× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c1790994f32aa1c104bbca7ff17b6b8710acb03030ee1e4351547603e9fd88e7
File name: OgFQ.exe
Detection ratio: 13 / 66
Analysis date: 2018-11-05 14:36:39 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20181105
Bkav HW32.Packed. 20181102
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.5927c0 20180225
Cylance Unsafe 20181105
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20181105
Microsoft Trojan:Win32/Azden.B!cl 20181105
Qihoo-360 HEUR/QVM20.1.0116.Malware.Gen 20181105
Rising Malware.Heuristic!ET#93% (RDM+:cmRtazrJQmTOW4EnTIpDIFYzQ7Vu) 20181105
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181105
Ad-Aware 20181105
AegisLab 20181105
AhnLab-V3 20181105
Alibaba 20180921
ALYac 20181105
Antiy-AVL 20181105
Arcabit 20181105
Avast 20181105
Avast-Mobile 20181105
Avira (no cloud) 20181105
Baidu 20181105
BitDefender 20181105
CAT-QuickHeal 20181105
ClamAV 20181105
CMC 20181105
Cyren 20181105
DrWeb 20181105
eGambit 20181105
Emsisoft 20181105
ESET-NOD32 20181105
F-Prot 20181105
F-Secure 20181105
Fortinet 20181105
GData 20181105
Ikarus 20181105
Jiangmin 20181105
K7AntiVirus 20181105
K7GW 20181105
Kaspersky 20181105
Kingsoft 20181105
Malwarebytes 20181105
MAX 20181105
McAfee 20181105
eScan 20181105
NANO-Antivirus 20181105
Palo Alto Networks (Known Signatures) 20181105
Panda 20181105
Sophos AV 20181105
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181030
TACHYON 20181105
Tencent 20181105
TheHacker 20181104
TotalDefense 20181105
TrendMicro 20181105
TrendMicro-HouseCall 20181105
Trustlook 20181105
VBA32 20181105
ViRobot 20181105
Webroot 20181105
Yandex 20181102
Zillya 20181102
ZoneAlarm by Check Point 20181105
Zoner 20181105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name wmvde
File version 6.
Description Windows M
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1996-06-16 21:58:56
Entry Point 0x00003B70
Number of sections 6
PE sections
PE imports
GetOldestEventLogRecord
RegEnumValueW
CryptEncrypt
RegSaveKeyA
AllocateLocallyUniqueId
ImageList_Draw
PlayMetaFileRecord
GetSystemPaletteEntries
FrameRgn
SetViewportOrgEx
GetPaletteEntries
EndPath
PlayMetaFile
CreateRoundRectRgn
GetFontLanguageInfo
RoundRect
GetBkColor
HeapSetInformation
NotifyUILanguageChange
GetPrivateProfileStructA
GetNumaAvailableMemoryNode
GetCurrentProcessId
GetCommandLineW
ChangeTimerQueueTimer
TerminateJobObject
GetCurrentThreadId
SetSystemTimeAdjustment
acmDriverOpen
DrawDibEnd
NetLocalGroupSetInfo
VarBstrCat
SysFreeString
RasGetProjectionInfoA
GetCursorPos
GetWindowThreadProcessId
CreateMenu
GetLastInputInfo
ScrollWindowEx
IsCharLowerW
LockSetForegroundWindow
midiOutLongMsg
midiStreamStop
AbortPrinter
ReadClassStg
CoGetCurrentLogicalThreadId
CoFreeUnusedLibraries
Number of PE resources by type
RT_STRING 3
RT_VERSION 1
Number of PE resources by language
NORWEGIAN BOKMAL 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
1.1

FileVersionNumber
1.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows M

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

Ht
Microsoft Corporation. All r

EntryPoint
0x3b70

MIMEType
application/octet-stream

FileVersion
6.

TimeStamp
1996:06:16 22:58:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wmvde

SubsystemVersion
5.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Micro

TVersion
1.0

CodeSize
12288

FileSubtype
0

ProductVersionNumber
1.6.0.0

InitializedDataSize
151552

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 83d95afcbcbee8e2fbf14c04b63b4b45
SHA1 abaca315927c081c80a44d103e0370de4094d95d
SHA256 c1790994f32aa1c104bbca7ff17b6b8710acb03030ee1e4351547603e9fd88e7
ssdeep
3072:XPVSz+s7LOyqK+pgh4tn0zEraTzBoJVjMyKm:tSCs7wpgh4t0zEraTzsu

authentihash b3df88617d749b81fdab0c4687e4c12031ed8af69cbb3c29c381d2c692d8f543
imphash b08dce4961b19b6be734e7024f85bcec
File size 128.0 KB ( 131072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (40.5%)
Win32 Dynamic Link Library (generic) (20.3%)
Win32 Executable (generic) (13.9%)
Win16/32 Executable Delphi generic (6.4%)
OS/2 Executable (generic) (6.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-05 14:36:39 UTC ( 3 months, 1 week ago )
Last submission 2018-11-21 11:59:13 UTC ( 2 months, 3 weeks ago )
File names 4.exe
2078527.exe
soundsstarta(148).gxe
output.114456708.txt
030.exe
OVSSHD.EXE
25290664.EXE
0HUUA3YKFEAYYPR7ZJE.EXE
OgFQ.exe
7343.exe
13.exe
wmvde
200.exe
8870.exe
31.exe
3.exe
33644725.exe
0256.exe
885.exe
3661163.exe
96766744.exe
HFLQNGJX2X6LJC.EXE
81037133.exe
85573.exe
0662.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!