× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e3f1772b4faef280bba472d029fcb212264b1a26231eb32426a5827d1acce9bf
File name: d185a318bc0dc1fc67bc78ec0d5f6bca0f72dff7
Detection ratio: 8 / 57
Analysis date: 2015-10-16 20:33:48 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
Baidu-International Adware.Win32.iBryte.DRQY 20151016
ByteHero Trojan.Malware.Obscu.Gen.004 20151016
CAT-QuickHeal (Suspicious) - DNAScan 20151016
ESET-NOD32 a variant of Win32/Kryptik.DRQY 20151016
Fortinet W32/Kryptik.DRQY!tr 20151016
Kaspersky UDS:DangerousObject.Multi.Generic 20151016
McAfee-GW-Edition BehavesLike.Win32.Obfuscated.ft 20151016
Panda Trj/Genetic.gen 20151016
Ad-Aware 20151016
AegisLab 20151016
Yandex 20151016
AhnLab-V3 20151016
Alibaba 20151016
ALYac 20151016
Antiy-AVL 20151016
Arcabit 20151016
Avast 20151016
AVG 20151016
Avira (no cloud) 20151016
AVware 20151016
BitDefender 20151016
Bkav 20151016
ClamAV 20151016
CMC 20151016
Comodo 20151016
Cyren 20151016
DrWeb 20151016
Emsisoft 20151016
F-Prot 20151016
F-Secure 20151016
GData 20151016
Ikarus 20151016
Jiangmin 20151016
K7AntiVirus 20151016
K7GW 20151016
Kingsoft 20151016
Malwarebytes 20151016
McAfee 20151016
Microsoft 20151016
eScan 20151016
NANO-Antivirus 20151016
nProtect 20151016
Qihoo-360 20151016
Rising 20151016
Sophos AV 20151016
SUPERAntiSpyware 20151016
Symantec 20151016
Tencent 20151016
TheHacker 20151016
TotalDefense 20151016
TrendMicro 20151016
TrendMicro-HouseCall 20151016
VBA32 20151016
VIPRE 20151016
ViRobot 20151016
Zillya 20151016
Zoner 20151016
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-06-30 20:08:23
Entry Point 0x00001000
Number of sections 15
PE sections
PE imports
GetForegroundWindow
BeginPaint
EnumWindows
GetCapture
GetKeyboardLayoutNameW
EnumWindowStationsW
FindWindowA
GetMessagePos
MessageBoxExA
GetSystemMetrics
IsCharAlphaW
GetMessageTime
SetRectEmpty
GetInputDesktop
SetThreadDesktop
GetWindow
VkKeyScanW
CheckDlgButton
GetKeyState
GetCursorPos
RemovePropA
LockWorkStation
OpenDesktopW
CharLowerA
IsZoomed
TileWindows
IsWindowEnabled
SendDlgItemMessageW
DeleteMenu
GetWindowTextLengthA
GetDCEx
LoadCursorA
LoadIconA
CountClipboardFormats
GetKeyboardLayout
GetActiveWindow
IsDlgButtonChecked
RegisterClipboardFormatW
GetDesktopWindow
CreateIconFromResource
GetSystemMenu
GetUserObjectSecurity
IsChild
Number of PE resources by type
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:06:30 21:08:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
299520

LinkerVersion
0.0

FileTypeExtension
exe

InitializedDataSize
31744

SubsystemVersion
4.1

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 f98a7e2d085247986739907278583930
SHA1 ac0877a85964d21f03329b4e840355427eedf8fc
SHA256 e3f1772b4faef280bba472d029fcb212264b1a26231eb32426a5827d1acce9bf
ssdeep
1536:fUIeECV2CVW2r5th8oE8+EndsLWgrysGRnDUI5m:cMCNw+3h8d8jndHg0V9m

authentihash ff5ee9f0fbeb5e3039e1152c3564cae17490cb7285f88112116a78121e8c433a
imphash 42a1d4e09af28b3dd0807ea61481258e
File size 346.0 KB ( 354304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.4%)
VXD Driver (0.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-10-16 18:00:58 UTC ( 3 years, 5 months ago )
Last submission 2015-10-16 20:33:48 UTC ( 3 years, 5 months ago )
File names d185a318bc0dc1fc67bc78ec0d5f6bca0f72dff7
igfxEM.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs