× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b936cf05514ede49c63a732717ac901d22d3038e46a5820d7955f55c1ef7d6d0
File name: ship20150817.exe.ViR
Detection ratio: 4 / 57
Analysis date: 2015-08-19 11:38:53 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Kaspersky HEUR:Trojan.Win32.Generic 20150819
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20150819
Rising PE:Malware.FakePDF@CV!1.9C3A 20150817
Sophos AV Mal/Generic-S 20150819
Ad-Aware 20150819
AegisLab 20150819
Yandex 20150818
AhnLab-V3 20150819
Alibaba 20150819
ALYac 20150819
Antiy-AVL 20150819
Arcabit 20150819
Avast 20150819
AVG 20150819
Avira (no cloud) 20150819
AVware 20150819
Baidu-International 20150819
BitDefender 20150819
Bkav 20150819
ByteHero 20150819
CAT-QuickHeal 20150819
ClamAV 20150819
CMC 20150819
Comodo 20150819
Cyren 20150819
DrWeb 20150819
Emsisoft 20150819
ESET-NOD32 20150819
F-Prot 20150819
F-Secure 20150819
Fortinet 20150819
GData 20150819
Ikarus 20150819
Jiangmin 20150818
K7AntiVirus 20150819
K7GW 20150819
Kingsoft 20150819
Malwarebytes 20150819
McAfee 20150819
McAfee-GW-Edition 20150819
Microsoft 20150819
eScan 20150819
NANO-Antivirus 20150819
nProtect 20150819
Panda 20150819
SUPERAntiSpyware 20150818
Symantec 20150818
Tencent 20150819
TheHacker 20150818
TotalDefense 20150819
TrendMicro 20150819
TrendMicro-HouseCall 20150819
VBA32 20150819
VIPRE 20150819
ViRobot 20150819
Zillya 20150819
Zoner 20150819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-05-06 00:27:01
Entry Point 0x000027A6
Number of sections 4
PE sections
Overlays
MD5 18c8daa440c1f86888acf0322843dce3
File type data
Offset 86016
Size 23954
Entropy 7.38
PE imports
PatBlt
SetICMProfileA
GetCharABCWidthsA
GetEnhMetaFileW
GetROP2
GetDeviceGammaRamp
OffsetViewportOrgEx
GetCharacterPlacementW
CreateDIBPatternBrush
SetMetaFileBitsEx
GetCharacterPlacementA
SetTextColor
CreatePatternBrush
GetMiterLimit
EnumObjects
StretchDIBits
SetBrushOrgEx
CombineTransform
SetTextCharacterExtra
BeginPath
DeleteObject
GetTextCharacterExtra
CreatePenIndirect
GetProfileIntW
GetStartupInfoA
GlobalFindAtomA
GetCPInfoExA
GetModuleHandleA
_except_handler3
_acmdln
__p__fmode
_adjust_fdiv
__setusermatherr
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
_exit
_initterm
__set_app_type
DdeCreateStringHandleA
VerInstallFileA
GetFileVersionInfoSizeA
AddPrintProcessorW
OleRegGetMiscStatus
CoFileTimeToDosDateTime
CoInternetQueryInfo
RevokeBindStatusCallback
URLOpenPullStreamW
CoInternetGetSecurityUrl
IsAsyncMoniker
CreateURLMoniker
HlinkSimpleNavigateToString
SetSoftwareUpdateAdvertisementState
URLOpenBlockingStreamW
RegisterFormatEnumerator
CoInternetCombineUrl
UrlMkGetSessionOption
CopyBindInfo
Number of PE resources by type
RT_STRING 54
RT_ICON 12
RT_MENU 2
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ZULU DEFAULT 71
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.244.211.48

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Sounder

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
2306048

EntryPoint
0x27a6

MIMEType
application/octet-stream

LegalCopyright
Copyright 2023

FileVersion
223, 134, 12, 202

TimeStamp
2005:05:06 00:27:01+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Tinged

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
As-U-Type - Fanix Software (www.asutype.com)

CodeSize
8192

ProductName
Strivings Adiabatic

ProductVersionNumber
0.81.89.139

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6550ddee84f9177233c18a7e94fbedcf
SHA1 4a8ec975fd7fee6aac11c31a3eaf3fc5c4098314
SHA256 b936cf05514ede49c63a732717ac901d22d3038e46a5820d7955f55c1ef7d6d0
ssdeep
1536:wZOBG7Yxs06uDXY0AjbJiKN1j0oTeDuoykFSiIVnld+1manA:AciuDXYRHQoiDixnlZt

authentihash 586f8eb1917a8df480e5bb5250ad386d42d38d7cdda7cafacf273b07e27ada03
imphash 7cd70f10eeda3c880b0334bbc0761bc2
File size 107.4 KB ( 109970 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-08-19 09:36:11 UTC ( 3 years, 6 months ago )
Last submission 2019-02-02 19:33:31 UTC ( 2 weeks ago )
File names 6550ddee84f9177233c18a7e94fbedcf.exe
ship20150817.exe.ViR
B936CF05514EDE49C63A732717AC901D22D3038E46A5820D7955F55C1EF7D6D0.dat
6550ddee84f9177233c18a7e94fbedcf.vir
6550DDEE84F9177233C18A7E94FBEDCF.exe
H1N1.exe.bin
ship20150817.bin
b936cf05514ede49c63a732717ac901d22d3038e46a5820d7955f55c1ef7d6d0.bin
ship20150817.exe
ship20150817.exe.ViR
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened service managers
Runtime DLLs