× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f7c577241b359785a6fbf4290f729ece4fba8f1d273f25d20ab55b43bf73d9a3
File name: composer.php
Detection ratio: 0 / 68
Analysis date: 2018-01-06 17:21:02 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware 20180106
AegisLab 20180105
AhnLab-V3 20180106
ALYac 20180106
Antiy-AVL 20180106
Arcabit 20180106
Avast 20180106
Avast-Mobile 20180105
AVG 20180106
Avira (no cloud) 20180106
AVware 20180103
Baidu 20180105
BitDefender 20180106
Bkav 20180106
CAT-QuickHeal 20180106
ClamAV 20180106
CMC 20180106
Comodo 20180106
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180106
Cyren 20180106
DrWeb 20180106
eGambit 20180106
Emsisoft 20180106
Endgame 20171130
ESET-NOD32 20180106
F-Prot 20180106
F-Secure 20180106
Fortinet 20180106
GData 20180106
Ikarus 20180106
Sophos ML 20170914
Jiangmin 20180106
K7AntiVirus 20180106
K7GW 20180106
Kaspersky 20180106
Kingsoft 20180106
Malwarebytes 20180106
MAX 20180106
McAfee 20180102
McAfee-GW-Edition 20180106
Microsoft 20180106
eScan 20180106
NANO-Antivirus 20180106
nProtect 20180106
Palo Alto Networks (Known Signatures) 20180106
Panda 20180106
Qihoo-360 20180106
Rising 20180106
SentinelOne (Static ML) 20171224
Sophos AV 20180106
SUPERAntiSpyware 20180106
Symantec 20180106
Tencent 20180106
TheHacker 20180103
TotalDefense 20180106
TrendMicro 20180106
TrendMicro-HouseCall 20180106
Trustlook 20180106
VBA32 20180105
VIPRE 20180106
ViRobot 20180106
Webroot 20180106
WhiteArmor 20171226
Yandex 20171229
Zillya 20180105
ZoneAlarm by Check Point 20180106
Zoner 20180106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS, appended, Unicode
PEiD Nullsoft PIMP Install System v1.x
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-09-04 12:01:20
Entry Point 0x00004B07
Number of sections 4
PE sections
Overlays
MD5 938b5eb0561bef479f51b8662d2c5d2e
File type data
Offset 53248
Size 2518884
Entropy 8.00
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
SelectObject
LineTo
SetBkMode
GetNearestColor
CreateFontA
CreatePen
GetStockObject
CreateBrushIndirect
TextOutA
GetTextMetricsA
CreateSolidBrush
SetTextColor
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
MoveToEx
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
FreeLibrary
CopyFileA
ExitProcess
SetFileTime
RemoveDirectoryA
LoadLibraryA
GetShortPathNameA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
MultiByteToWideChar
MapViewOfFile
GetCommandLineA
GetProcAddress
GetFileTime
SetFilePointer
GetTempPathA
CreateThread
GetFileAttributesA
GetModuleHandleA
ReadFile
lstrcpyA
FindFirstFileA
CreateFileMappingA
FindNextFileA
GetModuleFileNameA
GetSystemDirectoryA
GetDiskFreeSpaceA
SetFileAttributesA
GetExitCodeProcess
MoveFileA
CreateProcessA
UnmapViewOfFile
WriteFile
GlobalAlloc
FindClose
Sleep
SetEndOfFile
CreateFileA
GetTickCount
CloseHandle
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SHFileOperationA
SetFocus
RegisterClassA
GetParent
SystemParametersInfoA
GetWindowTextA
EndDialog
BeginPaint
ShowWindow
DefWindowProcA
FindWindowA
SetClassLongA
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
DialogBoxParamA
DrawTextA
SetWindowTextA
IsWindowVisible
SendMessageA
IsWindowEnabled
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
ScreenToClient
SetRect
wsprintfA
SetTimer
LoadCursorA
LoadIconA
FillRect
GetDesktopWindow
EndPaint
SetForegroundWindow
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_DIALOG 7
RT_BITMAP 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2001:09:04 13:01:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

EntryPoint
0x4b07

InitializedDataSize
53248

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 2889838e9b7ac8f3f3797adbf06d2d20
SHA1 bd92e73a3b576920cd4daab04af819dee2e7792b
SHA256 f7c577241b359785a6fbf4290f729ece4fba8f1d273f25d20ab55b43bf73d9a3
ssdeep
49152:P7MMMMMMMMMM+M7HOKWPkOUld2MB27vaxShEOWp7ytokwFGkuyOylUs4mfHLPdUx:jMMMMMMMMMkHYFUld2iAvaytokJ2FDHK

authentihash a34b446e5ac2944d253adb6b5a5b26883339d406f4c880e86a520624bccda41f
imphash 17860558304f45c5e050c6a82883278d
File size 2.5 MB ( 2572132 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
nsis peexe nullsoft overlay

VirusTotal metadata
First submission 2012-08-15 21:04:42 UTC ( 5 years, 11 months ago )
Last submission 2018-07-07 06:09:28 UTC ( 1 week, 4 days ago )
File names GlobFXComposer109.exe
46333
F7C577241B359785A6FBF4290F729ECE4FBA8F1D273F25D20AB55B43BF73D9A3
composer.php
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!