× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f96ed49ab1a5b4e2333fee30c42b2ae28dc5bc74fa02b9c6989e5c0159cfffd7
File name: redeye1
Detection ratio: 22 / 67
Analysis date: 2018-06-06 22:17:48 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.438799 20180606
AegisLab Troj.Dropper.W32.Mudrop.lDvK 20180606
ALYac Gen:Variant.Graftor.438799 20180606
Arcabit Trojan.Graftor.D6B20F 20180606
Avast Win32:Malware-gen 20180606
AVG Win32:Malware-gen 20180606
Avira (no cloud) DR/Delphi.Gen 20180606
BitDefender Gen:Variant.Graftor.438799 20180606
Cybereason malicious.da09fe 20180225
Cylance Unsafe 20180606
Emsisoft Gen:Variant.Graftor.438799 (B) 20180606
F-Secure Gen:Variant.Graftor.438799 20180606
GData Gen:Variant.Graftor.438799 20180606
Ikarus Trojan-Downloader.Win32.Banload 20180606
Jiangmin TrojanDownloader.Generic.adpa 20180606
Kaspersky HEUR:Trojan.Win32.Generic 20180606
MAX malware (ai score=83) 20180606
eScan Gen:Variant.Graftor.438799 20180606
NANO-Antivirus Trojan.Win32.Mudrop.ctwcd 20180606
Panda Trj/GdSda.A 20180606
Zillya Backdoor.CPEX.Win32.25503 20180606
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180606
AhnLab-V3 20180606
Alibaba 20180606
Antiy-AVL 20180606
Avast-Mobile 20180606
AVware 20180606
Babable 20180406
Baidu 20180606
Bkav 20180606
CAT-QuickHeal 20180606
ClamAV 20180606
CMC 20180606
Comodo 20180606
CrowdStrike Falcon (ML) 20180530
Cyren 20180606
DrWeb 20180606
eGambit 20180606
Endgame 20180507
ESET-NOD32 20180606
F-Prot 20180606
Fortinet 20180606
Sophos ML 20180601
K7AntiVirus 20180606
K7GW 20180606
Kingsoft 20180606
Malwarebytes 20180606
McAfee 20180606
McAfee-GW-Edition 20180606
Microsoft 20180606
Palo Alto Networks (Known Signatures) 20180606
Qihoo-360 20180606
Rising 20180606
SentinelOne (Static ML) 20180225
Sophos AV 20180606
SUPERAntiSpyware 20180606
Symantec 20180606
Symantec Mobile Insight 20180605
TACHYON 20180605
Tencent 20180606
TheHacker 20180606
TrendMicro 20180606
TrendMicro-HouseCall 20180606
Trustlook 20180606
VBA32 20180606
VIPRE 20180606
ViRobot 20180605
Webroot 20180606
Yandex 20180529
Zoner 20180606
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© A Company by iCoreX. All rights reserved.

Product redeye
Original name redeye.exe
Internal name redeye.exe
File version 1,2,3,4
Description RedEye MBR by iCoreX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00007F08
Number of sections 8
PE sections
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
EnumCalendarInfoA
GetStdHandle
EnterCriticalSection
lstrlenA
FreeLibrary
ExitProcess
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
WinExec
DeleteCriticalSection
GetStartupInfoA
LoadLibraryExA
GetLocaleInfoA
LocalAlloc
GetCPInfo
UnhandledExceptionFilter
GetCommandLineA
GetProcAddress
RaiseException
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
WriteFile
GetCurrentProcess
ReadFile
lstrcpynA
GetACP
GetDiskFreeSpaceA
GetCurrentThreadId
LocalFree
InitializeCriticalSection
VirtualQuery
VirtualFree
FindClose
TlsGetValue
TlsSetValue
CreateFileA
GetStringTypeExA
GetVersion
VirtualAlloc
LeaveCriticalSection
RtlSetProcessIsCritical
SysFreeString
GetSystemMetrics
LoadStringA
CharNextA
MessageBoxA
GetKeyboardType
CharToOemA
Number of PE resources by type
RT_STRING 5
RT_RCDATA 2
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.3.4

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
RedEye MBR by iCoreX

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
15872

EntryPoint
0x7f08

OriginalFileName
redeye.exe

MIMEType
application/octet-stream

LegalCopyright
A Company by iCoreX. All rights reserved.

FileVersion
1,2,3,4

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
redeye.exe

ProductVersion
4,3,2,1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
A Company of RedEye

CodeSize
28672

ProductName
redeye

ProductVersionNumber
4.3.2.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 878a10cda09fec2cb823f2b7138b550e
SHA1 db44dae60c12853cdbe62ec9f7b3493a897e519a
SHA256 f96ed49ab1a5b4e2333fee30c42b2ae28dc5bc74fa02b9c6989e5c0159cfffd7
ssdeep
768:1cqSwYqVQuw+qdWSMu8ydPfx9L19bBzwnjL3hYd44t9nhoqYPC8xV:1c9ZqVQcZz81xBohCjhR8rxV

authentihash 496ee1e499964aa233e8c1b0fea0596340628c4511ac7c2a30264484e4c6fd13
imphash 80bc66895583f4284c3b37b4f169cac8
File size 44.5 KB ( 45568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 7 (95.2%)
Win32 Executable Delphi generic (2.0%)
Win32 Dynamic Link Library (generic) (0.9%)
Win32 Executable (generic) (0.6%)
Win16/32 Executable Delphi generic (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-06 22:17:48 UTC ( 3 months, 2 weeks ago )
Last submission 2018-06-07 21:10:12 UTC ( 3 months, 2 weeks ago )
File names redeye.exe
Tempredeye.exe
f96ed49ab1a5b4e2333fee30c42b2ae28dc5bc74fa02b9c6989e5c0159cfffd7._exe
redeye1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!