× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: db4cbfa63bf76de0b743423c7bbe40bbd24ead02736022d044ddfa9d91bcfbfe
File name: db4cbfa63bf76de0b743423c7bbe40bbd24ead02736022d044ddfa9d91bcfbfe
Detection ratio: 11 / 70
Analysis date: 2018-12-01 09:48:57 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.0d4c78 20180225
Cylance Unsafe 20181201
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GMLY 20181201
Sophos ML heuristic 20181128
Qihoo-360 HEUR/QVM20.1.9241.Malware.Gen 20181201
Rising Malware.Heuristic!ET#89% (RDM+:cmRtazpBnhP/Lnn75ES5N4vN91xR) 20181201
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181201
Trapmine malicious.high.ml.score 20181128
Ad-Aware 20181201
AegisLab 20181201
AhnLab-V3 20181130
Alibaba 20180921
ALYac 20181201
Antiy-AVL 20181201
Arcabit 20181201
Avast 20181201
Avast-Mobile 20181201
AVG 20181201
Avira (no cloud) 20181130
Babable 20180918
Baidu 20181130
BitDefender 20181201
Bkav 20181129
CAT-QuickHeal 20181130
ClamAV 20181201
CMC 20181130
Comodo 20181201
Cyren 20181201
DrWeb 20181201
eGambit 20181201
Emsisoft 20181201
F-Prot 20181201
F-Secure 20181201
Fortinet 20181201
GData 20181201
Ikarus 20181201
Jiangmin 20181201
K7AntiVirus 20181201
K7GW 20181201
Kaspersky 20181201
Kingsoft 20181201
Malwarebytes 20181201
MAX 20181201
McAfee 20181201
McAfee-GW-Edition 20181201
Microsoft 20181201
eScan 20181201
NANO-Antivirus 20181201
Palo Alto Networks (Known Signatures) 20181201
Panda 20181201
Sophos AV 20181201
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181201
Tencent 20181201
TheHacker 20181129
TotalDefense 20181201
TrendMicro 20181201
TrendMicro-HouseCall 20181201
Trustlook 20181201
VBA32 20181130
VIPRE 20181201
ViRobot 20181130
Webroot 20181201
Yandex 20181130
Zillya 20181130
ZoneAlarm by Check Point 20181201
Zoner 20181201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft Corp. 1990-1996

Product Bidi32
Internal name Bidi32
File version Version 4.0
Description Microsoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-01 09:45:38
Entry Point 0x000026C0
Number of sections 4
PE sections
PE imports
AddAuditAccessAceEx
ReportEventA
AuthzInitializeContextFromToken
FrameRgn
AnimatePalette
GdiSetBatchLimit
SetBrushOrgEx
GetTextFaceA
IsDBCSLeadByteEx
GetNamedPipeClientComputerNameA
GetModuleHandleA
GetSystemDirectoryW
HeapAlloc
TlsSetValue
Sleep
AddRefActCtx
MprAdminMIBServerDisconnect
RpcBindingToStringBindingA
RpcServerYield
RpcBindingSetAuthInfoExA
RpcServerRegisterIf
CM_Get_First_Log_Conf
SetupDiOpenDeviceInterfaceW
PathRemoveFileSpecA
DrawAnimatedRects
GetIconInfo
GetClassLongW
GetMenuItemRect
IsProcessDPIAware
CreateIconFromResource
SetCursorPos
PackDDElParam
DefRawInputProc
GetClipboardData
GetFileVersionInfoW
midiInReset
WinVerifyTrustEx
Ord(30)
CoInvalidateRemoteMachineBindings
Number of PE resources by type
RT_STRING 3
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:12:01 10:45:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

Warning
Error processing PE data dictionary

EntryPoint
0x26c0

InitializedDataSize
483328

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 3af8fe10d4c78f4522e2465ad807a4ad
SHA1 4b913ca5bccab7530f5a9c43351bd2062452b145
SHA256 db4cbfa63bf76de0b743423c7bbe40bbd24ead02736022d044ddfa9d91bcfbfe
ssdeep
3072:tCPCIaL3ir/qjZAPTRdAZ/DxdnQZslHs1zMd4D:9OqjuLz+xdGmHsedQ

authentihash 01e1ee05db08be4fd51041f02bc4a5d6d4c43c2c08a498e7f386bd3df57cfa61
imphash 59d07619894f06ade3e4c04cb6f53390
File size 488.0 KB ( 499712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-01 09:48:57 UTC ( 2 months, 3 weeks ago )
Last submission 2018-12-01 09:48:57 UTC ( 2 months, 3 weeks ago )
File names Bidi32
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!