× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e5dd2ed90de8d7fa955af6a849b64c53204d9013c1dd5db77a88e0a6303c680f
File name: 21. easy_photo_effects.exe
Detection ratio: 0 / 57
Analysis date: 2016-04-13 00:14:17 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160413
AegisLab 20160412
AhnLab-V3 20160412
Alibaba 20160412
ALYac 20160413
Antiy-AVL 20160412
Arcabit 20160412
Avast 20160413
AVG 20160412
Avira (no cloud) 20160412
AVware 20160412
Baidu 20160412
Baidu-International 20160412
BitDefender 20160412
Bkav 20160412
CAT-QuickHeal 20160412
ClamAV 20160412
CMC 20160412
Comodo 20160413
Cyren 20160412
DrWeb 20160413
Emsisoft 20160412
ESET-NOD32 20160413
F-Prot 20160412
F-Secure 20160413
Fortinet 20160404
GData 20160412
Ikarus 20160412
Jiangmin 20160412
K7AntiVirus 20160412
K7GW 20160404
Kaspersky 20160412
Kingsoft 20160413
Malwarebytes 20160412
McAfee 20160413
McAfee-GW-Edition 20160413
Microsoft 20160413
eScan 20160412
NANO-Antivirus 20160413
nProtect 20160412
Panda 20160412
Qihoo-360 20160413
Rising 20160413
Sophos AV 20160412
SUPERAntiSpyware 20160413
Symantec 20160413
Tencent 20160413
TheHacker 20160412
TotalDefense 20160412
TrendMicro 20160412
TrendMicro-HouseCall 20160413
VBA32 20160412
VIPRE 20160412
ViRobot 20160412
Yandex 20160412
Zillya 20160412
Zoner 20160412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Jacco Mintjes

Product Easy Photo Effects
Original name epe.exe
Internal name EPE
File version 3.0
Description Easy Photo Effects
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-16 19:43:13
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
InitCommonControlsEx
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
SetDIBits
TextOutA
CreateFontIndirectA
GetTextMetricsA
SetStretchBltMode
GetObjectType
GetObjectA
CreateDCA
DeleteDC
GdiGetBatchLimit
SetBkMode
SetPixel
GetPixel
BitBlt
CreateDIBSection
GdiSetBatchLimit
SetTextColor
GetDeviceCaps
CreateBitmap
CreateFontA
GetStockObject
GetDIBits
SetTextAlign
CreateCompatibleDC
StretchBlt
SetBrushOrgEx
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetEnvironmentVariableA
HeapFree
GetStdHandle
EnterCriticalSection
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetDriveTypeA
MulDiv
HeapDestroy
ExitProcess
TlsAlloc
GetVersionExA
LoadLibraryA
CreatePipe
GetCurrentProcess
GetCurrentProcessId
CreateDirectoryA
DeleteFileA
GetTickCount
GetProcAddress
InterlockedCompareExchange
GetModuleHandleA
SetFilePointer
DeleteCriticalSection
ReadFile
InterlockedExchange
WriteFile
FindFirstFileA
CloseHandle
DuplicateHandle
HeapReAlloc
SetEnvironmentVariableA
FreeLibrary
CreateProcessA
InitializeCriticalSection
HeapCreate
GlobalAlloc
FindClose
Sleep
SetEndOfFile
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
GetFileSize
SetLastError
LeaveCriticalSection
strncmp
malloc
sscanf
pow
fread
fclose
strcat
_stricmp
abort
fprintf
_setjmp3
fflush
fopen
strlen
strncpy
fabs
floor
strtod
fwrite
fseek
ftell
abs
_strdup
sprintf
memcmp
_snprintf
exit
sin
__p__iob
memset
longjmp
ferror
gmtime
free
ceil
atoi
getenv
memcpy
cos
_CIpow
strcpy
fmod
_strnicmp
strcmp
RevokeDragDrop
CoInitialize
DragAcceptFiles
ShellExecuteExA
DragFinish
DragQueryFileA
SetFocus
RedrawWindow
TranslateAcceleratorA
GetForegroundWindow
GetParent
UpdateWindow
GetScrollRange
PostMessageA
BeginPaint
DrawStateA
EnumWindows
GetScrollPos
LoadImageA
ShowWindow
DefWindowProcA
GetIconInfo
GetSystemMetrics
GetPropA
SetWindowPos
EnumDisplaySettingsA
GetWindowThreadProcessId
CreateIconFromResourceEx
CharLowerA
GetWindowRect
DispatchMessageA
EnableWindow
GetActiveWindow
SetCapture
ReleaseCapture
EnumChildWindows
MapWindowPoints
SetPropA
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
GetSysColor
SetScrollInfo
RegisterClassExA
GetCursorPos
SystemParametersInfoA
RemovePropA
SetWindowTextA
DefFrameProcA
DestroyIcon
UnregisterClassA
DrawIconEx
CopyImage
IsWindowVisible
SendMessageA
GetClientRect
SetCursorPos
SetCursor
MoveWindow
SetScrollPos
ScreenToClient
InvalidateRect
GetWindowLongA
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
LoadIconA
GetMessageA
FillRect
RegisterClassA
DestroyAcceleratorTable
SetActiveWindow
GetSysColorBrush
CreateIconFromResource
CallWindowProcA
GetClassNameA
GetFocus
MsgWaitForMultipleObjects
EndPaint
GetWindowTextA
IsChild
CreateAcceleratorTableA
GetKeyState
DestroyWindow
timeEndPeriod
timeBeginPeriod
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.5

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.0.0.0

Email
info@easyphotoeffects.com

Website
http://easyphotoeffects.com

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
Easy Photo Effects

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
78848

EntryPoint
0x1000

OriginalFileName
epe.exe

MIMEType
application/octet-stream

LegalCopyright
Jacco Mintjes

FileVersion
3.0

TimeStamp
2013:07:16 20:43:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
EPE

ProductVersion
3.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
J. Mintjes

CodeSize
324096

ProductName
Easy Photo Effects

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

Execution parents
File identification
MD5 3664be4619c4f54ed64c338d481675ea
SHA1 508122693ac3696cd05b40a5f626ef47e2cce0dd
SHA256 e5dd2ed90de8d7fa955af6a849b64c53204d9013c1dd5db77a88e0a6303c680f
ssdeep
6144:DYcOrKNOWpVIQ9bcS/mWSd8UgzQ6kK9M3IeHyTUK1V7QTBLMLqGyYt:DpNOWpVIPlzb6vI+TUYQTddY

authentihash c9703e9c38cafdb9a2b26e64b1b0226cf88ccaaebd65925b3bdc7e953c9d12a6
imphash dc6f65dababdf86d8ff5b3bd72d96ade
File size 390.0 KB ( 399360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.3%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2013-07-23 01:48:42 UTC ( 5 years, 7 months ago )
Last submission 2018-10-11 02:17:58 UTC ( 4 months, 1 week ago )
File names epe--.exe
easy-photo-effects-6305.exe
vti-rescan
20161202230643
EPE
easy-photo-effects-6305-jetelecharge.exe
epe.exe
easy-photo-effects-6305-jetelecharge.exe
file-7363308_exe
easy-photo-effects_30.exe
EasyPhotoEffects 3.0 - Δημιουργήστε σουρεαλιστικές φωτογραφίες.exe
epe.exe
21. easy_photo_effects.exe
easy_photo_effects.exe
output.65149141.txt
easy-photo-effects-6305-jetelecharge.exe
epe.exe
epe.exe
epe.exe
easy-photo-effects-6305-jetelecharge.exe
epe.exe
epe.exe
epe.exe
e5dd2ed90de8d7fa955af6a849b64c53204d9013c1dd5db77a88e0a6303c680f
375759
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
screen-capture

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications