× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e5b3ba022d145d8260c3495d0d8dcb43793d86d7314504a4ecd0aef5c3b8614e
File name: fc1322724ea42527f60bce9d9d099aaf.virus
Detection ratio: 40 / 69
Analysis date: 2018-10-10 00:47:57 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.47644 20181009
AhnLab-V3 Malware/Win32.Generic.C2727698 20181009
ALYac Trojan.GenericKDZ.47644 20181009
Antiy-AVL Trojan/Win32.GenKryptik 20181009
Arcabit Trojan.Generic.DBA1C 20181009
Avast Win32:Trojan-gen 20181009
AVG Win32:Trojan-gen 20181009
Avira (no cloud) HEUR/AGEN.1035633 20181009
BitDefender Trojan.GenericKDZ.47644 20181009
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180723
Emsisoft Trojan.GenericKDZ.47644 (B) 20181009
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CLOR 20181009
F-Secure Trojan.GenericKDZ.47644 20181009
Fortinet W32/GenKryptik.CMZU!tr 20181009
GData Trojan.GenericKDZ.47644 20181009
Sophos ML heuristic 20180717
Jiangmin Trojan.Yakes.abcm 20181009
K7AntiVirus Trojan ( 0053cee91 ) 20181009
K7GW Trojan ( 0053cee91 ) 20181009
Kaspersky UDS:DangerousObject.Multi.Generic 20181009
Malwarebytes Trojan.MalPack 20181009
MAX malware (ai score=89) 20181010
McAfee GenericR-NON!FC1322724EA4 20181009
McAfee-GW-Edition GenericR-NON!FC1322724EA4 20181009
Microsoft Trojan:Win32/Tiggre!plock 20181009
eScan Trojan.GenericKDZ.47644 20181009
NANO-Antivirus Trojan.Win32.Yakes.figatt 20181009
Panda Trj/GdSda.A 20181009
Qihoo-360 Win32/Trojan.3fe 20181010
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20181009
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Mal/Generic-S 20181009
Symantec ML.Attribute.HighConfidence 20181009
TrendMicro TROJ_GEN.R055C0PJ818 20181009
TrendMicro-HouseCall TROJ_GEN.R055C0PJ818 20181009
VBA32 Trojan.Yakes 20181009
Webroot W32.Trojan.Gen 20181010
Zillya Adware.Yakes.Win32.8 20181009
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181009
AegisLab 20181009
Alibaba 20180921
Avast-Mobile 20181009
AVware 20180925
Babable 20180918
Baidu 20181009
Bkav 20181009
CAT-QuickHeal 20181008
ClamAV 20181009
CMC 20181009
Comodo 20181009
Cybereason 20180225
Cylance 20181010
Cyren 20181009
DrWeb 20181009
eGambit 20181010
F-Prot 20181009
Ikarus 20181009
Kingsoft 20181010
Palo Alto Networks (Known Signatures) 20181010
SUPERAntiSpyware 20181006
Symantec Mobile Insight 20181001
TACHYON 20181009
Tencent 20181010
TheHacker 20181008
TotalDefense 20181009
Trustlook 20181010
VIPRE 20181009
ViRobot 20181009
Yandex 20181008
Zoner 20181008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
©2013 Shoptech Software Move, Inc. All Rights Reserved.

Product Subtractpath
Original name Subtractpath.exe
Internal name Subtractpath.exe
File version 15.7.43.16
Description Subtractpath
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-18 09:29:23
Entry Point 0x0000D163
Number of sections 4
PE sections
PE imports
SetBkColor
GetCharWidthA
SetTextColor
CreateBitmap
GetClipBox
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetStartupInfoW
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
LoadLibraryExA
GetFileType
GetConsoleMode
GetStringTypeW
GetFileSize
UnhandledExceptionFilter
GetCurrentDirectoryA
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
CompareStringW
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetEnvironmentVariableA
HeapAlloc
TerminateProcess
GetTimeZoneInformation
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
TlsGetValue
Sleep
SetLastError
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
GetThemeTextExtent
OpenThemeData
CloseThemeData
DrawThemeBackground
Number of PE resources by type
RT_ICON 9
RT_STRING 2
RT_VERSION 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 14
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
15.7.43.16

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Subtractpath

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
309248

EntryPoint
0xd163

OriginalFileName
Subtractpath.exe

MIMEType
application/octet-stream

LegalCopyright
2013 Shoptech Software Move, Inc. All Rights Reserved.

FileVersion
15.7.43.16

TimeStamp
2014:09:18 10:29:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Subtractpath.exe

ProductVersion
15.7.43.16

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Shoptech Software Move

CodeSize
105984

ProductName
Subtractpath

ProductVersionNumber
15.7.43.16

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fc1322724ea42527f60bce9d9d099aaf
SHA1 803a621f20e338dd95c9bdb1288d886272c65715
SHA256 e5b3ba022d145d8260c3495d0d8dcb43793d86d7314504a4ecd0aef5c3b8614e
ssdeep
6144:M41BPB6hOW2KS5SGDD7YFHTpVAZhGG8b333mXbX26ML2t2qqq:nPs9295jDfYJnAbGrb333cbjOJqqq

authentihash 0a36195744a0816719b8c44bcac90c837ef01e1c86fa8cefaa83c8f50e3cfed6
imphash 1e3061f705496cd6257779893d3ef817
File size 352.5 KB ( 360960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-10 00:47:57 UTC ( 6 months, 2 weeks ago )
Last submission 2018-10-10 00:47:57 UTC ( 6 months, 2 weeks ago )
File names fc1322724ea42527f60bce9d9d099aaf.virus
Subtractpath.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!