× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e6dca9892e3581ce9ed2080bf5e863a67344ad80db1462f089d08cb29dd32121
File name: gallery.jpg.exe
Detection ratio: 8 / 47
Analysis date: 2013-11-25 15:30:34 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
Commtouch W32/Trojan.UYEZ-6115 20131125
DrWeb Trojan.Winlock.8811 20131125
ESET-NOD32 a variant of Win32/Injector.ARVC 20131125
F-Prot W32/Trojan2.OADJ 20131125
Ikarus Trojan.Injector 20131125
Kaspersky UDS:DangerousObject.Multi.Generic 20131125
Sophos Troj/Inject-ARO 20131125
Symantec Trojan.Zbot 20131125
AVG 20131125
Agnitum 20131124
AhnLab-V3 20131125
AntiVir 20131125
Antiy-AVL 20131125
Avast 20131125
Baidu-International 20131125
BitDefender 20131125
Bkav 20131125
ByteHero 20131118
CAT-QuickHeal 20131125
ClamAV 20131125
Comodo 20131125
Emsisoft 20131125
F-Secure 20131125
Fortinet 20131125
GData 20131125
Jiangmin 20131125
K7AntiVirus 20131123
K7GW 20131123
Kingsoft 20130829
Malwarebytes 20131125
McAfee 20131125
McAfee-GW-Edition 20131124
MicroWorld-eScan 20131125
Microsoft 20131125
NANO-Antivirus 20131125
Norman 20131125
Panda 20131125
Rising 20131125
SUPERAntiSpyware 20131125
TheHacker 20131124
TotalDefense 20131122
TrendMicro 20131125
TrendMicro-HouseCall 20131125
VBA32 20131125
VIPRE 20131125
ViRobot 20131125
nProtect 20131125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright ? 2013

Publisher
Product 543rwfg34tw
Original name pewtwerweo.exe
Internal name ewwe
File version 1, 0, 0, 1
Description re4wed
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-24 12:44:18
Entry Point 0x000031F0
Number of sections 4
PE sections
PE imports
GetModuleFileNameA
WinExec
GetLocalTime
Ord(2023)
Ord(1775)
Ord(3998)
Ord(4080)
Ord(537)
Ord(4710)
Ord(3597)
Ord(1168)
Ord(3136)
Ord(2299)
Ord(693)
Ord(6905)
Ord(6375)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3721)
Ord(922)
Ord(3610)
Ord(5290)
Ord(2446)
Ord(6215)
Ord(4441)
Ord(795)
Ord(616)
Ord(815)
Ord(1006)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4402)
Ord(3316)
Ord(4353)
Ord(567)
Ord(1134)
Ord(4465)
Ord(609)
Ord(2863)
Ord(5300)
Ord(4398)
Ord(3640)
Ord(4627)
Ord(6640)
Ord(3738)
Ord(4853)
Ord(5658)
Ord(2982)
Ord(2301)
Ord(4234)
Ord(825)
Ord(3081)
Ord(4218)
Ord(5199)
Ord(5307)
Ord(6907)
Ord(3574)
Ord(4424)
Ord(540)
Ord(6007)
Ord(2395)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(6741)
Ord(1727)
Ord(3370)
Ord(3402)
Ord(2642)
Ord(775)
Ord(4291)
Ord(2379)
Ord(2725)
Ord(5242)
Ord(4998)
Ord(5981)
Ord(800)
Ord(656)
Ord(3749)
Ord(2512)
Ord(470)
Ord(3314)
Ord(2578)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(1911)
Ord(2124)
Ord(535)
Ord(2370)
Ord(4099)
Ord(3259)
Ord(2490)
Ord(3262)
Ord(2289)
Ord(6508)
Ord(2575)
Ord(5065)
Ord(4407)
Ord(548)
Ord(3346)
Ord(858)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(4425)
Ord(2976)
Ord(2367)
Ord(1089)
Ord(503)
Ord(2985)
Ord(2609)
Ord(3922)
Ord(5703)
Ord(5010)
Ord(1787)
Ord(6123)
Ord(4160)
Ord(4376)
Ord(3286)
Ord(1776)
Ord(3582)
Ord(2582)
Ord(2621)
Ord(324)
Ord(1261)
Ord(2411)
Ord(3830)
Ord(2385)
Ord(6322)
Ord(3079)
Ord(4396)
Ord(6334)
Ord(1994)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(2302)
Ord(5699)
Ord(924)
Ord(5708)
Ord(4486)
Ord(5192)
Ord(4698)
Ord(926)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4673)
Ord(5697)
Ord(5302)
Ord(6121)
Ord(860)
Ord(5731)
Ord(1774)
__CxxFrameHandler
malloc
fseek
_mbscmp
fread
fclose
ftell
rewind
fopen
GetSystemMetrics
LoadIconA
LockWindowUpdate
EnableWindow
RegisterHotKey
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
IsIconic
AppendMenuA
Number of PE resources by type
RT_DIALOG 5
RT_ICON 1
RT_STRING 1
RT_VERSION 1
PNG 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 7
NEUTRAL 3
ExifTool file metadata
SubsystemVersion
4.144

InitializedDataSize
61440

ImageVersion
0.0

ProductName
543rwfg34tw

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
French (Swiss)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
pewtwerweo.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2013:11:24 13:44:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ewwe

FileAccessDate
2013:12:24 11:04:22+01:00

ProductVersion
1, 0, 0, 1

FileDescription
re4wed

OSVersion
4.0

FileCreateDate
2013:12:24 11:04:22+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright ? 2013

MachineType
Intel 386 or later, and compatibles

CodeSize
32768

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x31f0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 bff8af7432ced6e574e85d9241794f80
SHA1 4ba352cba07ac022d9a180f6b1e4d658baeb4021
SHA256 e6dca9892e3581ce9ed2080bf5e863a67344ad80db1462f089d08cb29dd32121
ssdeep
1536:LOyqYAJBGrcKKO24PwO8CFsJFiVATI5joyZxWp3cPh1FMWJOL4kOb:LdRcODw73qloyY3cJjN5b

File size 96.0 KB ( 98304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
corrupt peexe

VirusTotal metadata
First submission 2013-11-25 09:35:38 UTC ( 4 months, 3 weeks ago )
Last submission 2013-12-24 10:04:00 UTC ( 3 months, 3 weeks ago )
File names gallery_67904_1800_215532.jpg.exe
pewtwerweo.exe
bff8af7432ced6e574e85d9241794f80.exe
2497910377-2-0_M1-1-gallery_67904_1800_215532.jpg.exe
gallery.jpg.exe
c-c98f0-803-1385372104
gallery_67904_1800_215532_jpg_exe
ewwe
e6dca9892e3581ce9ed2080bf5e863a67344ad80db1462f089d08cb29dd32121
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!