× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ed54ce7018329873d200ac07b115ca030a62bb12c9d372151e820f3a6b730e28
File name: ed54ce7018329873d200ac07b115ca030a62bb12c9d372151e820f3a6b730e28
Detection ratio: 11 / 69
Analysis date: 2018-12-12 14:57:32 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cylance Unsafe 20181212
eGambit Unsafe.AI_Score_55% 20181212
Emsisoft Trojan.Emotet (A) 20181212
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Qihoo-360 HEUR/QVM19.1.D159.Malware.Gen 20181212
Rising Malware.Heuristic!ET#98% (RDM+:cmRtazrIfH9VcWxM0ZSX1cz4rasD) 20181212
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181212
Trapmine malicious.high.ml.score 20181205
Ad-Aware 20181212
AegisLab 20181212
AhnLab-V3 20181212
Alibaba 20180921
Antiy-AVL 20181212
Arcabit 20181212
Avast 20181212
Avast-Mobile 20181212
AVG 20181212
Avira (no cloud) 20181212
Babable 20180918
Baidu 20181207
BitDefender 20181212
Bkav 20181212
CAT-QuickHeal 20181211
ClamAV 20181212
CMC 20181212
Comodo 20181212
Cybereason 20180225
Cyren 20181212
DrWeb 20181212
ESET-NOD32 20181212
F-Prot 20181212
F-Secure 20181212
Fortinet 20181212
GData 20181212
Ikarus 20181212
Jiangmin 20181212
K7AntiVirus 20181212
K7GW 20181212
Kaspersky 20181212
Kingsoft 20181212
Malwarebytes 20181212
MAX 20181212
McAfee 20181212
McAfee-GW-Edition 20181212
Microsoft 20181212
eScan 20181212
NANO-Antivirus 20181212
Palo Alto Networks (Known Signatures) 20181212
Panda 20181211
Sophos AV 20181211
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181207
TACHYON 20181212
Tencent 20181212
TheHacker 20181210
TotalDefense 20181212
TrendMicro 20181212
TrendMicro-HouseCall 20181212
Trustlook 20181212
VBA32 20181212
VIPRE 20181212
ViRobot 20181212
Webroot 20181212
Yandex 20181212
Zillya 20181211
ZoneAlarm by Check Point 20181212
Zoner 20181212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-12 22:52:23
Entry Point 0x00003764
Number of sections 5
PE sections
PE imports
RegNotifyChangeKeyValue
GetSaveFileNameW
CertCloseStore
CryptMsgVerifyCountersignatureEncodedEx
CertGetValidUsages
SelectPalette
GetNamedPipeClientProcessId
FlushProcessWriteBuffers
GlobalDeleteAtom
GetVersionExW
UnregisterApplicationRestart
FindNextFileA
GetCommConfig
FlsFree
GetModuleHandleW
MprAdminMIBServerConnect
DrawDibEnd
DsCrackNamesW
VariantTimeToDosDateTime
NdrConvert
SetupGetMultiSzFieldW
SetupGetStringFieldA
SetupDiOpenDeviceInfoW
SetupDiBuildDriverInfoList
SetFocus
IsCharUpperA
GetScrollBarInfo
GetKeyboardLayout
RegisterClassW
IsCharAlphaA
PackDDElParam
IsWindowEnabled
GetInputState
CreateUrlCacheEntryW
waveOutGetPitch
FindNextPrinterChangeNotification
EnumJobsW
GetJobW
CryptSIPGetSignedDataMsg
SCardSetCardTypeProviderNameA
CoCreateInstanceEx
Number of PE resources by type
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
13.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.20.3.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Event Generator

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
ASCII

InitializedDataSize
483328

EntryPoint
0x3764

MIMEType
application/octet-stream

LegalCopyright
Copyright Stirling Technologies, 1993-1997

TimeStamp
2018:12:12 14:52:23-08:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5.20.003 32bit

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Stirling Technologies, Inc.

CodeSize
28673

ProductName
DemoShield

ProductVersionNumber
5.20.3.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 06332206e18aee6dcd0dc338df00bfa5
SHA1 990526ebe3dc30c362e0e62655d7253fbdd515f0
SHA256 ed54ce7018329873d200ac07b115ca030a62bb12c9d372151e820f3a6b730e28
ssdeep
3072:oYKb5jvVskzMPxPAzYHq85djFczNgsbjUMIRGwgeIz6YW:oDbRvvzM5Xx5lFcl1EGJeI2Y

authentihash 0fcc303ad9425cf9f40c795a9fb6c293408e1e071723805b22cec329a1b484b2
imphash d909e55eb1d42956123093af624aba1f
File size 496.0 KB ( 507904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-12 14:57:32 UTC ( 2 months, 1 week ago )
Last submission 2018-12-12 14:57:32 UTC ( 2 months, 1 week ago )
File names 9631721.exe
933.exe
216025.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!