× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ef0411064ba00d7f133cfe28c9e05818e6047203c069e1be573c81e2888bb3f9
File name: intel.exe
Detection ratio: 56 / 67
Analysis date: 2018-04-13 00:41:57 UTC ( 7 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.39704 20180412
AegisLab Troj.Spy.W32.Zbot.rmop!c 20180412
AhnLab-V3 Spyware/Win32.Zbot.R97713 20180412
ALYac Gen:Variant.Symmi.39704 20180412
Antiy-AVL Trojan/Win32.SGeneric 20180412
Arcabit Trojan.Symmi.D9B18 20180412
Avast Win32:Injector-BQJ [Trj] 20180412
AVG Win32:Injector-BQJ [Trj] 20180412
Avira (no cloud) TR/Ranapama.A 20180412
AVware Trojan.Win32.Generic!BT 20180412
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180412
BitDefender Gen:Variant.Symmi.39704 20180412
CAT-QuickHeal VirTool.Injector.EP5 20180412
ClamAV Win.Trojan.Ranapama-1 20180412
Comodo TrojWare.Win32.Ransom.PornoAsset.CLHL 20180413
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20170201
Cylance Unsafe 20180413
Cyren W32/S-99a5150f!Eldorado 20180412
DrWeb Trojan.PWS.Panda.2401 20180412
Emsisoft Gen:Variant.Symmi.39704 (B) 20180412
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Injector.AXSS 20180413
F-Prot W32/S-99a5150f!Eldorado 20180412
F-Secure Gen:Variant.Symmi.39704 20180412
Fortinet W32/Injector.AZFU!tr 20180412
GData Gen:Variant.Symmi.39704 20180412
Ikarus Trojan.Win32.Loktrom 20180412
Sophos ML heuristic 20180121
Jiangmin TrojanSpy.Zbot.ebvo 20180413
K7AntiVirus Trojan ( 004ce5441 ) 20180412
K7GW Trojan ( 004ce5441 ) 20180412
Kaspersky HEUR:Trojan.Win32.Generic 20180413
Malwarebytes Trojan.Zbot 20180413
MAX malware (ai score=99) 20180413
McAfee Generic-FAOP!EB78775DC42C 20180413
McAfee-GW-Edition BehavesLike.Win32.Upatre.dh 20180413
Microsoft PWS:Win32/Zbot 20180413
eScan Gen:Variant.Symmi.39704 20180413
NANO-Antivirus Trojan.Win32.Zbot.ctptgx 20180412
Panda Trj/Genetic.gen 20180412
Qihoo-360 Win32/Trojan.fdd 20180413
Rising Malware.Undefined!8.C (TFE:5:iS2gLl5JlFF) 20180413
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/Wonton-P 20180413
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20180413
Symantec Backdoor.Trojan 20180412
Tencent Win32.Trojan.Generic.Amce 20180413
TheHacker Trojan/Injector.axkt 20180410
TrendMicro TROJ_KRYPTK.SM37 20180413
TrendMicro-HouseCall TROJ_KRYPTK.SM37 20180413
VBA32 TScope.Malware-Cryptor.SB 20180412
VIPRE Trojan.Win32.Generic!BT 20180413
Webroot Trojan.Dropper.Gen 20180413
Yandex TrojanSpy.Zbot!G+gYOQL3JXk 20180412
Zillya Trojan.Zbot.Win32.148229 20180412
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180412
Alibaba 20180412
Avast-Mobile 20180412
Bkav 20180410
CMC 20180412
Cybereason None
eGambit 20180413
Kingsoft 20180413
nProtect 20180412
Palo Alto Networks (Known Signatures) 20180413
Symantec Mobile Insight 20180412
TotalDefense 20180412
Trustlook 20180413
ViRobot 20180412
WhiteArmor 20180408
Zoner 20180412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Intel corporation Pentium 4
Original name intel.exe
File version 7.0.0.3
Description Intel corporation Pentium 4
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-11 01:56:58
Entry Point 0x000036A1
Number of sections 3
PE sections
Overlays
MD5 039c59b73e8d5f304fd696bf20585067
File type data
Offset 292352
Size 1243
Entropy 7.78
PE imports
CreateCompatibleDC
CreateColorSpaceW
Arc
CombineRgn
CloseFigure
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
FillConsoleOutputCharacterW
RtlUnwind
GetModuleFileNameA
GetStdHandle
IsProcessorFeaturePresent
GetCommandLineA
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
WriteProfileSectionW
GetProcAddress
AddAtomW
EncodePointer
GetFileType
SetStdHandle
CompareStringW
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
GetTempFileNameA
GetComputerNameA
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
HeapCreate
WriteFile
CreateFileW
InterlockedDecrement
Sleep
SetLastError
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
ExitProcess
WriteConsoleW
LeaveCriticalSection
glMateriali
glColor4iv
glEvalCoord2fv
wglRealizeLayerPalette
glFinish
wglUseFontBitmapsA
glIndexs
glNormal3b
ExtractIconExA
DoEnvironmentSubstA
ExtractAssociatedIconW
ExtractIconExW
ShellExecuteExW
ExtractIconW
SetFocus
SetWindowWord
DefFrameProcW
UpdateWindow
CloseDesktop
DdeConnect
GetKeyboardLayoutList
GetAsyncKeyState
GetWindowInfo
PostMessageW
FrameRect
mmioSeek
joyGetDevCapsA
PlaySoundA
waveOutGetDevCapsA
mixerClose
SymGetLineNext
SymGetModuleInfoW64
SymMatchString
ImageRvaToSection
SymGetLinePrev
SymLoadModuleEx
CoGetInstanceFromFile
StringFromCLSID
GetClassFile
CoBuildVersion
OleDestroyMenuDescriptor
FindMediaType
GetClassFileOrMime
CoInternetGetProtocolFlags
HlinkGoForward
Number of PE resources by type
RT_DIALOG 43
RT_BITMAP 27
RT_HTML 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 72
RUSSIAN 1
SPANISH HONDURAS 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.0.3

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
241664

EntryPoint
0x36a1

OriginalFileName
intel.exe

MIMEType
application/octet-stream

FileVersion
7.0.0.3

TimeStamp
2014:02:11 02:56:58+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
7.0.0.3

FileDescription
Intel corporation Pentium 4

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Intel Pentium 4

CodeSize
49664

ProductName
Intel corporation Pentium 4

ProductVersionNumber
7.0.0.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 eb78775dc42cd858b57ed395f33e5540
SHA1 bbeef0a97483d7acc823a71d7d634b9242c11d2b
SHA256 ef0411064ba00d7f133cfe28c9e05818e6047203c069e1be573c81e2888bb3f9
ssdeep
6144:DeiGTXcxIK5iZf7gxhaJAxFsDhkrvmlMIB3/:DeiGImKo9YhaJAxe/3/

authentihash 76e14f7579e0d34cce7ef27872010fc1c15460818bef8554041df47b636b7f19
imphash f130d9b64f49f8db8c467a78a0a71386
File size 286.7 KB ( 293595 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-03-02 00:41:15 UTC ( 4 years, 8 months ago )
Last submission 2014-06-15 11:17:31 UTC ( 4 years, 5 months ago )
File names Zq4T.tif
intel.exe
eb78775dc42cd858b57ed395f33e5540
vt-upload-15chb
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs