× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c2949f4151fe3b8fd8aaa61fe2f399982430860ce60a834c5ff1d8cfb2ae33d2
File name: GPULog.exe
Detection ratio: 29 / 57
Analysis date: 2015-03-07 07:26:07 UTC ( 5 months, 3 weeks ago )
Antivirus Result Update
ALYac Gen:Variant.Strictor.49187 20150307
AVG CoinMiner.AHB 20150307
AVware Backdoor.Win32.Ircbot.gen (v) 20150307
Ad-Aware Gen:Variant.Strictor.49187 20150307
AhnLab-V3 Trojan/Win32.BitCoinMiner 20150307
Avast Win32:BitCoinMiner-FC [Trj] 20150307
Avira TR/BitCoinMinerFC.A.5 20150307
BitDefender Gen:Variant.Strictor.49187 20150307
Comodo UnclassifiedMalware 20150307
Cyren W32/S-cfc84a51!Eldorado 20150307
DrWeb Trojan.BtcMine.221 20150306
ESET-NOD32 Win32/CoinMiner.JE 20150307
Emsisoft Gen:Variant.Strictor.49187 (B) 20150307
F-Prot W32/S-cfc84a51!Eldorado 20150307
F-Secure Gen:Variant.Strictor.49187 20150307
Fortinet W32/CoinMiner.JE!tr 20150307
GData Gen:Variant.Strictor.49187 20150307
Ikarus Win32.BitCoinMiner 20150307
Malwarebytes PUP.Optional.BitCoinMiner 20150307
McAfee Artemis!C61220545E4D 20150307
McAfee-GW-Edition Artemis!Trojan 20150307
MicroWorld-eScan Gen:Variant.Strictor.49187 20150307
NANO-Antivirus Trojan.Win32.BtcMine.dgjypv 20150307
Norman CoinMiner.S 20150307
Qihoo-360 Win32/Trojan.cd8 20150307
Sophos Bitcoin Miner 20150307
Symantec Trojan.Gen 20150307
Tencent Win32.Trojan.Falsesign.Swak 20150307
VIPRE Backdoor.Win32.Ircbot.gen (v) 20150307
AegisLab 20150307
Agnitum 20150306
Alibaba 20150307
Antiy-AVL 20150307
Baidu-International 20150307
Bkav 20150306
ByteHero 20150307
CAT-QuickHeal 20150307
CMC 20150304
ClamAV 20150307
Jiangmin 20150306
K7AntiVirus 20150306
K7GW 20150307
Kaspersky 20150307
Kingsoft 20150307
Microsoft 20150307
Panda 20150306
Rising 20150306
SUPERAntiSpyware 20150307
TheHacker 20150306
TotalDefense 20150307
TrendMicro 20150307
TrendMicro-HouseCall 20150307
VBA32 20150306
ViRobot 20150307
Zillya 20150306
Zoner 20150306
nProtect 20150306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher White Sea Media
Signature verification Signed file, verified signature
Signing date 2:37 AM 12/27/2013
Signers
[+] White Sea Media
Status Certificate out of its validity period
Valid from 1:00 AM 7/8/2013
Valid to 12:59 AM 7/9/2014
Valid usage Code Signing
Algorithm SHA1
Thumbprint 37705C1F0C6DA9512CF68F590F702C45AC4FCCD2
Serial number 1F B2 35 AC A7 56 5B A2 7A DC 70 2B 2B D0 5C 7F
[+] COMODO Code Signing CA 2
Status Valid
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm SHA1
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] DigiCert Timestamp Responder
Status Certificate out of its validity period
Valid from 1:00 AM 5/21/2013
Valid to 1:00 AM 6/4/2014
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 766489C6D10DC60904E1158E9CC8BE6D4E5EFB53
Serial number 03 9F ED ED CB 79 5B 8D ED 32 0C 89 19 F0 36 89
[+] DigiCert Assured ID CA-1
Status Valid
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm SHA1
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm SHA1
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-27 01:25:32
Entry Point 0x00353000
Number of sections 6
PE sections
PE imports
InitCommonControls
Number of PE resources by type
RT_ICON 16
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
ENGLISH US 23
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:12:27 02:25:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
76288

LinkerVersion
10.0

EntryPoint
0x353000

InitializedDataSize
76800

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Execution parents
File identification
MD5 c61220545e4d1ae512809b67f53d26e6
SHA1 45a0a640c0704386aa0ba56053b81d8817ecb4ce
SHA256 c2949f4151fe3b8fd8aaa61fe2f399982430860ce60a834c5ff1d8cfb2ae33d2
ssdeep
24576:CXEYlMhhoHEqNxdl0CoUilshHNxr/hoYphOSx8sEYglH+CEYyzGaOhoWAAt:CXXM2JNxdlU9OF/jphH8TVEX3Nc

authentihash 7eec7bd5385811c03e3caa75f6cf962102c55843e849236e25258a3d9cd6a6a1
imphash baa93d47220682c04d92f7797d9224ce
File size 1.3 MB ( 1328864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe signed

VirusTotal metadata
First submission 2014-01-06 09:42:25 UTC ( 1 year, 7 months ago )
Last submission 2014-07-30 14:40:01 UTC ( 1 year, 1 month ago )
File names gpulog.exe
GPULog.exe
GPULog.exe
GPULog.exe
C61220545E4D1AE512809B67F53D26E6.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs