× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f7c577241b359785a6fbf4290f729ece4fba8f1d273f25d20ab55b43bf73d9a3
File name: composer.php
Detection ratio: 0 / 66
Analysis date: 2018-02-11 16:14:03 UTC ( 1 week, 1 day ago ) View latest
Antivirus Result Update
Ad-Aware 20180211
AegisLab 20180211
AhnLab-V3 20180211
Alibaba 20180209
ALYac 20180211
Antiy-AVL 20180211
Arcabit 20180211
Avast 20180211
Avast-Mobile 20180210
AVG 20180211
Avira (no cloud) 20180211
AVware 20180210
Baidu 20180208
BitDefender 20180211
Bkav 20180209
CAT-QuickHeal 20180211
ClamAV 20180211
CMC 20180211
Comodo 20180211
CrowdStrike Falcon (ML) 20170201
Cybereason 20180205
Cylance 20180211
Cyren 20180211
DrWeb 20180211
eGambit 20180211
Emsisoft 20180211
Endgame 20171130
ESET-NOD32 20180211
F-Prot 20180211
F-Secure 20180211
Fortinet 20180211
GData 20180211
Ikarus 20180211
Sophos ML 20180121
Jiangmin 20180211
K7AntiVirus 20180211
K7GW 20180211
Kaspersky 20180211
Kingsoft 20180211
Malwarebytes 20180211
MAX 20180211
McAfee 20180211
McAfee-GW-Edition 20180211
Microsoft 20180211
eScan 20180211
nProtect 20180209
Palo Alto Networks (Known Signatures) 20180211
Panda 20180211
Qihoo-360 20180211
Rising 20180211
SentinelOne (Static ML) 20180115
Sophos AV 20180211
Symantec 20180210
Symantec Mobile Insight 20180209
Tencent 20180211
TheHacker 20180208
TotalDefense 20180211
TrendMicro 20180211
TrendMicro-HouseCall 20180211
Trustlook 20180211
VBA32 20180209
VIPRE 20180211
ViRobot 20180211
Webroot 20180211
WhiteArmor 20180205
Yandex 20180210
Zillya 20180209
ZoneAlarm by Check Point 20180211
Zoner 20180211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS, appended, Unicode
PEiD Nullsoft PIMP Install System v1.x
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-09-04 12:01:20
Entry Point 0x00004B07
Number of sections 4
PE sections
Overlays
MD5 938b5eb0561bef479f51b8662d2c5d2e
File type data
Offset 53248
Size 2518884
Entropy 8.00
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
SelectObject
LineTo
SetBkMode
GetNearestColor
CreateFontA
CreatePen
GetStockObject
CreateBrushIndirect
TextOutA
GetTextMetricsA
CreateSolidBrush
SetTextColor
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
MoveToEx
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
FreeLibrary
CopyFileA
ExitProcess
SetFileTime
RemoveDirectoryA
LoadLibraryA
GetShortPathNameA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
MultiByteToWideChar
MapViewOfFile
GetCommandLineA
GetProcAddress
GetFileTime
SetFilePointer
GetTempPathA
CreateThread
GetFileAttributesA
GetModuleHandleA
ReadFile
lstrcpyA
FindFirstFileA
CreateFileMappingA
FindNextFileA
GetModuleFileNameA
GetSystemDirectoryA
GetDiskFreeSpaceA
SetFileAttributesA
GetExitCodeProcess
MoveFileA
CreateProcessA
UnmapViewOfFile
WriteFile
GlobalAlloc
FindClose
Sleep
SetEndOfFile
CreateFileA
GetTickCount
CloseHandle
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SHFileOperationA
SetFocus
RegisterClassA
GetParent
SystemParametersInfoA
GetWindowTextA
EndDialog
BeginPaint
ShowWindow
DefWindowProcA
FindWindowA
SetClassLongA
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
DialogBoxParamA
DrawTextA
SetWindowTextA
IsWindowVisible
SendMessageA
IsWindowEnabled
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
ScreenToClient
SetRect
wsprintfA
SetTimer
LoadCursorA
LoadIconA
FillRect
GetDesktopWindow
EndPaint
SetForegroundWindow
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_DIALOG 7
RT_BITMAP 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2001:09:04 13:01:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
6.0

EntryPoint
0x4b07

InitializedDataSize
53248

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 2889838e9b7ac8f3f3797adbf06d2d20
SHA1 bd92e73a3b576920cd4daab04af819dee2e7792b
SHA256 f7c577241b359785a6fbf4290f729ece4fba8f1d273f25d20ab55b43bf73d9a3
ssdeep
49152:P7MMMMMMMMMM+M7HOKWPkOUld2MB27vaxShEOWp7ytokwFGkuyOylUs4mfHLPdUx:jMMMMMMMMMkHYFUld2iAvaytokJ2FDHK

authentihash a34b446e5ac2944d253adb6b5a5b26883339d406f4c880e86a520624bccda41f
imphash 17860558304f45c5e050c6a82883278d
File size 2.5 MB ( 2572132 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
nsis peexe overlay nullsoft

VirusTotal metadata
First submission 2012-08-15 21:04:42 UTC ( 5 years, 6 months ago )
Last submission 2017-10-08 04:16:10 UTC ( 4 months, 2 weeks ago )
File names GlobFXComposer109.exe
46333
F7C577241B359785A6FBF4290F729ECE4FBA8F1D273F25D20AB55B43BF73D9A3
composer.php
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!