× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b641ba3b11c61d45c76fd423cdd53286dd1994c712181f868d76a6bdbab43ca1
File name: 55888
Detection ratio: 1 / 70
Analysis date: 2018-12-09 00:40:10 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Trapmine malicious.high.ml.score 20181205
Ad-Aware 20181209
AegisLab 20181208
AhnLab-V3 20181208
Alibaba 20180921
ALYac 20181209
Antiy-AVL 20181208
Arcabit 20181208
Avast 20181208
Avast-Mobile 20181208
AVG 20181208
Avira (no cloud) 20181208
Babable 20180918
Baidu 20181207
BitDefender 20181208
Bkav 20181208
CAT-QuickHeal 20181208
ClamAV 20181208
CMC 20181208
Comodo 20181208
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181209
Cyren 20181208
DrWeb 20181208
eGambit 20181209
Emsisoft 20181208
Endgame 20181108
ESET-NOD32 20181208
F-Prot 20181208
F-Secure 20181208
Fortinet 20181208
GData 20181208
Ikarus 20181208
Sophos ML 20181128
Jiangmin 20181208
K7AntiVirus 20181208
K7GW 20181208
Kaspersky 20181208
Kingsoft 20181209
Malwarebytes 20181208
MAX 20181209
McAfee 20181208
McAfee-GW-Edition 20181208
Microsoft 20181208
eScan 20181208
NANO-Antivirus 20181208
Palo Alto Networks (Known Signatures) 20181209
Panda 20181208
Qihoo-360 20181209
Rising 20181208
SentinelOne (Static ML) 20181011
Sophos AV 20181208
SUPERAntiSpyware 20181205
Symantec 20181208
Symantec Mobile Insight 20181207
TACHYON 20181208
Tencent 20181209
TheHacker 20181202
TotalDefense 20181208
TrendMicro 20181208
TrendMicro-HouseCall 20181208
Trustlook 20181209
VBA32 20181207
VIPRE 20181208
ViRobot 20181209
Webroot 20181209
Yandex 20181207
Zillya 20181208
ZoneAlarm by Check Point 20181209
Zoner 20181207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version
Description Desktop WIHminders Setup
Comments This installation was built with Inno Setup: http://www.innosetup.com
Packers identified
F-PROT INNO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009424
Number of sections 8
PE sections
Overlays
MD5 b22e6daf020cc0cbeada6596a844cb34
File type data
Offset 51200
Size 2921051
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
CharNextA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup: http://www.innosetup.com

InitializedDataSize
16896

ImageVersion
0.0

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Desktop WIHminders Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
35840

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x9424

ObjectFileType
Executable application

File identification
MD5 1242c9996c196700e02ec3afff7d1c29
SHA1 c84a7d89ddfb623aa37b736a4fe1b80dc204df9e
SHA256 b641ba3b11c61d45c76fd423cdd53286dd1994c712181f868d76a6bdbab43ca1
ssdeep
49152:m7DQwd8/K30veHio1X/h8pqH8SL7KbaSjCVemrFTi6xObusbWkqRiq35s37D:1wIK36eHioN/h8pC8k4aQoA6xBsbWkPD

authentihash ce4f2c8c63da942d14e4253320a2cd97498ede875bd6c4cceed3c49bc2308f08
imphash 61a4dd96c5457ba68c7a63614a37208f
File size 2.8 MB ( 2972251 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.8%)
Win32 Executable Delphi generic (10.7%)
Win32 Executable (generic) (3.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-12-17 09:25:47 UTC ( 6 years, 2 months ago )
Last submission 2016-04-20 00:43:19 UTC ( 2 years, 10 months ago )
File names B641BA3B11C61D45C76FD423CDD53286DD1994C712181F868D76A6BDBAB43CA1.exe
B641BA3B11C61D45C76FD423CDD53286DD1994C712181F868D76A6BDBAB43CA1.exe
141491047823564-Desktop.exe
55888
b641ba3b11c61d45c76fd423cdd53286dd1994c712181f868d76a6bdbab43ca1
Desktop.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications