× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e0e50a20421b16a9e5d2cd8b2898de6190a015590825c3753cc6dda144ee3e91
File name: informacion_12271.exe
Detection ratio: 2 / 56
Analysis date: 2016-04-04 17:52:42 UTC ( 3 years ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160404
Qihoo-360 QVM07.1.Malware.Gen 20160404
Ad-Aware 20160404
AegisLab 20160404
AhnLab-V3 20160404
Alibaba 20160401
ALYac 20160404
Antiy-AVL 20160404
Arcabit 20160404
Avast 20160404
AVG 20160404
Avira (no cloud) 20160404
AVware 20160404
Baidu-International 20160404
BitDefender 20160404
Bkav 20160404
CAT-QuickHeal 20160404
ClamAV 20160402
CMC 20160404
Comodo 20160404
Cyren 20160404
DrWeb 20160404
Emsisoft 20160404
ESET-NOD32 20160404
F-Prot 20160404
F-Secure 20160404
Fortinet 20160404
GData 20160404
Ikarus 20160404
Jiangmin 20160404
K7AntiVirus 20160404
K7GW 20160404
Kaspersky 20160404
Kingsoft 20160404
Malwarebytes 20160404
McAfee 20160404
McAfee-GW-Edition 20160404
Microsoft 20160404
eScan 20160404
NANO-Antivirus 20160404
nProtect 20160404
Panda 20160404
Rising 20160404
Sophos AV 20160404
SUPERAntiSpyware 20160404
Symantec 20160331
Tencent 20160404
TheHacker 20160403
TrendMicro 20160404
TrendMicro-HouseCall 20160404
VBA32 20160404
VIPRE 20160404
ViRobot 20160404
Yandex 20160316
Zillya 20160404
Zoner 20160404
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-12 16:54:13
Entry Point 0x000175CC
Number of sections 4
PE sections
Overlays
MD5 1994c98e880a01d5082d09b2c7ceec83
File type data
Offset 352256
Size 176465
Entropy 7.00
PE imports
PathIsRelativeA
SHSetValueA
SHRegGetUSValueA
StrNCatA
SHGetValueW
StrToIntExW
PathAddBackslashA
StrTrimW
PathRemoveExtensionA
PathMakeSystemFolderA
PathStripToRootA
StrCatW
PathRemoveBackslashW
PathFindOnPathA
PathStripToRootW
PathRemoveExtensionW
PathRenameExtensionW
PathRemoveFileSpecW
PathIsRootA
SHDeleteKeyA
PathAppendW
PathRemoveFileSpecA
StrToIntW
PathAddExtensionA
PathFindFileNameW
PathUnquoteSpacesA
SHDeleteEmptyKeyA
PathGetArgsW
VerInstallFileA
waveOutGetNumDevs
Number of PE resources by type
RT_ICON 10
RT_DIALOG 7
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 13
JAPANESE DEFAULT 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.16.112.80

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
3706880

EntryPoint
0x175cc

OriginalFileName
Starlings.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015

FileVersion
21, 10, 47, 93

TimeStamp
2015:06:12 17:54:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Tilting

ProductVersion
110, 158, 178, 39

FileDescription
Scrubbed

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
QuickGames

CodeSize
94208

ProductName
QuickGames Rebind

ProductVersionNumber
0.66.210.175

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 6148fdf377eadd58f203e8a81727162b
SHA1 de38f89dbd11865c58093e8272540709846bb6f1
SHA256 e0e50a20421b16a9e5d2cd8b2898de6190a015590825c3753cc6dda144ee3e91
ssdeep
6144:2qOdhmVvck2t2Q0qWxKFCXGX7ZNH5NdQM9RYgF4rqPfHfkKJFo8Ku4U:UhmNhCbUCYgzkKJFVJD

authentihash d0acc3c413bf9856807b17b055d68cbca8c153b335b2cfe93c9bb5419b407a0f
imphash 8ebe5648ab78474f839699b8a9f1e8a5
File size 516.3 KB ( 528721 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-04-04 17:52:07 UTC ( 3 years ago )
Last submission 2016-04-11 15:56:25 UTC ( 3 years ago )
File names informacion_12271.exe
mzihufet.exe$
etagyfiw.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!