× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e2ee8c46af39bc11f1680ceada5147f49144bb636db6941fdac35f2ca69c7ff4
File name: ser.png
Detection ratio: 15 / 65
Analysis date: 2017-09-04 11:20:50 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20170904
AVG FileRepMalware 20170904
AVware Trojan-Downloader.Win32.Upatre.tfl (v) 20170904
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170831
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170904
Endgame malicious (high confidence) 20170821
Fortinet W32/GenKryptik.AUKW!tr 20170904
Sophos ML heuristic 20170822
McAfee-GW-Edition BehavesLike.Win32.Downloader.gh 20170904
SentinelOne (Static ML) static engine - malicious 20170806
Symantec ML.Attribute.HighConfidence 20170904
VIPRE Trojan-Downloader.Win32.Upatre.tfl (v) 20170904
Webroot W32.Trojan.Gen 20170904
WhiteArmor Malware.HighConfidence 20170829
Ad-Aware 20170904
AegisLab 20170904
AhnLab-V3 20170904
Alibaba 20170904
ALYac 20170904
Antiy-AVL 20170904
Arcabit 20170904
Avira (no cloud) 20170904
BitDefender 20170904
Bkav 20170901
CAT-QuickHeal 20170904
ClamAV 20170904
CMC 20170902
Comodo 20170904
Cyren 20170904
DrWeb 20170904
Emsisoft 20170904
ESET-NOD32 20170904
F-Prot 20170904
F-Secure 20170904
GData 20170904
Ikarus 20170904
Jiangmin 20170904
K7AntiVirus 20170904
K7GW 20170904
Kaspersky 20170904
Kingsoft 20170904
Malwarebytes 20170904
MAX 20170904
McAfee 20170904
Microsoft 20170904
eScan 20170904
NANO-Antivirus 20170904
nProtect 20170904
Palo Alto Networks (Known Signatures) 20170904
Panda 20170903
Qihoo-360 20170904
Rising 20170901
Sophos AV 20170904
SUPERAntiSpyware 20170904
Symantec Mobile Insight 20170901
Tencent 20170904
TheHacker 20170904
TotalDefense 20170904
TrendMicro 20170904
TrendMicro-HouseCall 20170904
Trustlook 20170904
VBA32 20170904
ViRobot 20170904
Yandex 20170901
Zillya 20170902
ZoneAlarm by Check Point 20170904
Zoner 20170904
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-21 14:55:50
Entry Point 0x00004FCB
Number of sections 3
PE sections
PE imports
CreateCompatibleDC
GetLastError
GetStartupInfoA
lstrcpyW
GetCurrentDirectoryW
GetSystemInfo
lstrlenA
lstrcmpA
CreateFileW
GetCommandLineW
GetModuleHandleA
ExitProcess
lstrcatW
GetModuleHandleW
lstrlenW
SetLastError
_except_handler3
__p__fmode
memset
_acmdln
_exit
__p__commode
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
CommandLineToArgvW
SetFocus
EndPaint
UpdateWindow
LoadBitmapW
DefWindowProcW
GetMessageW
PostQuitMessage
ShowWindow
DrawFrameControl
LoadMenuW
RemoveMenu
MessageBoxW
GetWindowRect
RegisterClassExW
SetCapture
SetCaretPos
GetClassNameA
TranslateMessage
RegisterClipboardFormatW
DispatchMessageW
BeginPaint
SendMessageW
SendDlgItemMessageW
LoadStringW
RemovePropW
DrawTextW
ScreenToClient
InvalidateRect
DrawFocusRect
GetKeyboardState
GetDesktopWindow
LoadCursorW
LoadIconW
CreateWindowExW
ScrollWindow
DestroyWindow
Number of PE resources by type
RT_MENU 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:11:21 15:55:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
33792

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x4fcb

InitializedDataSize
467968

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 2de164e59aad8b980a3a9fac6a1e3991
SHA1 5d646b6daf59023f4ea38baf7dc5e00017424d94
SHA256 e2ee8c46af39bc11f1680ceada5147f49144bb636db6941fdac35f2ca69c7ff4
ssdeep
12288:UajiyXizKWIz9ZQ00c6WdASLhClFz4kT:UajlyK1z9ZjPAIh6zP

authentihash 174d218e5fce5af8d9d6032faf904b2ef8ed95612fea1e60df19472bfc28e1a6
imphash 7e6127f10c815a0c27e140fb7d30586b
File size 491.0 KB ( 502784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-04 11:20:50 UTC ( 1 year, 5 months ago )
Last submission 2018-03-20 15:08:01 UTC ( 11 months ago )
File names execute.exe
ser.png
ser.png
execute.exe
dwdbtsd.exe
VirusShare_2de164e59aad8b980a3a9fac6a1e3991
execute.exe
localfile~
ser.png
dwdbtsd.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications