× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dee6c01a9e597def1462e1b80b3f35e94b56a1f947aa8edde4012e4a2aac8759
File name: 80.exe
Detection ratio: 4 / 55
Analysis date: 2016-03-10 13:43:39 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
Avast Win32:Evo-gen [Susp] 20160310
McAfee-GW-Edition BehavesLike.Win32.Downloader.hz 20160310
Qihoo-360 QVM41.1.Malware.Gen 20160310
Rising PE:Malware.Obscure!1.9C59 [F] 20160310
Ad-Aware 20160310
AegisLab 20160310
Yandex 20160308
AhnLab-V3 20160310
Alibaba 20160310
ALYac 20160310
Antiy-AVL 20160310
Arcabit 20160310
AVG 20160310
AVware 20160310
Baidu 20160310
Baidu-International 20160310
BitDefender 20160310
Bkav 20160310
ByteHero 20160310
CAT-QuickHeal 20160310
ClamAV 20160310
CMC 20160307
Comodo 20160310
Cyren 20160310
DrWeb 20160310
Emsisoft 20160310
ESET-NOD32 20160310
F-Prot 20160310
F-Secure 20160310
Fortinet 20160310
GData 20160310
Ikarus 20160310
Jiangmin 20160310
K7AntiVirus 20160310
K7GW 20160310
Kaspersky 20160310
Malwarebytes 20160310
McAfee 20160310
Microsoft 20160310
eScan 20160310
NANO-Antivirus 20160310
nProtect 20160310
Panda 20160309
Sophos AV 20160310
SUPERAntiSpyware 20160310
Symantec 20160309
Tencent 20160310
TheHacker 20160310
TrendMicro 20160310
TrendMicro-HouseCall 20160310
VBA32 20160309
VIPRE 20160310
ViRobot 20160310
Zillya 20160310
Zoner 20160310
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-10 13:13:14
Entry Point 0x00003E59
Number of sections 3
PE sections
PE imports
SetTextAlign
GetDeviceCaps
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
LCMapStringW
SetHandleCount
LoadLibraryA
TryEnterCriticalSection
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
GetThreadLocale
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
GlobalUnlock
lstrcmpiW
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
CancelWaitableTimer
EnterCriticalSection
GetEnvironmentStrings
GetLocaleInfoA
LocalAlloc
GetCurrentProcess
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CreateHardLinkW
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
IsDebuggerPresent
TerminateProcess
QueryPerformanceCounter
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
SetLastError
InterlockedIncrement
GetWindowLongA
IsCharUpperA
InflateRect
GetTopWindow
PostMessageA
IsRectEmpty
GetKeyboardLayout
KillTimer
PeekMessageA
IsCharAlphaNumericW
GetWindowTextA
LoadKeyboardLayoutA
GetKeyNameTextW
IsChild
DestroyWindow
UnDecorateSymbolName
OleDuplicateData
CoRegisterMessageFilter
Number of PE resources by type
RT_STRING 13
RT_RCDATA 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:03:10 14:13:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36352

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x3e59

InitializedDataSize
564224

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 12aea17b5450e3bfc872c9f6fe6603da
SHA1 8a0626ccfc989c4f0cd10d5b6e4661afa08f5198
SHA256 dee6c01a9e597def1462e1b80b3f35e94b56a1f947aa8edde4012e4a2aac8759
ssdeep
6144:tW9cdEA0i/brqSw9E+AyXkb/zlaMvZkG93:tW9gHqS7+Ay8z1x3

authentihash 6217655d885a1ff6be8f5359ab6e1d6ceccf9edb855ccad316f0109823f56a6d
imphash 4aa03a6632770d730be36c12acdad8a6
File size 587.5 KB ( 601600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2016-03-10 13:29:09 UTC ( 3 years, 2 months ago )
Last submission 2018-10-08 04:34:23 UTC ( 7 months, 2 weeks ago )
File names dee6c01a9e597def1462e1b80b3f35e94b56a1f947aa8edde4012e4a2aac8759
dee6c01a9e597def1462e1b80b3f35e94b56a1f947aa8edde4012e4a2aac8759.exe
12aea17b5450e3bfc872c9f6fe6603da.exe
80.exe
80_exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications