× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: efa88e1d58639ffa91179c456c0e392eb3d55f17717d0552ac3f538937eadf96
File name: 232334.exe
Detection ratio: 7 / 57
Analysis date: 2016-11-16 22:04:58 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161116
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Sophos ML virus.win32.ramnit.j 20161018
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.dc 20161116
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20161116
Rising Malware.Heuristic!ET#95% (rdm+) 20161116
Symantec Heur.AdvML.B 20161116
Ad-Aware 20161116
AegisLab 20161116
AhnLab-V3 20161116
Alibaba 20161116
ALYac 20161116
Antiy-AVL 20161116
Arcabit 20161116
Avast 20161116
AVG 20161116
Avira (no cloud) 20161116
AVware 20161116
BitDefender 20161116
Bkav 20161116
CAT-QuickHeal 20161116
ClamAV 20161116
CMC 20161116
Comodo 20161116
Cyren 20161116
DrWeb 20161116
Emsisoft 20161116
ESET-NOD32 20161116
F-Prot 20161116
F-Secure 20161116
Fortinet 20161116
GData 20161116
Ikarus 20161116
Jiangmin 20161116
K7AntiVirus 20161116
K7GW 20161116
Kaspersky 20161116
Kingsoft 20161116
Malwarebytes 20161116
McAfee 20161116
Microsoft 20161116
eScan 20161116
NANO-Antivirus 20161116
nProtect 20161116
Panda 20161115
Sophos AV 20161116
SUPERAntiSpyware 20161116
Tencent 20161116
TheHacker 20161115
TotalDefense 20161116
TrendMicro 20161116
TrendMicro-HouseCall 20161116
VBA32 20161115
VIPRE 20161116
ViRobot 20161116
Yandex 20161116
Zillya 20161116
Zoner 20161116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-16 15:40:42
Entry Point 0x00005A5D
Number of sections 5
PE sections
PE imports
AddAccessAllowedObjectAce
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
WriteConsoleW
IsValidLanguageGroup
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
SetStdHandle
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetNumberOfConsoleMouseButtons
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
LocalFileTimeToFileTime
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_BITMAP 4
RT_ICON 2
RT_DIALOG 1
RT_GROUP_CURSOR 1
RT_MENU 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
FRENCH 8
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:11:16 16:40:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49664

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x5a5d

InitializedDataSize
190976

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 4c4b943c1a0f307a5355d36e1ad98142
SHA1 571cba18648bd5595def04349ebb0c1c0543c34d
SHA256 efa88e1d58639ffa91179c456c0e392eb3d55f17717d0552ac3f538937eadf96
ssdeep
3072:D5BYuOib4rlFmM9HmKT2wCH5bl7hj63AG5VBtLa8GaEF8OsQNjracDZDUutWYcMR:D53dC/mDH5pVeH59aBkO5dacD1tWq

authentihash 7a55f0fdc8496bb7c3ea37896f5d1042061b07e78b01edfd0045a627a8c11f9b
imphash cab204f62152be7b0cce3cccb69e6d91
File size 228.0 KB ( 233472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-16 22:04:58 UTC ( 2 years, 3 months ago )
Last submission 2018-11-26 08:53:04 UTC ( 2 months, 3 weeks ago )
File names TEMP.EXE
Temp.exe
efa88e1d58639ffa91179c456c0e392eb3d55f17717d0552ac3f538937eadf96
232334.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs