× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c1816f44146482293c4bba8ac70e400f2cde6a62fcbfeae344bdbc1f3147d237
File name: ExeinfoPE.exe
Detection ratio: 39 / 56
Analysis date: 2015-07-22 14:30:31 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.16669 20150722
Yandex Backdoor.Mokes! 20150721
AhnLab-V3 Trojan/Win32.MDA 20150722
Arcabit Trojan.Mikey.D411D 20150722
Avast Win32:Malware-gen 20150722
AVG Inject2.CJON 20150721
Avira (no cloud) TR/Crypt.ZPACK.30010 20150722
AVware Trojan-Downloader.Win32.Dofoil 20150722
Baidu-International Backdoor.Win32.Mokes.vne 20150722
BitDefender Gen:Variant.Mikey.16669 20150722
Bkav W32.VariantMikeyAK.Trojan 20150722
Comodo UnclassifiedMalware 20150722
Cyren W32/S-0b92b060!Eldorado 20150722
DrWeb Trojan.DownLoader14.6545 20150722
Emsisoft Gen:Variant.Mikey.16669 (B) 20150722
ESET-NOD32 a variant of Win32/Injector.CDKF 20150722
F-Prot W32/S-0b92b060!Eldorado 20150722
F-Secure Gen:Variant.Mikey.16669 20150722
Fortinet W32/Kryptik.DNAH!tr 20150722
GData Gen:Variant.Mikey.16669 20150722
Ikarus Trojan.Win32.Injector 20150722
Jiangmin Backdoor/Androm.qmg 20150720
K7AntiVirus Trojan ( 004c6a811 ) 20150722
K7GW Trojan ( 004c6a811 ) 20150722
Kaspersky Backdoor.Win32.Mokes.vne 20150722
Malwarebytes Trojan.Ropest 20150722
McAfee RDN/Suspicious.bfr!bj 20150722
McAfee-GW-Edition BehavesLike.Win32.Dropper.cm 20150722
Microsoft TrojanDownloader:Win32/Dofoil.W 20150722
eScan Gen:Variant.Mikey.16669 20150722
NANO-Antivirus Trojan.Win32.Mokes.dtfdqg 20150722
Panda Trj/Genetic.gen 20150722
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20150722
Sophos AV Mal/Generic-S 20150722
Symantec Trojan.Gen 20150722
Tencent Win32.Backdoor.Mokes.Wwec 20150722
TrendMicro TROJ_GEN.R01TC0CFT15 20150722
VIPRE Trojan-Downloader.Win32.Dofoil 20150722
Zillya Backdoor.Mokes.Win32.841 20150722
AegisLab 20150722
Alibaba 20150722
ALYac 20150722
Antiy-AVL 20150722
ByteHero 20150722
CAT-QuickHeal 20150722
ClamAV 20150721
Kingsoft 20150722
nProtect 20150722
Rising 20150722
SUPERAntiSpyware 20150722
TheHacker 20150721
TotalDefense 20150722
TrendMicro-HouseCall 20150722
VBA32 20150722
ViRobot 20150722
Zoner 20150722
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
A.S.L.

Publisher A.S.L Software
Product Exeinfo PE by A.S.L
Original name ExeinfoPE.exe
Internal name ExeinfoPE.exe
File version 0.0.2.2
Description ExEinfo PE - Win32 exe identifier
Comments www.exeinfo.go.pl
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-22 00:20:18
Entry Point 0x00007F8A
Number of sections 4
PE sections
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegQueryValueExA
SetFileSecurityW
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
GetOpenFileNameA
CommDlgExtendedError
DeleteObject
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
FindFirstFileW
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
MoveFileA
FindClose
InterlockedDecrement
SetFileAttributesW
SetLastError
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
MoveFileExA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetNumberFormatA
VirtualQuery
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
DosDateTimeToFileTime
CreateDirectoryA
DeleteFileA
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
FindNextFileW
CompareStringA
FindNextFileA
ExpandEnvironmentStringsA
GetTimeZoneInformation
CreateFileW
WriteProfileSectionW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
IsDBCSLeadByte
GlobalAlloc
GetCPInfo
FileTimeToLocalFileTime
GetEnvironmentStrings
BuildCommDCBAndTimeoutsA
GetCurrentProcessId
LockResource
SetFileTime
MapUserPhysicalPages
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
FindFirstFileA
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetFullPathNameA
GetTimeFormatA
SHGetFileInfoA
ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
MapWindowPoints
GetMessageA
GetParent
UpdateWindow
EndDialog
SetFocus
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
CharToOemBuffA
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
SetDlgItemTextA
PostMessageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
GetSysColor
GetDC
RegisterClassExA
SetWindowTextA
DestroyIcon
LoadStringA
wsprintfA
AnyPopup
GetSystemMetrics
IsWindowVisible
SendMessageA
GetClientRect
GetDlgItem
BringWindowToTop
OemToCharBuffA
OemToCharA
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
LoadIconA
AdjustWindowRect
CopyRect
WaitForInputIdle
ArrangeIconicWindows
GetClassNameA
GetWindowTextA
CharToOemA
DestroyWindow
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
RT_HTML 1
Number of PE resources by language
ARABIC QATAR 1
POLISH DEFAULT 1
MALAY MALAYSIA 1
PE resources
ExifTool file metadata
LegalTrademarks
( c ) A.S.L. Soft

SubsystemVersion
5.0

Comments
www.exeinfo.go.pl

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.0.2.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ExEinfo PE - Win32 exe identifier

CharacterSet
Windows, Latin1

InitializedDataSize
87552

EntryPoint
0x7f8a

OriginalFileName
ExeinfoPE.exe

MIMEType
application/octet-stream

LegalCopyright
A.S.L.

FileVersion
0.0.2.2

TimeStamp
2015:06:22 01:20:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ExeinfoPE.exe

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
A.S.L Software

CodeSize
93696

ProductName
Exeinfo PE by A.S.L

ProductVersionNumber
0.0.2.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 dbf23b1d9168a230b21e26035eb3ab37
SHA1 8bbbddb651c5ec7f3cd56fd1d97332c9b1f6a927
SHA256 c1816f44146482293c4bba8ac70e400f2cde6a62fcbfeae344bdbc1f3147d237
ssdeep
3072:qr+Z/uXBf3WzBNVBNhweXI++jyos75tjIWSv1:vmf3s1wfTyoatjIx1

authentihash e95910aef25b7e0f7358794ae6c02445f250291691f4df736c6979958d559a18
imphash f0e2ace69f967a255a3744611ac51acf
File size 178.0 KB ( 182272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-26 00:37:39 UTC ( 2 years, 10 months ago )
Last submission 2015-06-26 00:37:39 UTC ( 2 years, 10 months ago )
File names ExeinfoPE.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Runtime DLLs
HTTP requests
DNS requests
TCP connections