331
Microsoft 20160330
eScan 20160331
NANO-Antivirus 20160331
nProtect 20160330
Panda 20160330
Rising 20160331
Sophos AV 20160331
SUPERAntiSpyware 20160331
Symantec 20160331
Tencent 20160331
TheHacker 20160330
TrendMicro 20160330
TrendMicro-HouseCall 20160331
VBA32 20160331
VIPRE 20160331
ViRobot 20160330
Yandex 20160316
Zillya 20160331
Zoner 20160331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-18 12:11:25
Entry Point 0x00015F46
Number of sections 4
PE sections
Overlays
MD5 69e9915cbaad1b946bfd9302b343bb13
File type data
Offset 311296
Size 195522
Entropy 6.98
PE imports
CreateToolbarEx
ImageList_SetBkColor
ImageList_GetImageInfo
FlatSB_SetScrollInfo
PropertySheetW
ImageList_Remove
ImageList_SetIconSize
ImageList_GetImageCount
ImageList_SetOverlayImage
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIconSize
Ord(6)
ImageList_GetIcon
FlatSB_SetScrollPos
ImageList_ReplaceIcon
ImageList_Add
InitializeFlatSB
ImageList_LoadImageA
FlatSB_GetScrollPos
ImageList_Create
Ord(16)
CreatePropertySheetPageA
SymSetOptions
SymGetModuleInfo
ImageDirectoryEntryToData
StackWalk
GetTimestampForLoadedLibrary
SymGetLineFromAddr
SymGetOptions
SymCleanup
SymInitialize
SymLoadModule
ImageNtHeader
MapFileAndCheckSumW
SymGetSearchPath
SymSetSearchPath
SymEnumerateModules
WNetCancelConnection2A
WNetAddConnection2W
WNetCloseEnum
WNetOpenEnumW
PathRemoveFileSpecA
VerQueryValueA
waveInMessage
Number of PE resources by type
RT_DIALOG 8
RT_ICON 5
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 10
POLISH DEFAULT 6
PE resources
ExifTool file metadata
SpecialBuild
172, 131, 206, 94

LegalTrademarks
Artisans

SubsystemVersion
4.0

Comments
Tithes

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.203.165.101

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Springiest Tellers Abdicates

CharacterSet
Unicode

InitializedDataSize
2412544

EntryPoint
0x15f46

OriginalFileName
Typologicall.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2016

FileVersion
18, 138, 100, 87

TimeStamp
2016:07:18 13:11:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Spurious

ProductVersion
12, 193, 17, 111

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Midnight Oil

CodeSize
90112

ProductName
Socialist Spatial

ProductVersionNumber
0.168.94.242

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e59f521b406e1521b62b21c321f5a6aa
SHA1 c9a5f6a73e440ba3d7003b66f56b61974fc71adf
SHA256 af9a1f095db6839a397b89ddd2005a46809aa7e85b5a3c2dbc55229b6c76bfbe
ssdeep
12288:C7gk2G5Bga+cueu9pfKyfMmLZHZnMnYtexMJak:C775ju9pwmIYmMJJ

authentihash 69eb65d9e655ab0d59d4bc92c2c13f4008ed04a84d3a4dab3cf567c28ef7696c
imphash 692d94b219b0a0d374479dd7f39dca58
File size 494.9 KB ( 506818 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-03-31 02:36:27 UTC ( 2 years, 10 months ago )
Last submission 2016-04-19 10:42:38 UTC ( 2 years, 10 months ago )
File names AFP_trialcase_6227.exe
ekucdsof.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!