× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bf0ba0338f5fdb1b81d8e0047f64819b57d6f599bd58bd18c89277fae75f70a2
File name: 43s5d6f7g.exe.malware
Detection ratio: 2 / 55
Analysis date: 2015-12-14 10:33:59 UTC ( 3 years ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20151214
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20151214
Ad-Aware 20151214
AegisLab 20151214
Yandex 20151213
AhnLab-V3 20151214
Alibaba 20151208
ALYac 20151214
Antiy-AVL 20151214
Arcabit 20151214
Avast 20151214
AVG 20151214
Avira (no cloud) 20151214
AVware 20151214
Baidu-International 20151213
BitDefender 20151214
Bkav 20151212
ByteHero 20151214
CAT-QuickHeal 20151214
ClamAV 20151214
CMC 20151214
Comodo 20151213
Cyren 20151213
DrWeb 20151214
Emsisoft 20151214
ESET-NOD32 20151214
F-Prot 20151214
F-Secure 20151214
Fortinet 20151214
GData 20151214
Ikarus 20151214
Jiangmin 20151213
K7AntiVirus 20151214
K7GW 20151214
Malwarebytes 20151214
McAfee 20151214
McAfee-GW-Edition 20151214
Microsoft 20151214
eScan 20151214
NANO-Antivirus 20151214
nProtect 20151211
Panda 20151213
Rising 20151212
Sophos AV 20151214
SUPERAntiSpyware 20151214
Symantec 20151213
Tencent 20151214
TheHacker 20151214
TrendMicro 20151214
TrendMicro-HouseCall 20151214
VBA32 20151211
VIPRE 20151214
ViRobot 20151214
Zillya 20151213
Zoner 20151214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name WINCHAT.EXE
Internal name WINCHAT
File version 5.1.2600.0 (xpclient.010817-1148)
Description Программа разговора (Chat) для NT из Windows для рабочих групп
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-14 09:57:02
Entry Point 0x0000105A
Number of sections 6
PE sections
PE imports
PeekNamedPipe
SetFileApisToANSI
GetFileSize
CreateJobObjectA
MoveFileWithProgressW
CallNamedPipeA
IsBadWritePtr
FreeConsole
LoadLibraryA
GetNumberFormatW
LocalLock
StrCatChainW
MessageBoxA
cos
_chkstk
isprint
Number of PE resources by type
RT_STRING 5
RT_ICON 3
RT_GROUP_ICON 3
RT_DIALOG 2
RT_MENU 1
RT_RCDATA 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 18
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.0

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
135168

EntryPoint
0x105a

OriginalFileName
WINCHAT.EXE

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.0 (xpclient.010817-1148)

TimeStamp
2015:12:14 10:57:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WINCHAT

ProductVersion
5.1.2600.0

FileDescription
(Chat) NT Windows

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
61440

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 65cdbff6c454c4aa0225ccb4e632bde6
SHA1 2470721f661c7063b83ad1c86c81d31c73137bba
SHA256 bf0ba0338f5fdb1b81d8e0047f64819b57d6f599bd58bd18c89277fae75f70a2
ssdeep
3072:cJ9gaM39PnLf+rkKkqT6mTszgBhum5iHz4F:cJwPz+rFozgBD5A4

imphash 0a5b6215f6c9fb8703f506c44bd14d6d
File size 192.0 KB ( 196608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-14 09:30:26 UTC ( 3 years ago )
Last submission 2018-04-24 20:47:01 UTC ( 7 months, 4 weeks ago )
File names 43s5d6f7g.exe
43s5d6f7g.exe.malware
WINCHAT
sfbartist.net-437g8-43s5d6f7g.exe
43s5d6f7g.exe
43s5d6f7g.exe
43s5d6f7g.exe
WINCHAT.EXE
43s5d6f7g.exe
65cdbff6c454c4aa0225ccb4e632bde6.exe
43s5d6f7g[1].exe.2256.dr
43s5d6f7g.exe
43s5d6f7g[1].exe
43s5d6f7g.exe
dimenas.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections