× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d5e766ea8698eb1a79608e4bce20d2f91855206c237c6ed6909ffcf35520fc42
File name: 29nZ1rCNlJdmcvnRzOE.exe
Detection ratio: 12 / 67
Analysis date: 2017-12-27 17:24:58 UTC ( 1 month, 4 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20171227
AVG FileRepMalware 20171227
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20171227
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171227
eGambit Unsafe.AI_Score_97% 20171227
Endgame malicious (high confidence) 20171130
Fortinet W32/Kryptik.FZTF!tr 20171227
Rising Trojan.Kryptik!8.8 (TFE:2:r0T0Apd0pPK) 20171227
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Mal/EncPk-ANR 20171227
Tencent Suspicious.Heuristic.Gen.b.0 20171227
Ad-Aware 20171225
AegisLab 20171227
AhnLab-V3 20171227
Alibaba 20171227
ALYac 20171227
Arcabit 20171227
Avast-Mobile 20171226
Avira (no cloud) 20171227
AVware 20171227
BitDefender 20171227
Bkav 20171227
CAT-QuickHeal 20171227
ClamAV 20171227
CMC 20171227
Comodo 20171227
Cybereason 20171103
Cyren 20171227
DrWeb 20171227
Emsisoft 20171227
ESET-NOD32 20171227
F-Prot 20171227
F-Secure 20171227
GData 20171227
Ikarus 20171227
Sophos ML 20170914
Jiangmin 20171227
K7AntiVirus 20171227
K7GW 20171227
Kaspersky 20171227
Kingsoft 20171227
Malwarebytes 20171227
MAX 20171227
McAfee 20171227
McAfee-GW-Edition 20171227
Microsoft 20171227
eScan 20171227
NANO-Antivirus 20171227
nProtect 20171227
Palo Alto Networks (Known Signatures) 20171227
Panda 20171227
Qihoo-360 20171227
SUPERAntiSpyware 20171227
Symantec 20171227
Symantec Mobile Insight 20171227
TheHacker 20171226
TotalDefense 20171227
TrendMicro 20171227
TrendMicro-HouseCall 20171227
Trustlook 20171227
VBA32 20171227
VIPRE 20171227
ViRobot 20171227
Webroot 20171227
WhiteArmor 20171226
Yandex 20171225
Zillya 20171226
ZoneAlarm by Check Point 20171227
Zoner 20171227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1999-2006 by PHaX

Product GT2
Original name gtbasic.dll
Internal name gtbasic.dll
File version 0.35
Description General purpose library.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-28 02:11:14
Entry Point 0x00001AE0
Number of sections 8
PE sections
PE imports
RegEnumKeyW
LookupPrivilegeNameA
CreatePatternBrush
CreateBitmap
DeleteObject
GetThreadPriority
GetSystemDefaultUILanguage
lstrcmpA
ReadFile
TlsGetValue
Sleep
GetVersion
SetComputerNameA
UuidToStringW
SetupGetLineCountW
SHRegQueryInfoUSKeyW
GetSubMenu
SetTimer
GetForegroundWindow
GetWindowLongA
SetWindowTextA
IsWindow
AdjustWindowRect
AnyPopup
GetClientRect
GetWindowPlacement
MessageBoxA
GetSystemMenu
GetWindowTextA
GetOpenClipboardWindow
SetWindowPos
timeGetSystemTime
SCardReconnect
StgOpenStorageOnILockBytes
Number of PE resources by type
RT_STRING 114
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 115
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.15

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.35.0.0

LanguageCode
German

FileFlagsMask
0x003f

FileDescription
General purpose library.

CharacterSet
Windows, Latin1

InitializedDataSize
184320

EntryPoint
0x1ae0

OriginalFileName
gtbasic.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
0.35

TimeStamp
2017:12:28 03:11:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
gtbasic.dll

ProductVersion
0.35

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (c) 1999-2006 by PHaX

MachineType
Intel 386 or later, and compatibles

CompanyName
http://philip.helger.com/gt/

CodeSize
0

ProductName
GT2

ProductVersionNumber
0.35.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Comment
http://philip.helger.com/gt/

File identification
MD5 52f10c8b38e833a41fac75f63f93b3bc
SHA1 c36233060b54c7e2a2bf55f3f476630e4e817778
SHA256 d5e766ea8698eb1a79608e4bce20d2f91855206c237c6ed6909ffcf35520fc42
ssdeep
3072:4qzJsf3Tl5nlspYfz5knfPz76hAOerEiZ8A3Gcnne26rsHsuY:4ysfTnlnm3z76qOeR

authentihash 06707a1d9f7637bddad0962370daae6fc6c079ccb757aff8efa0dec63bd7432b
imphash dc20121814764dac0a87b9d3c9563cf2
File size 192.0 KB ( 196608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-27 17:24:58 UTC ( 1 month, 4 weeks ago )
Last submission 2017-12-28 22:20:04 UTC ( 1 month, 3 weeks ago )
File names 29nZ1rCNlJdmcvnRzOE.exe
24504504.exe
gtbasic.dll
21620936.exe
27255808.exe
20898904.exe
22210680.exe
20833232.exe
helpsvc.exe
21227232.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.