× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c9fe44d7fa9fe15a9feba6f75a85114e5c094f646fd5d8021884b3e2dbbe8069
File name: 234252bd2f6debaf232f5ae350d2a2b670946f46
Detection ratio: 22 / 54
Analysis date: 2016-01-28 03:25:08 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3010325 20160128
ALYac Trojan.GenericKD.3010325 20160128
Arcabit Trojan.Generic.D2DEF15 20160128
Avast Win32:Malware-gen 20160128
AVG Crypt5.AENR 20160128
Avira (no cloud) TR/Crypt.XPACK.Gen 20160127
BitDefender Trojan.GenericKD.3010325 20160128
ByteHero Trojan.Win32.Click.dqu 20160128
Emsisoft Trojan.GenericKD.3010325 (B) 20160128
ESET-NOD32 a variant of Win32/Kryptik.CPLV 20160128
F-Secure Trojan.GenericKD.3010325 20160128
Fortinet W32/Kryptik.CPLV!tr 20160128
GData Trojan.GenericKD.3010325 20160128
Ikarus Trojan.Win32.Crypt 20160128
K7AntiVirus Trojan ( 004b086f1 ) 20160127
K7GW Trojan ( 004b086f1 ) 20160127
Microsoft Trojan:Win32/Ramdo.H 20160128
eScan Trojan.GenericKD.3010325 20160128
nProtect Trojan.GenericKD.3010325 20160127
Qihoo-360 QVM20.1.Malware.Gen 20160128
TrendMicro TROJ_GEN.R028C0DAR16 20160128
VIPRE Trojan.Win32.Generic!BT 20160127
AegisLab 20160127
Yandex 20160126
AhnLab-V3 20160127
Alibaba 20160127
Antiy-AVL 20160128
Baidu-International 20160127
Bkav 20160127
CAT-QuickHeal 20160128
ClamAV 20160128
CMC 20160111
Comodo 20160127
Cyren 20160128
DrWeb 20160128
F-Prot 20160128
Jiangmin 20160128
Kaspersky 20160128
Malwarebytes 20160128
McAfee 20160128
McAfee-GW-Edition 20160128
NANO-Antivirus 20160128
Panda 20160127
Rising 20160127
Sophos AV 20160127
SUPERAntiSpyware 20160128
Symantec 20160127
TheHacker 20160124
TotalDefense 20160127
TrendMicro-HouseCall 20160128
VBA32 20160127
ViRobot 20160128
Zillya 20160127
Zoner 20160127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft IME 2012
Original name imesearch.exe
Internal name imesearch.exe
File version 15.0.9600.16384
Description IME search module
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-01-25 20:50:29
Entry Point 0x0002147D
Number of sections 5
PE sections
PE imports
GetUserNameA
GdiFlush
LineTo
MoveToEx
DeleteDC
GetLastError
GetStdHandle
ReleaseMutex
WaitForSingleObject
SetEvent
IsDebuggerPresent
DebugBreak
GetThreadLocale
GetVersionExA
LoadLibraryA
FreeLibrary
FreeEnvironmentStringsA
GetCurrentProcess
SizeofResource
GetCurrentProcessId
lstrcatA
LockResource
GetWindowsDirectoryA
UnhandledExceptionFilter
GetCommandLineA
GetCurrentThread
CreateMutexA
GetTempPathA
CreateSemaphoreA
CreateThread
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetComputerNameA
GetSystemDirectoryA
GetVersion
GetOEMCP
LocalFree
TerminateProcess
GetEnvironmentStrings
LoadResource
lstrcpyA
VirtualFree
AllocConsole
CreateFileA
ExitProcess
GetCurrentThreadId
ResetEvent
DuplicateIcon
DragFinish
SHReleaseThreadRef
GetMessageA
GetCaretBlinkTime
GetForegroundWindow
GetParent
UpdateWindow
BeginPaint
GetMessagePos
GetCapture
FindWindowA
ShowWindow
SetCapture
ReleaseCapture
MessageBoxA
TranslateMessage
GetWindow
GetProcessWindowStation
GetDC
ReleaseDC
WaitMessage
DestroyIcon
EndMenu
IsWindowVisible
SendMessageA
GetClientRect
CloseWindow
CreateDialogParamA
CopyIcon
SetDoubleClickTime
CreateWindowExA
LoadCursorA
GetActiveWindow
GetDesktopWindow
GetDialogBaseUnits
GetCursor
GetFocus
CloseClipboard
IsChild
OpenClipboard
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
timeGetTime
OpenPrinterA
ClosePrinter
GetPrinterDriverA
_chkstk
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 11
RT_DIALOG 8
RT_STRING 8
REGISTRY 2
TYPELIB 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 20
CHINESE TRADITIONAL 5
JAPANESE DEFAULT 4
CHINESE SIMPLIFIED 4
PE resources
ExifTool file metadata
CodeSize
137216

FileDescription
IME search module

InitializedDataSize
88576

ImageVersion
0.0

ProductName
Microsoft IME 2012

FileVersionNumber
15.0.9600.16384

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
imesearch.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
15.0.9600.16384

TimeStamp
2016:01:25 21:50:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
imesearch.exe

SubsystemVersion
5.1

ProductVersion
15.0.9600.16384

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

LegalTrademarks
Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(R) is a registered trademark of Microsoft Corporation.

FileSubtype
0

ProductVersionNumber
15.0.9600.16384

EntryPoint
0x2147d

ObjectFileType
Dynamic link library

File identification
MD5 a365fd2d4dd651ee93320f799c2ca161
SHA1 234252bd2f6debaf232f5ae350d2a2b670946f46
SHA256 c9fe44d7fa9fe15a9feba6f75a85114e5c094f646fd5d8021884b3e2dbbe8069
ssdeep
6144:aSoqo9NHmQbBIIn7o6dsvDR8AfAK+1NZvKKrmrb8:anqYVI8dsvN8A4K+1jI4

authentihash 17dd4d6aebe8ab3c488e94ae738a7a1cb1688ea5795f08995af59baf09891902
imphash 08a6afc8829784c126ee6dfdf7a17e91
File size 221.5 KB ( 226816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2016-01-28 03:25:08 UTC ( 3 years ago )
Last submission 2016-01-28 03:25:08 UTC ( 3 years ago )
File names imesearch.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Deleted files
Runtime DLLs
UDP communications