× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e79e1d99a7aaec25f78125fbe5828ed43fc0b3ce71a7ebadf7bb5a24fd97986f
File name: gd.exe
Detection ratio: 2 / 54
Analysis date: 2014-07-01 13:12:50 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Malwarebytes Spyware.Zbot.VXGen 20140701
Qihoo-360 Malware.QVM20.Gen 20140701
Ad-Aware 20140701
AegisLab 20140701
Yandex 20140630
AhnLab-V3 20140630
AntiVir 20140701
Antiy-AVL 20140701
Avast 20140701
AVG 20140701
Baidu-International 20140701
BitDefender 20140701
Bkav 20140701
ByteHero 20140701
CAT-QuickHeal 20140701
ClamAV 20140701
CMC 20140630
Commtouch 20140701
Comodo 20140701
DrWeb 20140701
Emsisoft 20140701
ESET-NOD32 20140701
F-Prot 20140629
F-Secure 20140701
Fortinet 20140701
GData 20140701
Ikarus 20140701
Jiangmin 20140701
K7AntiVirus 20140630
K7GW 20140630
Kaspersky 20140701
Kingsoft 20140701
McAfee 20140701
McAfee-GW-Edition 20140701
Microsoft 20140701
eScan 20140701
NANO-Antivirus 20140701
Norman 20140701
nProtect 20140701
Panda 20140701
Rising 20140701
Sophos AV 20140701
SUPERAntiSpyware 20140701
Symantec 20140701
Tencent 20140701
TheHacker 20140630
TotalDefense 20140701
TrendMicro 20140701
TrendMicro-HouseCall 20140701
VBA32 20140701
VIPRE 20140701
ViRobot 20140701
Zillya 20140701
Zoner 20140701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 1986 - 2009

Publisher TurboSoft,Inc
Product G4ErW1OSI8
Original name rsGoM4qN728I.exe
Internal name rsGoM4qN728I.exe
File version 0.4.3.3
Description l33iYT99
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-06-30 11:21:02
Entry Point 0x00009AC0
Number of sections 4
PE sections
PE imports
RegUnLoadKeyA
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegUnLoadKeyW
RegOpenKeyExA
ImageList_Draw
ImageList_GetImageInfo
InitCommonControlsEx
ImageList_DragLeave
GetSaveFileNameW
PrintDlgW
ChooseColorW
CreatePatternBrush
SetROP2
SetBkColor
BitBlt
EnumFontFamiliesExW
CreateFontW
EndDoc
DeleteObject
SelectObject
GetROP2
SetBrushOrgEx
StartDocW
CreateCompatibleBitmap
OffsetWindowOrgEx
GetSystemTimeAsFileTime
EnterCriticalSection
SetHandleCount
GetSystemInfo
LoadLibraryW
GlobalFree
GetConsoleCP
GetOEMCP
IsDebuggerPresent
ExitProcess
LoadLibraryA
GetTimeFormatA
GetCurrentProcess
GetDateFormatA
GetDriveTypeW
UnhandledExceptionFilter
GetCommandLineW
GetDateFormatW
lstrcatW
GetLocaleInfoW
FindNextFileW
SetUnhandledExceptionFilter
CreateMutexW
CloseHandle
IsProcessorFeaturePresent
lstrcmpW
HeapReAlloc
GlobalLock
LocalFree
TerminateProcess
LoadResource
FindResourceW
CreateFileW
TlsGetValue
SetEndOfFile
LocalUnlock
GetProcessHeap
LeaveCriticalSection
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHLoadNonloadedIconOverlayIdentifiers
PathCompactPathExW
PathFindFileNameW
GetMessageA
CreateDialogIndirectParamW
EndDialog
GetMessageW
GetFocus
GetScrollPos
GetCapture
CreateAcceleratorTableW
PostQuitMessage
FlashWindowEx
SetWindowPos
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetMenu
InsertMenuItemW
SetCapture
DialogBoxParamW
FrameRect
DispatchMessageW
GetDC
EndDeferWindowPos
GetIconInfo
SendMessageW
RegisterClassW
PtInRect
DrawIconEx
SetWindowTextW
ToAscii
MonitorFromWindow
ClientToScreen
CallNextHookEx
DrawFocusRect
IsClipboardFormatAvailable
LoadImageW
GetClassNameW
GetActiveWindow
ShowCursor
ModifyMenuW
GetDesktopWindow
LoadCursorW
RealChildWindowFromPoint
SetScrollInfo
wsprintfW
SetForegroundWindow
DestroyWindow
GetMenuStringW
CoUninitialize
Number of PE resources by type
RT_DIALOG 4
W8Q7MI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
NORWEGIAN ARABIC MOROCCO 1
TELUGU ARABIC TUNISIA 1
FRENCH *unknown* 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:06:30 12:21:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
306176

LinkerVersion
10.0

FileAccessDate
2014:07:08 14:11:18+01:00

EntryPoint
0x9ac0

InitializedDataSize
376832

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:07:08 14:11:18+01:00

UninitializedDataSize
0

File identification
MD5 a5f784e335b6a9dbf05a94bd682e769e
SHA1 73923a6b0ce6fd10d4d4896fde455eb084c3634f
SHA256 e79e1d99a7aaec25f78125fbe5828ed43fc0b3ce71a7ebadf7bb5a24fd97986f
ssdeep
6144:748pe3lbOvZqxDIQa77fExRwXkLlXv3tZoaLy2LvuJ2Et8V11jAgJY7WlOYzrjY:7BJWI97sxm0Bf3LDca11uE7bWGHh9

imphash f480683a4c529a995f5f729a5a475fb6
File size 438.5 KB ( 449024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-01 13:12:50 UTC ( 4 years, 8 months ago )
Last submission 2014-07-01 13:12:50 UTC ( 4 years, 8 months ago )
File names rsGoM4qN728I.exe
gd.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections