× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bc8df33255df72354b202c0e8afc0d16073a11db1b4b4853a14111a465bdf8c0
File name: sas.exe
Detection ratio: 1 / 54
Analysis date: 2014-08-11 10:39:56 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
Malwarebytes Trojan.Agent.ED 20140811
Ad-Aware 20140811
AegisLab 20140811
Yandex 20140810
AhnLab-V3 20140811
AntiVir 20140811
Antiy-AVL 20140811
Avast 20140811
AVG 20140811
AVware 20140811
Baidu-International 20140811
BitDefender 20140811
Bkav 20140808
ByteHero 20140811
CAT-QuickHeal 20140811
ClamAV 20140811
CMC 20140809
Commtouch 20140811
Comodo 20140811
DrWeb 20140811
Emsisoft 20140811
ESET-NOD32 20140811
F-Prot 20140811
F-Secure 20140811
Fortinet 20140811
GData 20140811
Ikarus 20140811
Jiangmin 20140811
K7AntiVirus 20140808
K7GW 20140808
Kaspersky 20140811
Kingsoft 20140811
McAfee 20140811
McAfee-GW-Edition 20140810
Microsoft 20140811
eScan 20140811
NANO-Antivirus 20140811
Norman 20140811
nProtect 20140811
Panda 20140810
Qihoo-360 20140811
Rising 20140811
Sophos AV 20140811
SUPERAntiSpyware 20140804
Symantec 20140811
Tencent 20140811
TheHacker 20140808
TotalDefense 20140811
TrendMicro 20140811
TrendMicro-HouseCall 20140811
VBA32 20140811
VIPRE 20140811
ViRobot 20140811
Zoner 20140811
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 Spencer Kimball, Peter Mattis and the GIMP Development Team

Publisher Spencer Kimball, Peter Mattis and the GIMP Development Team
Product GNU Image Manipulation Program
Original name web-browser.exe
Internal name web-browser
File version 2.8.5.3
Description GNU Image Manipulation Program Plug-In
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-11 09:08:19
Entry Point 0x00005C9F
Number of sections 4
PE sections
PE imports
GetSecurityInfo
LookupAccountSidA
ImageList_GetImageCount
InitCommonControlsEx
ImageList_AddMasked
ImageList_GetImageInfo
ImageList_Create
Ord(17)
ImageList_GetIcon
ImageList_ReplaceIcon
CreateFontIndirectW
CreatePen
GetBitmapBits
Rectangle
GetDeviceCaps
LineTo
DeleteDC
StretchBlt
BitBlt
RealizePalette
GetObjectA
CreateFontA
MoveToEx
GetStockObject
SelectPalette
SetTextAlign
CreateCompatibleDC
CreateFontW
SelectObject
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
lstrlenA
LoadLibraryW
GetConsoleCP
CreateIoCompletionPort
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
GetConsoleWindow
RtlUnwind
SetCurrentDirectoryW
IsProcessorFeaturePresent
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
RaiseException
GetCurrentDirectoryW
GetConsoleMode
DecodePointer
GetCurrentProcessId
WriteConsoleW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStartupInfoW
SetStdHandle
GetModuleFileNameW
HeapSetInformation
EnumDateFormatsA
WideCharToMultiByte
lstrcmpiA
TlsFree
SetFilePointer
GetSystemTimeAdjustment
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GlobalMemoryStatus
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetProcessHeap
LocalFree
FormatMessageW
TerminateProcess
SearchPathW
IsValidCodePage
HeapCreate
CreateFileW
GlobalAlloc
GlobalLock
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
OleCreatePictureIndirect
glBitmap
glNewList
glEndList
GetModuleBaseNameA
ExtractIconA
CommandLineToArgvW
GetMessageA
GetParent
UpdateWindow
EndDialog
ClipCursor
ShowWindow
LoadBitmapA
GetMenuState
CharLowerA
MessageBoxW
GetWindowRect
DispatchMessageA
PeekMessageA
MoveWindow
MessageBoxA
AppendMenuW
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetWindow
ActivateKeyboardLayout
GetDC
GetCursorPos
ReleaseDC
GetIconInfo
CheckMenuItem
DestroyIcon
RegisterClassW
DrawIconEx
GetSystemMetrics
IsWindowVisible
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
SystemParametersInfoW
EnableMenuItem
RegisterClassA
SetRect
wsprintfA
CreateMenu
LoadCursorA
LoadIconA
GetTopWindow
AdjustWindowRect
GetSysColorBrush
ValidateRect
LoadImageA
CreateWindowExW
ModifyMenuA
SetMenu
SetCursor
WSAStartup
htons
htonl
socket
WSACleanup
Direct3DCreate9
CreateStreamOnHGlobal
GetHGlobalFromStream
Number of PE resources by type
RT_ICON 3
RT_DIALOG 1
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.8.5.3

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
158208

EntryPoint
0x5c9f

OriginalFileName
web-browser.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013 Spencer Kimball, Peter Mattis and the GIMP Development Team

FileVersion
2.8.5.3

TimeStamp
2014:08:11 10:08:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
web-browser

ProductVersion
2.8.5.3

FileDescription
GNU Image Manipulation Program Plug-In

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Spencer Kimball, Peter Mattis and the GIMP Development Team

CodeSize
77824

ProductName
GNU Image Manipulation Program

ProductVersionNumber
2.8.5.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3644136a640fc452febac045d7dae613
SHA1 7ec0219bc61ed3eed72cf81c721d155fd2d0b7bd
SHA256 bc8df33255df72354b202c0e8afc0d16073a11db1b4b4853a14111a465bdf8c0
ssdeep
6144:BzcjYKxXWJhWV7Ew+CS3SkUXaUJs8JMqoXT:ZclXWJh07EJfSkUJs86xD

authentihash cb2620d7ab1687bf77c402d86950b164e417c55134d8cd4fe3ac4399226370d1
imphash 78b7e8b15d347b68245a87c1fbd7a249
File size 231.5 KB ( 237056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-11 10:39:55 UTC ( 4 years, 7 months ago )
Last submission 2014-08-11 10:39:56 UTC ( 4 years, 7 months ago )
File names web-browser.exe
cd11ceb20b7011c42853bcf712495e8f587946dc60795e575b9af6204da3d4a7-1407753592
web-browser
sas.exe
WkQ2mT.sys
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R0CBC0DHG14.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.