× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dc3a2a6f9428553c47698553480afd2ce7c81d30b38c8cff198dcc83987e8035
File name: e5e40a0c39d4a0e51602f7cd4124789bec85b9f4
Detection ratio: 19 / 56
Analysis date: 2015-10-11 04:09:36 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.15141366 20151011
Antiy-AVL Trojan/Win32.Inject 20151011
Arcabit Trojan.Generic.DE709F6 20151011
Avast Win32:Malware-gen 20151011
AVG Atros2.AGXW 20151011
AVware Trojan.Win32.Generic!BT 20151011
BitDefender Trojan.Generic.15141366 20151011
ESET-NOD32 Win32/Sopinar.C 20151011
Fortinet W32/Inject.C!tr 20151010
GData Win32.Trojan.Agent.ELMTKO 20151011
Ikarus Trojan.Win32.Sopinar 20151010
Kaspersky Trojan.Win32.Inject.vjds 20151011
McAfee Artemis!2B2D522EDBF6 20151011
McAfee-GW-Edition Artemis 20151011
eScan Trojan.Generic.15141366 20151011
NANO-Antivirus Trojan.Win32.Inject.dxrdoe 20151011
Panda Generic Suspicious 20151010
Tencent Win32.Trojan.Bp-generic.Jaiu 20151011
VIPRE Trojan.Win32.Generic!BT 20151011
AegisLab 20151010
Yandex 20151009
AhnLab-V3 20151010
Alibaba 20151010
ALYac 20151010
Baidu-International 20151010
Bkav 20151010
ByteHero 20151011
CAT-QuickHeal 20151010
ClamAV 20151009
CMC 20151009
Comodo 20151011
Cyren 20151011
DrWeb 20151011
Emsisoft 20151011
F-Prot 20151011
F-Secure 20151010
Jiangmin 20151010
K7AntiVirus 20151011
K7GW 20151010
Kingsoft 20151011
Malwarebytes 20151011
Microsoft 20151011
nProtect 20151008
Qihoo-360 20151011
Rising 20151010
Sophos AV 20151011
SUPERAntiSpyware 20151011
Symantec 20151011
TheHacker 20151010
TotalDefense 20151011
TrendMicro 20151011
TrendMicro-HouseCall 20151011
VBA32 20151009
ViRobot 20151010
Zillya 20151011
Zoner 20151011
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-07 22:12:58
Entry Point 0x00005478
Number of sections 3
PE sections
PE imports
ExtTextOutW
SetMapMode
DeleteDC
RestoreDC
CreateBitmap
RectVisible
StretchBlt
SetWindowOrgEx
CreateRectRgnIndirect
ExtCreatePen
BitBlt
SetBkColor
SelectClipRgn
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
FreeLibrary
LCMapStringA
HeapDestroy
HeapAlloc
IsBadWritePtr
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetLocaleInfoA
InterlockedIncrement
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetCurrentThread
LeaveCriticalSection
CompareStringW
RaiseException
WideCharToMultiByte
TlsFree
SetFilePointer
GetCurrentThreadId
WriteFile
GetStartupInfoA
CloseHandle
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
SetEnvironmentVariableA
GetOEMCP
LocalFree
FormatMessageW
TerminateProcess
GetTimeZoneInformation
GetEnvironmentVariableA
HeapCreate
SetLastError
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
ExitProcess
GetVersion
GetLocaleInfoW
VirtualAlloc
SetConsoleCtrlHandler
GetModuleHandleA
CompareStringA
PathRemoveExtensionA
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoInitializeSecurity
StringFromCLSID
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:10:07 23:12:58+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
61440

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
69632

SubsystemVersion
4.0

EntryPoint
0x5478

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 2b2d522edbf6bdc5d86551cf5f6c7cef
SHA1 e5e40a0c39d4a0e51602f7cd4124789bec85b9f4
SHA256 dc3a2a6f9428553c47698553480afd2ce7c81d30b38c8cff198dcc83987e8035
ssdeep
3072:TdN9QeeJ6DgtJIEDIB9eoRyZW2S7cdbRB9+MB/E+CA:J86iJ9Dmeo/c/f+2E

authentihash e457ac3d7ca6d44219c6e1fc46a883f4e44d27c98bd15ede30cde4b9c5245de1
imphash cd6a08b08e90d00b92bf084dd16e59f2
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-10-11 04:09:36 UTC ( 3 years, 4 months ago )
Last submission 2015-10-11 04:09:36 UTC ( 3 years, 4 months ago )
File names newdev.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created mutexes
Runtime DLLs