× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ba4a5c0dde6a259ebaeb35d9fa6529a0b4fcf71170942f18c18347c03ab9b3f8
File name: external_esp.exe
Detection ratio: 22 / 54
Analysis date: 2015-12-30 18:00:01 UTC ( 1 year ago )
Antivirus Result Update
ALYac Trojan.Generic.15451819 20151230
AVG Generic12_c.CCMM 20151230
AVware Trojan.Win32.Generic!BT 20151230
Ad-Aware Trojan.Generic.15451819 20151224
Yandex Trojan.Graftor!g9UafokIK2A 20151229
Arcabit Trojan.Generic.DEBC6AB 20151230
Avast Win32:Malware-gen 20151230
Avira (no cloud) TR/Graftor.19968.6 20151230
BitDefender Trojan.Generic.15451819 20151230
Cyren W32/Trojan.UXTF-3959 20151230
Emsisoft Trojan.Generic.15451819 (B) 20151230
F-Secure Trojan.Generic.15451819 20151230
GData Trojan.Generic.15451819 20151230
Ikarus Win32.SuspectCrc 20151230
McAfee RDN/Generic.dx 20151230
McAfee-GW-Edition RDN/Generic.dx 20151230
eScan Trojan.Generic.15451819 20151230
Panda Generic Suspicious 20151230
Symantec Trojan.Gen.2 20151229
VIPRE Trojan.Win32.Generic!BT 20151230
ViRobot Trojan.Win32.Z.Graftor.19968.A[h] 20151230
nProtect Trojan.Generic.15451819 20151230
AegisLab 20151230
AhnLab-V3 20151230
Alibaba 20151208
Antiy-AVL 20151230
Baidu-International 20151230
Bkav 20151230
ByteHero 20151230
CAT-QuickHeal 20151230
CMC 20151230
ClamAV 20151230
Comodo 20151230
DrWeb 20151230
ESET-NOD32 20151230
F-Prot 20151230
Fortinet 20151230
Jiangmin 20151230
K7AntiVirus 20151230
K7GW 20151230
Kaspersky 20151230
Malwarebytes 20151230
Microsoft 20151230
NANO-Antivirus 20151230
Rising 20151230
SUPERAntiSpyware 20151230
Sophos 20151230
Tencent 20151230
TheHacker 20151228
TrendMicro 20151230
TrendMicro-HouseCall 20151230
VBA32 20151230
Zillya 20151230
Zoner 20151230
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-26 18:47:26
Entry Point 0x000030C5
Number of sections 5
PE sections
PE imports
CreateSolidBrush
CreateToolhelp32Snapshot
IsProcessorFeaturePresent
CreateThread
GetCurrentProcessId
OpenProcess
Module32Next
QueryPerformanceCounter
ExitProcess
IsDebuggerPresent
Sleep
CloseHandle
GetSystemTimeAsFileTime
ReadProcessMemory
EncodePointer
GetCurrentThreadId
DecodePointer
Process32Next
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_Winerror_map@std@@YAPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Xbad_alloc@std@@YAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Syserror_map@std@@YAPBDH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
_purecall
??1type_info@@UAE@XZ
__crtTerminateProcess
memset
__dllonexit
_cexit
_controlfp_s
_invoke_watson
_fmode
_amsg_exit
?terminate@@YAXXZ
??2@YAPAXI@Z
_lock
system
_onexit
vsprintf_s
exit
sprintf
_commode
__setusermatherr
_initterm_e
_XcptFilter
_acmdln
_CxxThrowException
_ismbblead
_unlock
_exit
_crt_debugger_hook
??3@YAXPAX@Z
__CxxFrameHandler3
_except_handler4_common
__getmainargs
memcpy
__crtUnhandledException
__crtGetShowWindowMode
memmove
_calloc_crt
__crtSetUnhandledExceptionFilter
_configthreadlocale
_initterm
__set_app_type
FindWindowA
GetWindowLongA
CreateWindowExA
GetForegroundWindow
LoadIconA
TranslateMessage
GetWindowRect
DispatchMessageA
SetLayeredWindowAttributes
PostQuitMessage
MoveWindow
MessageBoxA
PeekMessageA
mouse_event
DefWindowProcA
LoadCursorA
ShowWindow
RegisterClassExA
Direct3DCreate9Ex
D3DXCreateFontA
D3DXCreateLine
DwmExtendFrameIntoClientArea
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:26 19:47:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
10752

LinkerVersion
12.0

EntryPoint
0x30c5

InitializedDataSize
9216

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 a5922f34d93dffb4d33a0ccd88fd634c
SHA1 d092b719d03ac7bb1172fb59deffff51efd07a47
SHA256 ba4a5c0dde6a259ebaeb35d9fa6529a0b4fcf71170942f18c18347c03ab9b3f8
ssdeep
384:koP0VYS/J+YjphEGAPu7RHAfV+2czv9vpw3EtvQUyr:BS/Qu7EGrp6V+2gpw3EtvxI

authentihash f9ecf1de834bf03ae8541c4599012564b1767ca4b6ddb344046e59d8a033a4ef
imphash 43d7a8fcab0e12a42e5b91a0df20b47f
File size 19.5 KB ( 19968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-26 19:43:18 UTC ( 1 year, 8 months ago )
Last submission 2015-12-30 18:00:01 UTC ( 1 year ago )
File names rename_me.exe
[www.OldSchoolHack.de]_rename_me.exe
rename_me_[www.unknowncheats.me]_.exe
external_esp.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R000C0EE915.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!