× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b70f5c76287ba24cf4381e33afe0297c9ddb343915fb13f45cdcc60a40cc3f3b
File name: GDJl6gHisVPaEm.exe
Detection ratio: 14 / 68
Analysis date: 2018-06-15 07:44:44 UTC ( 8 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180615
AVG FileRepMalware 20180615
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180615
Comodo TrojWare.Win32.Dovs.MO 20180615
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180530
Cylance Unsafe 20180615
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GHTT 20180615
Fortinet W32/GenKryptik.AKHI!tr 20180615
Ikarus Trojan-Banker.Emotet 20180614
Qihoo-360 HEUR/QVM20.1.DB4B.Malware.Gen 20180615
Sophos AV Mal/EncPk-ANR 20180615
Symantec ML.Attribute.HighConfidence 20180615
VBA32 BScope.Malware-Cryptor.Win32.Cb 20180614
Ad-Aware 20180615
AegisLab 20180615
AhnLab-V3 20180615
Alibaba 20180615
ALYac 20180615
Antiy-AVL 20180615
Arcabit 20180615
Avast-Mobile 20180614
Avira (no cloud) 20180615
AVware 20180615
Babable 20180406
BitDefender 20180615
Bkav 20180614
CAT-QuickHeal 20180615
ClamAV 20180615
CMC 20180614
Cybereason 20180225
Cyren 20180615
DrWeb 20180615
eGambit 20180615
Emsisoft 20180615
F-Prot 20180615
F-Secure 20180615
GData 20180615
Sophos ML 20180601
Jiangmin 20180615
K7AntiVirus 20180615
K7GW 20180615
Kaspersky 20180615
Kingsoft 20180615
Malwarebytes 20180615
MAX 20180615
McAfee 20180615
McAfee-GW-Edition 20180615
Microsoft 20180615
eScan 20180615
NANO-Antivirus 20180615
Palo Alto Networks (Known Signatures) 20180615
Panda 20180614
Rising 20180615
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180614
Symantec Mobile Insight 20180614
TACHYON 20180614
Tencent 20180615
TheHacker 20180613
TotalDefense 20180615
TrendMicro 20180615
TrendMicro-HouseCall 20180615
Trustlook 20180615
VIPRE 20180615
ViRobot 20180615
Webroot 20180615
Yandex 20180614
Zillya 20180614
ZoneAlarm by Check Point 20180615
Zoner 20180614
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Hausa Ke
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-15 14:42:13
Entry Point 0x0000100F
Number of sections 6
PE sections
PE imports
ReadEventLogA
GetFileSecurityW
RegCloseKey
DuplicateToken
AddAuditAccessAceEx
LogonUserA
CertNameToStrA
CertGetSubjectCertificateFromStore
CryptMemRealloc
CryptSIPLoad
ExtSelectClipRgn
SetDCPenColor
ModifyWorldTransform
AddFontResourceA
GetTextCharset
GetNetworkParams
EnterCriticalSection
EnumSystemLocalesW
GetTempPathW
GetModuleFileNameA
FlsFree
GetBinaryTypeA
GetActiveObject
VarBstrFromBool
UnRegisterTypeLib
glBegin
glMultMatrixd
RasGetConnectStatusA
RasGetProjectionInfoA
PathSetDlgItemPathW
CharLowerBuffW
GetMessagePos
TrackPopupMenu
wsprintfA
GetInputState
GetDialogBaseUnits
DialogBoxParamW
GetMessageExtraInfo
MessageBeep
DrawCaption
FindNextPrinterChangeNotification
WSACleanup
SCardLocateCardsW
CLSIDFromString
OleCreateStaticFromData
OleCreateFromData
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Hausa Ke

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
233472

EntryPoint
0x100f

MIMEType
application/octet-stream

TimeStamp
2018:06:15 15:42:13+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.1.7600

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Realtek Semiconductor Corporation

CodeSize
0

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 7fd8ea0dd094fbdcdcb211e9649113d9
SHA1 9e46e4551aa4475368f6b13ed8defcf894c9020b
SHA256 b70f5c76287ba24cf4381e33afe0297c9ddb343915fb13f45cdcc60a40cc3f3b
ssdeep
1536:f5rF17H3U0T+N4kDSvk+yA6VZOzU4UwGGkuxhIA3j:f5rjH3LuSc3A6VuNhZ

authentihash 27bc6cc25a5b2c26487dacde9467f1356332716428ba16880d1842a6fb4e85da
imphash f32c376327bbba03709f13d4f8ef8291
File size 323.0 KB ( 330752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-15 07:44:44 UTC ( 8 months, 1 week ago )
Last submission 2018-06-15 08:15:03 UTC ( 8 months, 1 week ago )
File names 7690.exe
42548.exe
GDJl6gHisVPaEm.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!