× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e44c46b780c8ead7258cb970c8ff2d17e28172be2dc610de228ced805f0991eb
File name: 98i76u6h.exe
Detection ratio: 6 / 54
Analysis date: 2015-12-21 14:10:29 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20151221
Malwarebytes Trojan.MalPack 20151221
McAfee Artemis!6932A004CE3A 20151221
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20151221
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20151221
Tencent Win32.Trojan.Bp-apt.Xkli 20151221
Ad-Aware 20151221
AegisLab 20151221
Yandex 20151220
AhnLab-V3 20151221
Alibaba 20151208
ALYac 20151218
Antiy-AVL 20151221
Arcabit 20151221
Avast 20151221
AVG 20151221
Avira (no cloud) 20151221
AVware 20151221
Baidu-International 20151221
BitDefender 20151221
Bkav 20151221
ByteHero 20151221
CAT-QuickHeal 20151221
ClamAV 20151219
CMC 20151217
Comodo 20151219
Cyren 20151221
DrWeb 20151221
Emsisoft 20151221
ESET-NOD32 20151221
F-Prot 20151221
F-Secure 20151221
Fortinet 20151221
GData 20151221
Ikarus 20151221
Jiangmin 20151221
K7AntiVirus 20151221
K7GW 20151221
Microsoft 20151221
eScan 20151221
NANO-Antivirus 20151221
nProtect 20151221
Panda 20151220
Sophos AV 20151221
SUPERAntiSpyware 20151221
Symantec 20151220
TheHacker 20151221
TrendMicro 20151221
TrendMicro-HouseCall 20151221
VBA32 20151221
VIPRE 20151219
ViRobot 20151221
Zillya 20151220
Zoner 20151221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Product ???????????? ??????? Microsoft® Windows®
Original name GHSE.EXE
Internal name GHSE.EXE
File version 5.1.2700.5100 (xpsp.080413-2108)
Description ????????? ???????? (Microsoft)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-08 06:13:23
Entry Point 0x00025E80
Number of sections 14
PE sections
PE imports
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetConsoleOutputCP
GetConsoleFontSize
FileTimeToSystemTime
WriteConsoleInputA
MoveFileWithProgressW
GetVolumeNameForVolumeMountPointA
GetPrivateProfileSectionNamesW
SetVolumeMountPointA
CallNamedPipeA
FillConsoleOutputCharacterW
Thread32First
VirtualAllocEx
GetCurrentProcess
LoadLibraryExA
VirtualFreeEx
SetTimeZoneInformation
GetConsoleCursorInfo
ContinueDebugEvent
SetProcessPriorityBoost
GetCurrentDirectoryA
EnumSystemLocalesW
SetFileShortNameA
GetLogicalDrives
GetFileInformationByHandle
GetConsoleTitleA
GetCompressedFileSizeA
GetProcAddress
GetLocaleInfoW
GetProfileStringW
DecodeSystemPointer
GetFileSizeEx
GetDiskFreeSpaceW
lstrcpyA
FreeConsole
GlobalMemoryStatusEx
DuplicateHandle
MoveFileExA
EscapeCommFunction
FormatMessageW
TransmitCommChar
ReadConsoleOutputW
SetConsoleMode
CreateFileW
VirtualQuery
SetFileAttributesW
CreateFileA
LocalShrink
OutputDebugStringA
MprInfoBlockRemove
MprConfigInterfaceCreate
VarUI2FromR4
VarUI2FromI4
VarBstrFromR8
wnsprintfA
RegisterWindowMessageW
wsprintfA
wsprintfW
InvalidateRect
calloc
wcscspn
toupper
islower
memcpy
strftime
PdhLookupPerfNameByIndexW
PdhExpandWildCardPathW
PdhGetDefaultPerfCounterA
Number of PE resources by type
RT_ICON 5
RT_STRING 2
RT_MENU 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 11
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
47104

ImageVersion
1.0

ProductName
Microsoft Windows

FileVersionNumber
5.1.2700.5100

UninitializedDataSize
5632

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.24

FileTypeExtension
exe

OriginalFileName
GHSE.EXE

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
5.1.2700.5100 (xpsp.080413-2108)

TimeStamp
2018:07:08 07:13:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
GHSE.EXE

ProductVersion
5.1.2700.5100

FileDescription
(Microsoft)

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
. .

MachineType
Intel 386 or later, and compatibles

CodeSize
50688

FileSubtype
0

ProductVersionNumber
5.1.2700.5100

EntryPoint
0x25e80

ObjectFileType
Executable application

File identification
MD5 6932a004ce3ad1ad5ea30f43a31b0285
SHA1 8e1fad3664cebe6ec6481d85753e299df21ba85a
SHA256 e44c46b780c8ead7258cb970c8ff2d17e28172be2dc610de228ced805f0991eb
ssdeep
3072:7A3ky2HLiHB9GF1NtAxu388OADXJkLO13Gx/3Y02kJ+4lOQKBMDJHN65F:7A3kCHB9GHAxu3sADlWBTAoJHN

authentihash 84c9ef0c6d6d3dade5793a606af7b8fa73afc7a39b6ced2d3aac38bfc0e08a42
imphash 0e4a3c220e2136feba9fc65df4462cbe
File size 160.5 KB ( 164352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-21 11:53:26 UTC ( 1 year, 11 months ago )
Last submission 2016-12-16 00:35:48 UTC ( 11 months, 1 week ago )
File names 98i76u6h.exe
escapem.exe
6932a004ce3ad1ad5ea30f43a31b0285.exe
h.exe
eqwcAm7.js
GHSE.EXE
VirusShare_6932a004ce3ad1ad5ea30f43a31b0285
98i76u6h[1].exe.3792.dr
escapem.exe
VirusShare_6932a004ce3ad1ad5ea30f43a31b0285
98i76u6h[1].exe.3704.dr
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications