× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ed8a02ba5bacd8698ec614204490590a3182ae970ee86b8c8bdb6ef81083f261
File name: 84fd5637be291bca1d919fb7c6a7a53b
Detection ratio: 13 / 54
Analysis date: 2014-08-11 19:43:34 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.429923 20140811
Avast Win32:Malware-gen 20140811
AVG Crypt3.AJLR 20140811
BitDefender Gen:Variant.Kazy.429923 20140811
Emsisoft Gen:Variant.Kazy.429923 (B) 20140811
ESET-NOD32 a variant of Win32/Kryptik.CIKT 20140811
GData Gen:Variant.Kazy.429923 20140811
Kaspersky Trojan-Spy.Win32.Zbot.ttjk 20140811
McAfee Artemis!84FD5637BE29 20140811
McAfee-GW-Edition Artemis!84FD5637BE29 20140811
Microsoft PWS:Win32/Zbot 20140811
eScan Gen:Variant.Kazy.429923 20140811
Tencent Win32.Trojan.Bp-qqthief.Iqpl 20140811
AegisLab 20140811
Yandex 20140810
AhnLab-V3 20140811
AntiVir 20140811
Antiy-AVL 20140811
AVware 20140811
Baidu-International 20140811
Bkav 20140811
ByteHero 20140811
CAT-QuickHeal 20140811
ClamAV 20140811
CMC 20140809
Commtouch 20140811
Comodo 20140811
DrWeb 20140811
F-Prot 20140811
F-Secure 20140811
Fortinet 20140811
Ikarus 20140811
Jiangmin 20140811
K7AntiVirus 20140811
K7GW 20140811
Kingsoft 20140811
Malwarebytes 20140811
NANO-Antivirus 20140811
Norman 20140811
nProtect 20140811
Panda 20140811
Qihoo-360 20140811
Rising 20140811
Sophos AV 20140811
SUPERAntiSpyware 20140804
Symantec 20140811
TheHacker 20140808
TotalDefense 20140811
TrendMicro 20140811
TrendMicro-HouseCall 20140811
VBA32 20140811
VIPRE 20140811
ViRobot 20140811
Zoner 20140811
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013 Spencer Kimball, Peter Mattis and the GIMP Development Team

Publisher Spencer Kimball, Peter Mattis and the GIMP Development Team
Product GNU Image Manipulation Program
Original name web-browser.exe
Internal name web-browser
File version 2.8.6.5
Description GNU Image Manipulation Program Plug-In
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-07 16:50:10
Entry Point 0x000094A0
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorDacl
GetTokenInformation
OpenProcessToken
FreeSid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeSecurityDescriptor
LookupAccountSidA
InitializeAcl
EqualSid
RegOpenKeyExA
SetFileSecurityA
OpenThreadToken
ChooseColorW
GetObjectA
LineTo
ExtTextOutW
DeleteDC
SelectObject
MoveToEx
GetStockObject
GetTextExtentPointW
TextOutA
CreateFontIndirectA
CreateSolidBrush
ChoosePixelFormat
SetPixelFormat
SetBkColor
CreateCompatibleDC
DeleteObject
StretchBlt
SetTextColor
GetTextFaceA
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
SetTimeZoneInformation
lstrcatA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
InitializeCriticalSection
OutputDebugStringW
FindClose
TlsGetValue
OutputDebugStringA
BeginUpdateResourceA
SetLastError
LoadResource
GetModuleFileNameW
CopyFileA
HeapAlloc
GetModuleFileNameA
SetConsoleOutputCP
UpdateResourceA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
GetSystemDirectoryA
DecodePointer
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
EndUpdateResourceA
RtlUnwind
CreateDirectoryA
DeleteFileA
GetStartupInfoW
GetUserDefaultLCID
_lread
GetProcessHeap
FindFirstFileA
InterlockedIncrement
HeapValidate
CreateWaitableTimerA
IsValidLocale
GlobalLock
GetTimeZoneInformation
CreateFileW
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
GetModuleHandleW
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
_lwrite
SizeofResource
GetCurrentProcessId
LockResource
GetProcessHeaps
HeapQueryInformation
GetCPInfo
GetCPInfoExA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
CreateConsoleScreenBuffer
SetWaitableTimer
IsValidCodePage
HeapCreate
IsBadReadPtr
FindResourceA
Ord(24)
Ord(75)
Ord(39)
Ord(31)
Ord(7)
Ord(9)
DragQueryFileW
SetFocus
GetMonitorInfoW
GetMenuInfo
BeginPaint
DefWindowProcA
ShowWindow
SetMenuInfo
EnumDisplayMonitors
GetSystemMetrics
EnableMenuItem
OemToCharBuffA
DispatchMessageA
EndPaint
PostMessageA
MoveWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
SetActiveWindow
GetDC
CreateDialogParamW
ReleaseDC
GetMenu
IsWindowVisible
SendMessageA
GetClientRect
GetDlgItem
IsWindow
MonitorFromWindow
RegisterClassA
InsertMenuA
GetMenuItemCount
LoadImageA
InsertMenuItemW
GetUpdateRect
DestroyWindow
DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground
AddMonitorA
EnumMonitorsA
ClosePrinter
EnumJobsA
OpenPrinterA
Direct3DCreate9
EnumerateLoadedModules
OleUninitialize
OleInitialize
ReleaseStgMedium
RegisterDragDrop
RevokeDragDrop
CLSIDFromString
Number of PE resources by type
RT_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
RUSSIAN 3
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.8.6.5

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
210432

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013 Spencer Kimball, Peter Mattis and the GIMP Development Team

FileVersion
2.8.6.5

TimeStamp
2014:08:07 17:50:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
web-browser

FileAccessDate
2014:08:11 20:45:25+01:00

ProductVersion
2.8.6.5

FileDescription
GNU Image Manipulation Program Plug-In

OSVersion
5.1

FileCreateDate
2014:08:11 20:45:25+01:00

OriginalFilename
web-browser.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Spencer Kimball, Peter Mattis and the GIMP Development Team

CodeSize
171008

ProductName
GNU Image Manipulation Program

ProductVersionNumber
2.8.6.5

EntryPoint
0x94a0

ObjectFileType
Executable application

File identification
MD5 84fd5637be291bca1d919fb7c6a7a53b
SHA1 0b350303ba826b2caa16f033da7e023c55bf6b5b
SHA256 ed8a02ba5bacd8698ec614204490590a3182ae970ee86b8c8bdb6ef81083f261
ssdeep
6144:Ut8FGj3OYJMldNG8pXv1VzXI/yLAKR7vjf6wrBePVtlP8t+:Ut8+ZJMlW8Gy/R7NrBMVtl

imphash afcdb5d6e4ab7e9cb1f7fdfc077e7af5
File size 373.5 KB ( 382464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-11 19:43:34 UTC ( 4 years, 7 months ago )
Last submission 2014-08-25 15:09:56 UTC ( 4 years, 6 months ago )
File names web-browser.exe
web-browser
84fd5637be291bca1d919fb7c6a7a53b
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.