× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b038237b68a9a12cf95978e157ed63e0a7f414056ee7f5c67e99b1e37deae7d6
File name: gF351.tmp.exe
Detection ratio: 13 / 56
Analysis date: 2016-12-02 11:13:32 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
AegisLab Atros4.Arqx.Gen!c 20161202
Avast Win64:Malware-gen 20161202
AVG Atros4.ARQX 20161202
AVware Trojan.Win32.Generic!BT 20161202
ESET-NOD32 Win64/Wdfload.D 20161202
Ikarus Trojan.Atros4 20161202
Jiangmin TrojanDownloader.Agent.fkkd 20161202
K7AntiVirus Trojan ( 004ff5461 ) 20161202
K7GW Trojan ( 004ff5461 ) 20161202
McAfee Artemis!11CF29005F9B 20161202
McAfee-GW-Edition Artemis 20161202
Rising Malware.Generic!zF7mvDX1rPB@5 (thunder) 20161202
VIPRE Trojan.Win32.Generic!BT 20161202
Ad-Aware 20161202
AhnLab-V3 20161202
Alibaba 20161202
ALYac 20161202
Antiy-AVL 20161202
Arcabit 20161202
Avira (no cloud) 20161202
Baidu 20161202
BitDefender 20161202
Bkav 20161201
CAT-QuickHeal 20161202
ClamAV 20161202
CMC 20161202
Comodo 20161202
CrowdStrike Falcon (ML) 20161024
Cyren 20161202
DrWeb 20161202
Emsisoft 20161202
F-Prot 20161202
F-Secure 20161202
Fortinet 20161202
GData 20161202
Sophos ML 20161202
Kaspersky 20161202
Kingsoft 20161202
Malwarebytes 20161202
Microsoft 20161202
eScan 20161202
NANO-Antivirus 20161202
nProtect 20161202
Panda 20161201
Qihoo-360 20161202
Sophos AV 20161202
SUPERAntiSpyware 20161202
Symantec 20161202
Tencent 20161202
TheHacker 20161130
TrendMicro 20161202
TrendMicro-HouseCall 20161202
Trustlook 20161202
VBA32 20161202
ViRobot 20161202
WhiteArmor 20161125
Yandex 20161201
Zillya 20161201
Zoner 20161202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2016-11-30 19:32:15
Entry Point 0x000014D0
Number of sections 10
PE sections
PE imports
RegSetValueExA
RegCreateKeyExA
GetLastError
EnterCriticalSection
SetEvent
QueryPerformanceCounter
GetTickCount
VirtualProtect
RtlAddFunctionTable
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
DeleteFileA
RtlVirtualUnwind
UnhandledExceptionFilter
GetProcAddress
RegisterWaitForSingleObject
WideCharToMultiByte
GetModuleHandleA
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
GetStartupInfoA
RtlCaptureContext
CloseHandle
GetSystemTimeAsFileTime
LocalFree
TerminateProcess
GetModuleFileNameA
InitializeCriticalSection
VirtualQuery
CreateEventA
TlsGetValue
Sleep
GetCurrentThreadId
LeaveCriticalSection
CommandLineToArgvW
GetMessageA
FindWindowExA
CreateWindowExA
LoadCursorA
LoadIconA
DispatchMessageA
TranslateMessage
SendMessageA
SetTimer
PostQuitMessage
DefWindowProcA
RegisterClassA
PostThreadMessageA
strncmp
__lconv_init
malloc
fread
fclose
__dllonexit
_cexit
abort
fprintf
fopen
_fmode
_amsg_exit
__C_specific_handler
fwrite
_lock
_onexit
__initenv
exit
tmpnam
__setusermatherr
_acmdln
_unlock
free
vfprintf
__getmainargs
calloc
strlen
memcpy
signal
__iob_func
remove
_initterm
__set_app_type
Number of PE resources by type
RT_ICON 82
RT_GROUP_ICON 3
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 85
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2016:11:30 20:32:15+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
56320

LinkerVersion
2.25

EntryPoint
0x14d0

InitializedDataSize
769536

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
2560

Execution parents
File identification
MD5 11cf29005f9b4911499a2b9ecdd0729f
SHA1 3075faf98296ada0a3bd1d69972bbfd2d7099f81
SHA256 b038237b68a9a12cf95978e157ed63e0a7f414056ee7f5c67e99b1e37deae7d6
ssdeep
12288:APH4yzvX4oyOy7zcKFodddGdBnAMIdEMiLPQ:A/4qvIReKFodddGdBnyEMkQ

authentihash 77005093225330cb5d9b5986e1fb6774b4302a5835708c6aa917b6250b4dd8a8
imphash 07adc9e72573892bb9a99062b1f3e63d
File size 752.5 KB ( 770560 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.2%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
VXD Driver (0.0%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2016-11-30 21:03:55 UTC ( 2 years, 3 months ago )
Last submission 2016-12-11 13:45:49 UTC ( 2 years, 3 months ago )
File names gf56b.tmp.exe
g8F94.tmp.exe
3075faf98296ada0a3bd1d69972bbfd2d7099f81
g2417.tmp.exe
gC2A5.tmp.exe
gF351.tmp.exe
gd6e8.tmp.exe
g32E3shubham.tmp.exe
g49de.tmp.exe
g9848.tmp.exe
gD0C8.tmp.exe
g3F81.tmp.exe
gD6C6.tmp.exe
gECE2.tmp.exe
gAF72.tmp.exe
gA807.tmp.exe
gaeaa.tmp.exe
g5CF0.tmp.exe
gE0BF.tmp.exe
g2721.tmp.exe
B038237B68A9A12CF95978E157ED63E0A7F414056EE7F5C67E99B1E37DEAE7D6.exe
g9B46.tmp.exe
gF039.tmp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!