× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b28309d67fc7ff8026d05ac7f6bc0c3ef1a29ce378ca156d5ab1eeb19d85a236
File name: b28309d67fc7ff8026d05ac7f6bc0c3ef1a29ce378ca156d5ab1eeb19d85a236
Detection ratio: 12 / 56
Analysis date: 2016-06-17 22:59:20 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20160617
Avira (no cloud) TR/AD.GootkitDropper.Y.iowr 20160617
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160616
DrWeb Trojan.Siggen6.58358 20160617
ESET-NOD32 Win32/TrojanDownloader.Agent.CFH 20160617
Fortinet W32/Agent.CFH!tr.dldr 20160617
McAfee Artemis!B3D229603860 20160617
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20160617
Qihoo-360 HEUR/QVM09.0.0000.Malware.Gen 20160617
Sophos AV Mal/Generic-S 20160617
Symantec Suspicious.Cloud.7.F 20160617
Tencent Win32.Trojan-downloader.Agent.Pgmk 20160617
Ad-Aware 20160617
AegisLab 20160617
AhnLab-V3 20160617
Alibaba 20160617
ALYac 20160617
Antiy-AVL 20160617
Arcabit 20160617
AVG 20160617
AVware 20160617
Baidu-International 20160614
BitDefender 20160617
Bkav 20160617
CAT-QuickHeal 20160617
ClamAV 20160617
CMC 20160616
Comodo 20160616
Cyren 20160617
Emsisoft 20160617
F-Prot 20160617
F-Secure 20160617
GData 20160617
Ikarus 20160617
Jiangmin 20160617
K7AntiVirus 20160617
K7GW 20160617
Kaspersky 20160617
Kingsoft 20160617
Malwarebytes 20160617
Microsoft 20160617
eScan 20160617
NANO-Antivirus 20160617
nProtect 20160617
Panda 20160617
SUPERAntiSpyware 20160617
TheHacker 20160617
TotalDefense 20160616
TrendMicro 20160617
TrendMicro-HouseCall 20160617
VBA32 20160617
VIPRE 20160615
ViRobot 20160617
Yandex 20160616
Zillya 20160617
Zoner 20160617
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2007-2016 Hrg Nenad

Original name DesktopOK.exe
File version 4, 2, 6, 0
Description DesktopOK
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-16 16:56:40
Entry Point 0x0000379D
Number of sections 4
PE sections
PE imports
RegOpenKeyExW
OpenProcessToken
CreateFontIndirectW
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
FileTimeToDosDateTime
LCMapStringW
SetHandleCount
LoadLibraryA
HeapDestroy
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
RemoveDirectoryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
EnterCriticalSection
GetEnvironmentStrings
GetLocaleInfoA
LocalAlloc
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
TlsFree
GetProcessHeap
CompareStringW
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
FindNextFileW
GetCurrentProcessId
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CompareStringA
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
GetTimeZoneInformation
SetCurrentDirectoryW
HeapCreate
GetStringTypeW
TlsGetValue
Sleep
GetFileType
VirtualFree
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetCurrentDirectoryA
SetLastError
LeaveCriticalSection
ShowScrollBar
TrackPopupMenu
UpdateWindow
VkKeyScanA
IsWindowUnicode
ChangeClipboardChain
GetMessageW
ArrangeIconicWindows
SetWindowLongA
ReleaseStgMedium
Number of PE resources by type
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
GERMAN 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
4.2.6.0

UninitializedDataSize
0

LanguageCode
German

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
241664

EntryPoint
0x379d

OriginalFileName
DesktopOK.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2007-2016 Hrg Nenad

FileVersion
4, 2, 6, 0

TimeStamp
2016:06:16 17:56:40+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
4, 2, 6, 0

FileDescription
DesktopOK

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Nenad Hrg SoftwareOK

CodeSize
54272

FileSubtype
0

ProductVersionNumber
4.2.6.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 b3d2296038608a835837f50991ebf27f
SHA1 76aebad9c060fcac0839d23251448d6f7fb02006
SHA256 b28309d67fc7ff8026d05ac7f6bc0c3ef1a29ce378ca156d5ab1eeb19d85a236
ssdeep
3072:zM+7459gwqL23E+qk0bjrnBUM7AL3pU9YCiF7go6RYirM6voKvIYb57feIfYBD:gA45waUV/dD7AL3NUY8QMb5y

authentihash 1da8ef469869181148deb627b5af43f5327d125ffe5623724315b65a11989660
imphash c7137b2ed31bd5879e80ea8ad3086cd9
File size 223.0 KB ( 228352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-17 22:59:20 UTC ( 2 years, 10 months ago )
Last submission 2016-06-26 05:03:13 UTC ( 2 years, 10 months ago )
File names DesktopOK.exe
imfQ8nqJ7G
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications