× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b6a03aec6c39e21dc0a130cfc561c36b9e5db2f1a6fdedb0ce9dea97daeb80ec
File name: 22318566
Detection ratio: 0 / 72
Analysis date: 2019-04-26 13:38:30 UTC ( 4 weeks ago )
Antivirus Result Update
Acronis 20190425
Ad-Aware 20190426
AegisLab 20190426
AhnLab-V3 20190426
Alibaba 20190425
ALYac 20190426
Antiy-AVL 20190426
Arcabit 20190426
Avast 20190426
Avast-Mobile 20190426
AVG 20190426
Avira (no cloud) 20190426
Babable 20190424
Baidu 20190318
BitDefender 20190426
Bkav 20190425
CAT-QuickHeal 20190426
ClamAV 20190426
CMC 20190321
Comodo 20190426
CrowdStrike Falcon (ML) 20190212
Cybereason 20190417
Cylance 20190426
Cyren 20190426
DrWeb 20190426
eGambit 20190426
Emsisoft 20190426
Endgame 20190403
ESET-NOD32 20190426
F-Prot 20190426
F-Secure 20190426
FireEye 20190426
Fortinet 20190426
GData 20190426
Ikarus 20190426
Sophos ML 20190313
Jiangmin 20190426
K7AntiVirus 20190426
K7GW 20190426
Kaspersky 20190426
Kingsoft 20190426
Malwarebytes 20190426
MAX 20190426
McAfee 20190426
McAfee-GW-Edition 20190426
Microsoft 20190426
eScan 20190426
NANO-Antivirus 20190426
Palo Alto Networks (Known Signatures) 20190426
Panda 20190426
Qihoo-360 20190426
Rising 20190426
SentinelOne (Static ML) 20190420
Sophos AV 20190426
SUPERAntiSpyware 20190423
Symantec 20190426
Symantec Mobile Insight 20190418
TACHYON 20190426
Tencent 20190426
TheHacker 20190421
TotalDefense 20190426
Trapmine 20190325
TrendMicro 20190426
TrendMicro-HouseCall 20190426
Trustlook 20190426
VBA32 20190426
VIPRE 20190426
ViRobot 20190426
Webroot 20190426
Yandex 20190426
Zillya 20190424
ZoneAlarm by Check Point 20190426
Zoner 20190426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
PE header basic information
Target machine x64
Compilation timestamp 2018-07-16 04:46:54
Entry Point 0x00001000
Number of sections 6
PE sections
Overlays
MD5 3441ce34d3edda6345662af4bfcdfff1
File type data
Offset 16384
Size 3986590
Entropy 8.00
PE imports
GetTokenInformation
RegCloseKey
OpenProcessToken
ConvertSidToStringSidW
RegOpenKeyExW
SystemFunction036
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
GetLastError
GetVolumePathNameW
HeapFree
FindClose
DosDateTimeToFileTime
GetModuleFileNameW
WaitForSingleObject
GetExitCodeProcess
HeapAlloc
lstrcmpiW
lstrlenW
SetProcessWorkingSetSize
SizeofResource
FindNextFileW
LocalAlloc
LockResource
SetFileTime
GetCommandLineW
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
EnumResourceNamesW
ExpandEnvironmentStringsW
WriteFile
WideCharToMultiByte
RemoveDirectoryW
SetFilePointer
ReadFile
GetTempPathW
GetCurrentProcess
CloseHandle
FindFirstFileW
FindFirstFileExW
LocalFree
LoadResource
FindResourceW
CreateFileW
CreateProcessW
LocalFileTimeToFileTime
GetFileAttributesW
SetFileAttributesW
ExitProcess
GetEnvironmentVariableW
CommandLineToArgvW
PathFileExistsW
Number of PE resources by type
BN 16
RT_ICON 9
BL 1
RT_MANIFEST 1
B7 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 30
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.2

MachineType
AMD AMD64

TimeStamp
2018:07:16 06:46:54+02:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
9728

LinkerVersion
14.11

Warning
Error processing PE data dictionary

FileTypeExtension
exe

InitializedDataSize
61935104

ImageFileCharacteristics
Executable, Large address aware

EntryPoint
0x1000

OSVersion
5.2

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 8f1a6b3e1db0e0feae8ad933b0f8a905
SHA1 63479d1f19bf6ff97621ba6ad22341beb3108e39
SHA256 b6a03aec6c39e21dc0a130cfc561c36b9e5db2f1a6fdedb0ce9dea97daeb80ec
ssdeep
98304:VeAFTz7jeqE8JrnTVRr17h3b50QYmjpnBGqhR:VTRnBpPzr50zsr/

authentihash 802e931cd5322b88dcdf7446e1850e1aa36c8478d5560f54925faf1f53abce91
imphash 270e43c50981d5eaee0fd0984ea5893d
File size 3.8 MB ( 4002974 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits corrupt peexe assembly overlay

VirusTotal metadata
First submission 2019-04-26 13:38:30 UTC ( 4 weeks ago )
Last submission 2019-04-26 13:38:30 UTC ( 4 weeks ago )
File names 22318566
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!