× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f6d97c6d1d884b8e2efda131736a51a5b8fccccf9d8ba25e311bca8cf0669b11
File name: F6D97C6D1D884B8E2EFDA131736A51A5B8FCCCCF9D8BA25E311BCA8CF0669B11
Detection ratio: 2 / 55
Analysis date: 2016-02-09 09:16:01 UTC ( 3 years ago ) View latest
Antivirus Result Update
McAfee Packed-GL!30DF5D2E5201 20160209
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160209
Ad-Aware 20160209
AegisLab 20160209
Yandex 20160206
AhnLab-V3 20160208
Alibaba 20160204
ALYac 20160209
Antiy-AVL 20160209
Arcabit 20160209
Avast 20160209
AVG 20160209
Avira (no cloud) 20160209
Baidu-International 20160209
BitDefender 20160209
Bkav 20160204
ByteHero 20160209
CAT-QuickHeal 20160209
ClamAV 20160209
CMC 20160205
Comodo 20160209
Cyren 20160209
DrWeb 20160209
Emsisoft 20160209
ESET-NOD32 20160209
F-Prot 20160129
F-Secure 20160209
Fortinet 20160209
GData 20160209
Ikarus 20160209
Jiangmin 20160209
K7AntiVirus 20160209
K7GW 20160209
Kaspersky 20160209
Malwarebytes 20160208
McAfee-GW-Edition 20160209
Microsoft 20160209
eScan 20160209
NANO-Antivirus 20160209
nProtect 20160205
Panda 20160208
Rising 20160209
Sophos AV 20160209
SUPERAntiSpyware 20160209
Symantec 20160208
Tencent 20160209
TheHacker 20160208
TotalDefense 20160208
TrendMicro 20160209
TrendMicro-HouseCall 20160209
VBA32 20160208
VIPRE 20160209
ViRobot 20160209
Zillya 20160208
Zoner 20160209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-01-22 06:36:31
Entry Point 0x00016766
Number of sections 4
PE sections
PE imports
SetMetaRgn
SetMapMode
GetWindowOrgEx
CreateMetaFileA
PlayEnhMetaFileRecord
GetTextMetricsA
GetCharABCWidthsA
PlayMetaFile
GetROP2
RectInRegion
GetObjectType
SetColorAdjustment
GetTextExtentPointA
CopyEnhMetaFileW
SetPixel
EndDoc
IntersectClipRect
GetFontLanguageInfo
CopyEnhMetaFileA
OffsetWindowOrgEx
CreateEllipticRgn
SetColorSpace
EqualRgn
ExtCreateRegion
SetPixelFormat
GetEnhMetaFileBits
GetDCOrgEx
StretchBlt
GetTextFaceA
SwapBuffers
EnumICMProfilesA
ScaleViewportExtEx
AbortDoc
SetWindowExtEx
Arc
GetKerningPairsA
WidenPath
ExtCreatePen
GetFontData
GetBkColor
SetRectRgn
CreateFontA
GetDIBColorTable
CreateFontIndirectW
OffsetRgn
EnumFontsW
GetCurrentPositionEx
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
EndPath
GetEnhMetaFileW
EnumFontsA
UpdateColors
GetBitmapBits
PolyDraw
OffsetViewportOrgEx
SetBkMode
GetICMProfileA
SetMetaFileBitsEx
BitBlt
EnumFontFamiliesA
FillRgn
GetOutlineTextMetricsA
FrameRgn
SelectPalette
SetBkColor
StrokePath
CreateEnhMetaFileA
ExtSelectClipRgn
ScaleWindowExtEx
CloseEnhMetaFile
EndPage
GetNearestPaletteIndex
SetDIBColorTable
EnumEnhMetaFile
CancelDC
GetTextColor
CreatePolyPolygonRgn
Escape
BeginPath
DeleteObject
PlayMetaFileRecord
SetBitmapBits
PatBlt
CreatePen
SetStretchBltMode
GetCharABCWidthsFloatW
Rectangle
GetDeviceCaps
GetMetaFileBitsEx
DeleteDC
SetWorldTransform
GetMapMode
EnumMetaFile
StartPage
CreateDCW
GetCharWidthA
GetEnhMetaFileDescriptionW
CreateDIBPatternBrushPt
CreateBitmap
RectVisible
DeleteColorSpace
PlayEnhMetaFile
ExtTextOutA
UnrealizeObject
GdiFlush
SelectClipRgn
RoundRect
GetTextAlign
GetTextExtentPoint32A
GetWinMetaFileBits
RealizePalette
GetViewportOrgEx
SetWindowOrgEx
SetTextCharacterExtra
GetTextExtentPoint32W
LPtoDP
CreatePolygonRgn
CreateICA
Polygon
GetGlyphOutlineW
GetRgnBox
SetDeviceGammaRamp
MaskBlt
GetEnhMetaFilePaletteEntries
ModifyWorldTransform
GetGlyphOutlineA
GetDeviceGammaRamp
RestoreDC
GetPixel
GetTextExtentExPointW
GetBkMode
ExtFloodFill
GetBrushOrgEx
GetCurrentObject
MoveToEx
EnumFontFamiliesExW
SetPixelV
AbortPath
SetArcDirection
CreateRoundRectRgn
PolyBezierTo
CreateFontW
PolyBezier
CreateRectRgn
RemoveFontResourceA
GetClipRgn
SetPolyFillMode
Ellipse
RemoveFontResourceW
CreateSolidBrush
CombineTransform
StartDocW
CreateCompatibleBitmap
GetStartupInfoA
EnumSystemLocalesA
GlobalAddAtomW
GetNamedPipeInfo
GetModuleHandleA
CreateIoCompletionPort
CreateProcessW
CreateSemaphoreW
GetSystemDefaultLCID
CreateDirectoryW
Ord(324)
Ord(3825)
Ord(3147)
Ord(2124)
Ord(5302)
Ord(1040)
Ord(1073)
Ord(4627)
Ord(3597)
Ord(1096)
Ord(3738)
Ord(4853)
Ord(1009)
Ord(3136)
Ord(2982)
Ord(1013)
Ord(561)
Ord(3079)
Ord(2512)
Ord(3262)
Ord(4234)
Ord(1576)
Ord(1089)
Ord(1775)
Ord(2055)
Ord(4837)
Ord(5307)
Ord(5241)
Ord(3798)
Ord(3259)
Ord(3081)
Ord(2648)
Ord(4407)
Ord(2446)
Ord(3830)
Ord(4079)
Ord(4078)
Ord(2725)
Ord(5065)
Ord(5289)
Ord(2396)
Ord(6376)
Ord(1066)
Ord(4353)
Ord(3831)
Ord(6374)
Ord(3346)
Ord(1023)
Ord(1727)
Ord(1168)
Ord(2976)
Ord(2985)
Ord(5163)
Ord(2385)
Ord(815)
Ord(4486)
Ord(5300)
Ord(1044)
Ord(4698)
Ord(4998)
Ord(5280)
Ord(3922)
Ord(1068)
Ord(5277)
Ord(2514)
Ord(5265)
Ord(3749)
Ord(2554)
Ord(5199)
Ord(4441)
Ord(4274)
Ord(5261)
Ord(4465)
Ord(5731)
__p__fmode
_vsnprintf
_adj_fdiv_r
__CxxFrameHandler
_acmdln
_adjust_fdiv
__setusermatherr
_setmbcp
__dllonexit
_onexit
fputs
exp
__getmainargs
_initterm
_controlfp
_spawnlp
__p__commode
__set_app_type
GetPropW
Number of PE resources by type
RT_RCDATA 12
RT_DIALOG 10
RT_ICON 3
RT_GROUP_ICON 3
skEw73 1
v718472 1
svg1M5v5 1
HM300 1
hO4300dC3 1
RT_MENU 1
MD66006 1
yh68q 1
miE51 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 38
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.189.83.97

UninitializedDataSize
0

LanguageCode
Unknown (EXTE)

FileFlagsMask
0x003f

CharacterSet
Unknown (RIOR)

InitializedDataSize
118784

EntryPoint
0x16766

MIMEType
application/octet-stream

LegalCopyright
2014 (C) 2012

FileVersion
Drivels 0,150,113,55

TimeStamp
2009:01:22 07:36:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Estuary

ProductVersion
0,9,73,205

FileDescription
Glimmer Headline Help

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
GreenPrint Technologies

CodeSize
90112

ProductName
Hang Examined

ProductVersionNumber
0.189.246.252

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 30df5d2e5201411c047bca97a31257c2
SHA1 3240a84dddf4037376fccafeb074832c1ad0f0c5
SHA256 f6d97c6d1d884b8e2efda131736a51a5b8fccccf9d8ba25e311bca8cf0669b11
ssdeep
3072:Q86egkj58gLG8bNgHZ8guyyjLpUpNuawGQh848hi7SZRR2fjze7BKOFPLd:GKjLPbNzRCproT8hiqREfjzfUB

authentihash c01a445796b464c6986f0b27d2c839566d692e0b68ceb43c9a52449ac0c68b1d
imphash 0635be93283abfe5c619c9e61a969166
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-09 09:16:01 UTC ( 3 years ago )
Last submission 2016-03-18 07:51:11 UTC ( 2 years, 11 months ago )
File names umidunaq.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs