× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dbf5f06ed0654f8753e04fc7ca37f9042871b9a4a8b164563a502e1c7dd6a5ec
File name: temps.jpg
Detection ratio: 9 / 61
Analysis date: 2017-06-17 12:04:54 UTC ( 1 year ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20170617
AVG Win32:Malware-gen 20170617
Avira (no cloud) TR/Crypt.XPACK.Gen7 20170616
Bkav HW32.Packed.F64E 20170616
Endgame malicious (high confidence) 20170615
ESET-NOD32 a variant of Win32/Spy.Banker.ADOE 20170617
K7AntiVirus Spyware ( 0050e48f1 ) 20170616
K7GW Hacktool ( 655367771 ) 20170617
Symantec ML.Attribute.HighConfidence 20170616
Ad-Aware 20170617
AegisLab 20170617
AhnLab-V3 20170617
Alibaba 20170616
ALYac 20170617
Antiy-AVL 20170617
Arcabit 20170617
AVware 20170617
Baidu 20170615
BitDefender 20170617
CAT-QuickHeal 20170617
ClamAV 20170617
CMC 20170617
Comodo 20170617
CrowdStrike Falcon (ML) 20170420
Cyren 20170617
DrWeb 20170617
Emsisoft 20170617
F-Prot 20170617
F-Secure 20170617
Fortinet 20170617
GData 20170617
Ikarus 20170617
Sophos ML 20170607
Jiangmin 20170617
Kaspersky 20170617
Kingsoft 20170617
Malwarebytes 20170617
McAfee 20170617
McAfee-GW-Edition 20170616
Microsoft 20170617
eScan 20170617
NANO-Antivirus 20170617
nProtect 20170617
Palo Alto Networks (Known Signatures) 20170617
Panda 20170617
Qihoo-360 20170617
Rising 20170617
SentinelOne (Static ML) 20170516
Sophos AV 20170617
SUPERAntiSpyware 20170617
Symantec Mobile Insight 20170614
Tencent 20170617
TheHacker 20170616
TrendMicro 20170617
TrendMicro-HouseCall 20170617
Trustlook 20170617
VBA32 20170616
VIPRE 20170617
ViRobot 20170617
Webroot 20170617
WhiteArmor 20170616
Yandex 20170616
Zillya 20170617
ZoneAlarm by Check Point 20170617
Zoner 20170617
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product YrvahgG5tVgj
File version 1.0.0.0
Description YrvahgG5tVgj
Signature verification The certificate is not valid for the requested usage.
Signing date 6:23 PM 6/24/2017
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-31 14:57:49
Entry Point 0x0059504F
Number of sections 13
PE sections
Overlays
MD5 b9ebc94ee079029ab37dd5406e17e44c
File type data
Offset 4017152
Size 4640
Entropy 7.36
PE imports
RegQueryValueExW
_TrackMouseEvent
GetDeviceCaps
LocalFree
GetModuleFileNameA
GetSystemDefaultUILanguage
LocalAlloc
GetModuleHandleA
GetModuleFileNameW
GetVersionExW
ExitProcess
GetVersion
LoadLibraryA
NetWkstaGetInfo
NtQueryInformationProcess
OleUninitialize
LresultFromObject
SysFreeString
ShellExecuteW
IsWindow
GetFileVersionInfoW
FindCloseUrlCache
sndPlaySoundW
EnumPrintersW
PE exports
Number of PE resources by type
RT_ICON 17
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 20
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
1582592

ImageVersion
0.0

ProductName
YrvahgG5tVgj

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2017:05:31 15:57:49+01:00

FileType
Win32 EXE

PEType
PE32

ProgramID
com.embarcadero.YrvahgG5tVgj

ProductVersion
1.0.0.0

FileDescription
YrvahgG5tVgj

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
3563008

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x59504f

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 142ebfa97041ca2beec66f9e8dfd07e4
SHA1 bd4d7b7c626043b1ea24d557cb5cb4eb511b502e
SHA256 dbf5f06ed0654f8753e04fc7ca37f9042871b9a4a8b164563a502e1c7dd6a5ec
ssdeep
98304:A9UQWvduNweH66UYB1o2k0P2rEtfmtZQgiqMuzoUdY:3JdKpHvBC10Pu0m3yqJ0yY

authentihash f5461ec9d6409ebb15c54ebda431a1dbc4418f41a1cd2b6b704a6368628eaaf2
imphash 77407f2f956cac0e245deecfd9fe39fc
File size 3.8 MB ( 4021792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-06-17 12:04:54 UTC ( 1 year ago )
Last submission 2017-06-19 07:27:07 UTC ( 1 year ago )
File names temps.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications