× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: df66805b40483140f6628286932b8e5f0cf0ba2424c4afefa53f4d09175453d5
File name: jieduk.exe
Detection ratio: 8 / 54
Analysis date: 2015-06-23 13:01:16 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Arcabit Trojan.Graftor.D311BD 20150623
BitDefender Gen:Variant.Graftor.201149 20150623
Bkav HW32.Packed.3134 20150623
Emsisoft Gen:Variant.Graftor.201149 (B) 20150623
GData Gen:Variant.Graftor.201149 20150623
eScan Gen:Variant.Graftor.201149 20150623
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150623
Tencent Win32.Trojan.Inject.Auto 20150623
Ad-Aware 20150623
AegisLab 20150623
Yandex 20150622
AhnLab-V3 20150623
Alibaba 20150623
Antiy-AVL 20150623
Avast 20150623
AVG 20150623
Avira (no cloud) 20150623
AVware 20150623
Baidu-International 20150623
ByteHero 20150623
CAT-QuickHeal 20150623
ClamAV 20150623
Comodo 20150623
Cyren 20150623
DrWeb 20150623
ESET-NOD32 20150623
F-Prot 20150623
F-Secure 20150623
Fortinet 20150623
Ikarus 20150623
Jiangmin 20150620
K7AntiVirus 20150623
K7GW 20150623
Kaspersky 20150623
Kingsoft 20150623
Malwarebytes 20150623
McAfee 20150623
McAfee-GW-Edition 20150623
Microsoft 20150623
NANO-Antivirus 20150623
nProtect 20150623
Panda 20150623
Qihoo-360 20150623
Sophos AV 20150623
SUPERAntiSpyware 20150623
Symantec 20150623
TheHacker 20150622
TrendMicro 20150623
TrendMicro-HouseCall 20150623
VBA32 20150622
VIPRE 20150623
ViRobot 20150623
Zillya 20150622
Zoner 20150623
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Linear mathematical analysis©. All rights reserved.

Publisher Enigma GmbH
Product Linear mathematical analysis
File version 2.14
Description Mathematical Software
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-18 10:05:43
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
GetVolumePathNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetThreadTimes
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
TlsGetValue
QueryDosDeviceW
GetSystemTime
GetModuleFileNameW
CopyFileA
FlushFileBuffers
FindNextVolumeW
GetVolumeInformationA
GetVolumeInformationW
GetVolumeNameForVolumeMountPointA
InterlockedExchangeAdd
VirtualLock
SetUnhandledExceptionFilter
GlobalMemoryStatus
WriteConsoleA
VirtualQuery
SetCurrentDirectoryA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
PeekNamedPipe
SetHandleCount
SetEvent
QueryPerformanceCounter
TlsAlloc
GetVersionExA
DeleteVolumeMountPointA
GetFileSize
GetProcessHeap
GetFileInformationByHandle
FindNextFileW
GetDiskFreeSpaceA
ResetEvent
GetProcessWorkingSetSize
FindFirstFileW
CreateFileW
CreateEventA
TlsSetValue
GetProcessTimes
FindFirstVolumeW
LeaveCriticalSection
SystemTimeToFileTime
LCMapStringW
GetEnvironmentStringsA
LCMapStringA
DefineDosDeviceA
GetEnvironmentStringsW
GetShortPathNameA
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
HeapSize
GetCurrentThread
OpenMutexA
QueryPerformanceFrequency
TlsFree
SetFilePointer
VirtualUnlock
GetACP
IsValidCodePage
HeapCreate
VirtualFree
WriteConsoleW
GetFileAttributesExA
FindResourceA
VirtualAlloc
SetupRenameErrorA
SetupUninstallOEMInfA
CreateDesktopA
OpenInputDesktop
Number of PE resources by type
RT_ACCELERATOR 1
RT_MANIFEST 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
LegalTrademarks
Linear mathematical analysis . 2010

UninitializedDataSize
0

LinkerVersion
1.72

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
2.14.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
6144

EntryPoint
0x1000

MIMEType
application/octet-stream

LegalCopyright
Linear mathematical analysis . All rights reserved.

FileVersion
2.14

TimeStamp
2015:06:18 11:05:43+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
1.0.0.0

FileDescription
Mathematical Software

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Enigma GmbH

CodeSize
459776

ProductName
Linear mathematical analysis

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cebf89f088458f3e89599ae44d03cddf
SHA1 32b67c952eda0ff632c4e77c9d05d47128fcf341
SHA256 df66805b40483140f6628286932b8e5f0cf0ba2424c4afefa53f4d09175453d5
ssdeep
6144:LxdtjoY9C9hqkEUpWupEw/mIzc0W+QP137tArkAEjhlaceegU882MHCb3Z:FNmhqkEUAuyw+6J5vDE2Y8j3Z

authentihash 2d032bc23080f336e48d579ec52950623747bb5bf7f9bdcddd9c671117a157dc
imphash 7d6abfa7cbeb5c814cc2aec7dc23a33b
File size 456.0 KB ( 466944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.6%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-23 12:43:27 UTC ( 2 years, 5 months ago )
Last submission 2015-06-23 15:34:16 UTC ( 2 years, 5 months ago )
File names jieduk.exe
jieduk.exe.bin
jieduk.exe.146921
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs