× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d5732232771fd8449550bc4b01f9854e3d574530a59626b27da05af44eae3bd8
File name: AKgC89BQ2cuoaZ7Iu.exe
Detection ratio: 19 / 67
Analysis date: 2017-10-21 12:02:03 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20171021
Avast FileRepMalware 20171021
AVG FileRepMalware 20171021
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171020
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
eGambit malicious_confidence_92% 20171021
Endgame malicious (high confidence) 20171016
ESET-NOD32 a variant of Win32/GenKryptik.BAUN 20171021
Fortinet W32/GenKryptik.AZRU!tr 20171021
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171021
McAfee Artemis!DFCC4C421DC6 20171021
McAfee-GW-Edition Artemis 20171021
Palo Alto Networks (Known Signatures) generic.ml 20171021
Rising Malware.Heuristic!ET#90% (RDM+:cmRtazrCbhE75nko6iyq9F8ED8LH) 20171021
SentinelOne (Static ML) static engine - malicious 20171019
Symantec ML.Attribute.HighConfidence 20171020
Webroot W32.Trojan.Emotet 20171021
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171021
Ad-Aware 20171021
AhnLab-V3 20171021
Alibaba 20170911
ALYac 20171021
Antiy-AVL 20171021
Arcabit 20171021
Avast-Mobile 20171021
Avira (no cloud) 20171021
AVware 20171021
BitDefender 20171021
Bkav 20171020
CAT-QuickHeal 20171020
ClamAV 20171021
CMC 20171018
Comodo 20171021
Cylance 20171021
Cyren 20171021
DrWeb 20171021
Emsisoft 20171021
F-Prot 20171021
F-Secure 20171021
GData 20171021
Ikarus 20171021
Jiangmin 20171021
K7AntiVirus 20171019
K7GW 20171021
Kingsoft 20171021
Malwarebytes 20171021
MAX 20171021
Microsoft 20171021
eScan 20171021
NANO-Antivirus 20171021
nProtect 20171021
Panda 20171021
Qihoo-360 20171021
Sophos AV 20171021
SUPERAntiSpyware 20171021
Symantec Mobile Insight 20171011
Tencent 20171021
TheHacker 20171017
TotalDefense 20171021
TrendMicro 20171021
TrendMicro-HouseCall 20171021
Trustlook 20171021
VBA32 20171020
VIPRE 20171021
ViRobot 20171021
WhiteArmor 20171016
Yandex 20171020
Zillya 20171019
Zoner 20171021
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2008 Daniel Pistelli. All rights reserved

Product PE Detective
Original name PE Detective.exe
Internal name PE Detective.exe
File version 1.2.1.1
Description Portable Executable Detective
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-21 18:00:24
Entry Point 0x00001670
Number of sections 8
PE sections
PE imports
BuildTrusteeWithNameW
RegSaveKeyExW
ImpersonateSelf
IsTokenRestricted
AddAuditAccessAceEx
GetServiceKeyNameA
CryptHashData
OpenSCManagerA
EqualPrefixSid
GetSaveFileNameA
CryptGetDefaultOIDDllList
LineTo
CreatePolyPolygonRgn
GetSystemTime
GetLastError
SystemTimeToFileTime
CreateNamedPipeW
lstrlenA
GetOverlappedResult
GetConsoleCP
LCMapStringA
GetProcessTimes
lstrlenW
GetCPInfoExW
GetCurrentDirectoryA
GetCommandLineA
FillConsoleOutputAttribute
GetCurrentThread
GlobalAddAtomW
lstrcmpA
FindFirstFileExA
lstrcpyA
CloseHandle
TransactNamedPipe
DuplicateHandle
GetEnvironmentVariableA
FindResourceExW
Sleep
GetFullPathNameW
GetPrivateProfileSectionNamesW
GetCurrentThreadId
MprInfoDuplicate
BSTR_UserSize
SysStringLen
RasGetEntryPropertiesW
NDRCContextBinding
UuidToStringA
RpcStringBindingParseA
CM_Get_Class_Name_ExW
SetupOpenMasterInf
SetupCommitFileQueueW
CM_Set_DevNode_Registry_PropertyW
SHGetSpecialFolderLocation
PathCommonPrefixW
StrNCatA
PathFindExtensionW
SHRegDeleteUSValueW
GetMenuContextHelpId
ClientToScreen
EnumDesktopsA
GetFileVersionInfoA
midiOutShortMsg
midiStreamProperty
midiOutCachePatches
timeGetSystemTime
midiOutGetDevCapsA
midiOutClose
EnumPrintProcessorDatatypesW
EnumPrintersW
WTHelperProvDataFromStateData
CryptSIPRemoveSignedDataMsg
CryptCATPutCatAttrInfo
shutdown
getsockname
SCardListCardsA
putchar
iswpunct
free
StringFromCLSID
BindMoniker
Number of PE resources by type
RT_STRING 13
RT_ICON 10
RT_DIALOG 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ITALIAN 18
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.1.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Portable Executable Detective

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
110592

EntryPoint
0x1670

OriginalFileName
PE Detective.exe

MIMEType
application/octet-stream

LegalCopyright
2008 Daniel Pistelli. All rights reserved

FileVersion
1.2.1.1

TimeStamp
2017:10:21 18:00:24+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
PE Detective.exe

ProductVersion
1.2.1.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Daniel Pistelli

CodeSize
20480

ProductName
PE Detective

ProductVersionNumber
1.2.1.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 dfcc4c421dc6c07ec1908a352c35be17
SHA1 a9359f55ea848c4fc68701ec3747b3bd2bedbc8a
SHA256 d5732232771fd8449550bc4b01f9854e3d574530a59626b27da05af44eae3bd8
ssdeep
3072:havk93xjuac8nqX9h92us1Bz9DbRcDYgWxn:wvkTDqz8usXDY

authentihash 4a4ca312e4e44579b65ee2c9c79819728a47c4e8ecc2f2223a7fafd3f7d4fb74
imphash 1807800f80692d590f642a77851c745e
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-21 09:09:59 UTC ( 1 year, 1 month ago )
Last submission 2018-07-22 18:23:42 UTC ( 4 months, 3 weeks ago )
File names PE Detective.exe
dfcc4c421dc6c07ec1908a352c35be17.vir
AKgC89BQ2cuoaZ7Iu.exe
dfcc4c421dc6c07ec1908a352c35be17.vir
1024-a9359f55ea848c4fc68701ec3747b3bd2bedbc8a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs