× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b8f32c6074ad7d688424beab9bd1e9e6e6c315af8f0dc3ebce0a4bc436c94bec
File name: vg.exe
Detection ratio: 6 / 66
Analysis date: 2018-08-15 18:41:14 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9995 20180815
Cylance Unsafe 20180815
DrWeb Trojan.Gozi.324 20180815
Kaspersky UDS:DangerousObject.Multi.Generic 20180815
Palo Alto Networks (Known Signatures) generic.ml 20180815
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180815
Ad-Aware 20180815
AegisLab 20180815
AhnLab-V3 20180815
Alibaba 20180713
ALYac 20180815
Antiy-AVL 20180815
Arcabit 20180815
Avast 20180815
Avast-Mobile 20180815
AVG 20180815
Avira (no cloud) 20180815
AVware 20180815
Babable 20180725
BitDefender 20180815
Bkav 20180815
CAT-QuickHeal 20180814
ClamAV 20180815
CMC 20180812
Comodo 20180815
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cyren 20180815
eGambit 20180815
Emsisoft 20180815
Endgame 20180730
ESET-NOD32 20180815
F-Prot 20180815
F-Secure 20180815
Fortinet 20180815
GData 20180815
Ikarus 20180815
Sophos ML 20180717
Jiangmin 20180815
K7AntiVirus 20180815
K7GW 20180815
Kingsoft 20180815
Malwarebytes 20180815
MAX 20180815
McAfee 20180815
McAfee-GW-Edition 20180815
Microsoft 20180815
eScan 20180815
NANO-Antivirus 20180815
Panda 20180815
Qihoo-360 20180815
Rising 20180815
SentinelOne (Static ML) 20180701
Sophos AV 20180815
SUPERAntiSpyware 20180815
Symantec 20180815
Symantec Mobile Insight 20180814
TACHYON 20180815
Tencent 20180815
TheHacker 20180815
TrendMicro 20180815
TrendMicro-HouseCall 20180815
Trustlook 20180815
VBA32 20180815
VIPRE 20180815
ViRobot 20180815
Webroot 20180815
Yandex 20180815
Zoner 20180815
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2009. All rights reserved.

Product Yeswhether
Original name stoodguide.exe
Internal name stoodguide.exe
File version 0, 4, 9161, 4350
Description Yeswhether
Comments Did much
Signature verification Signed file, verified signature
Signers
[+] JANNA LTD
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 8/10/2018
Valid to 12:59 AM 8/11/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint E231E943A6DBDE574CB7740DF5CAB728DA525487
Serial number 00 96 5F 29 51 F9 F1 4E D9 01 C7 8E 79 CB 49 8C 47
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-15 10:20:10
Entry Point 0x0001A24D
Number of sections 4
PE sections
Overlays
MD5 0a3810f9961b3350f9d17ff5684173cf
File type data
Offset 599040
Size 3584
Entropy 7.39
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
CopyFileW
EnterCriticalSection
LCMapStringW
RemoveDirectoryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
GetLocalTime
GetStdHandle
IsProcessorFeaturePresent
VirtualFree
HeapCompact
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
GetStringTypeW
LocalAlloc
GetDateFormatW
LoadLibraryExW
GetCommandLineW
GetCPInfo
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
CreateDirectoryW
GetProcAddress
HeapWalk
GetProcessHeap
SetStdHandle
GetModuleFileNameW
GetTimeFormatW
RaiseException
UnhandledExceptionFilter
WideCharToMultiByte
LoadLibraryW
TlsFree
GetSystemDirectoryW
GetDiskFreeSpaceW
SetUnhandledExceptionFilter
WriteFile
ResetEvent
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetEnvironmentVariableA
CompareStringW
LocalFree
TerminateProcess
GetTimeZoneInformation
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
CreateProcessW
GetEnvironmentStringsW
DeleteCriticalSection
Sleep
SetLastError
TlsSetValue
CloseHandle
EncodePointer
GetCurrentThreadId
VirtualAlloc
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
CoUninitialize
OleUninitialize
CoCreateInstance
CoInitialize
OleInitialize
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 10
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

Comments
Did much

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.4.9161.4350

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
Yeswhether

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
ASCII

InitializedDataSize
691712

EntryPoint
0x1a24d

OriginalFileName
stoodguide.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2009. All rights reserved.

FileVersion
0, 4, 9161, 4350

TimeStamp
2014:08:15 11:20:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
stoodguide.exe

ProductVersion
0, 4, 9161, 4350

UninitializedDataSize
0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Contact At Once! Born

CodeSize
155648

ProductName
Yeswhether

ProductVersionNumber
0.4.9161.4350

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 060ff2077641d350d6196252a1059499
SHA1 d9d6ac9bc8e418740bd2072c9a245867ed8c194c
SHA256 b8f32c6074ad7d688424beab9bd1e9e6e6c315af8f0dc3ebce0a4bc436c94bec
ssdeep
6144:+4024RmPiRflX1o/yUe1qc/VepB8DZMfjmP0E2cdaF6RtXkI:8vfM/yP1v/GqymP0S4g0I

authentihash 99f71aab3de2a444ffd4c610b695c61e41103cad7a99316e5582fb4e0d6d3ef8
imphash ea21bf888e4ef4028d4c1d258fc5455b
File size 588.5 KB ( 602624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-08-15 16:53:40 UTC ( 6 months, 1 week ago )
Last submission 2018-08-15 18:41:14 UTC ( 6 months, 1 week ago )
File names bb10.tkn
stoodguide.exe
aa4.tkn
vg.exe
vg.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!