× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fa092bfd24a1255d5e870b447cfc229e3bc6b0dd3f59ade7fa7369aff45b7a29
File name: rad73363.tmp.exe
Detection ratio: 10 / 58
Analysis date: 2017-02-15 21:45:21 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Backdoor/Win32.Hlux.R195288 20170215
Arcabit Trojan.Graftor.D5359B 20170215
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9991 20170215
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (high confidence) 20170208
Sophos ML virus.win32.sality.at 20170203
Malwarebytes Backdoor.Bot 20170215
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20170215
Symantec ML.Attribute.HighConfidence 20170215
Webroot W32.Trojan.Gen 20170215
Ad-Aware 20170215
AegisLab 20170215
Alibaba 20170215
ALYac 20170215
Antiy-AVL 20170215
Avast 20170215
AVG 20170215
Avira (no cloud) 20170215
AVware 20170215
BitDefender 20170215
Bkav 20170215
CAT-QuickHeal 20170215
ClamAV 20170215
CMC 20170215
Comodo 20170215
Cyren 20170215
DrWeb 20170215
Emsisoft 20170215
ESET-NOD32 20170215
F-Prot 20170215
F-Secure 20170215
Fortinet 20170215
GData 20170215
Ikarus 20170215
Jiangmin 20170215
K7AntiVirus 20170215
K7GW 20170215
Kaspersky 20170215
Kingsoft 20170215
McAfee 20170215
McAfee-GW-Edition 20170215
Microsoft 20170215
eScan 20170215
NANO-Antivirus 20170215
nProtect 20170215
Panda 20170215
Rising 20170215
Sophos AV 20170215
SUPERAntiSpyware 20170215
Tencent 20170215
TheHacker 20170215
TrendMicro 20170215
TrendMicro-HouseCall 20170215
Trustlook 20170215
VBA32 20170215
VIPRE 20170215
ViRobot 20170215
WhiteArmor 20170215
Yandex 20170215
Zillya 20170215
Zoner 20170215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
???? (C) 1999

Product ColorProcess ????
Original name ColorProcess.EXE
Internal name ColorProcess
File version 1, 0, 0, 1
Description ColorProcess Microsoft ???????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-12 17:47:49
Entry Point 0x0000852F
Number of sections 4
PE sections
Overlays
MD5 ba6c2f05bac37eb0d878ad9e92b7ffb3
File type data
Offset 65536
Size 123234
Entropy 8.00
PE imports
GlobalSize
LocalFree
GetStartupInfoA
HeapFree
LocalLock
GlobalReAlloc
LocalAlloc
GetModuleHandleA
GlobalFree
GlobalHandle
GlobalLock
HeapAlloc
CreateFileA
GlobalUnlock
LocalUnlock
GlobalAlloc
GetModuleFileNameA
GetProcessHeap
Ord(1775)
Ord(4080)
Ord(4710)
Ord(2801)
Ord(5677)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(4963)
Ord(4524)
Ord(3728)
Ord(4468)
Ord(5237)
Ord(5577)
Ord(3350)
Ord(2124)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(1665)
Ord(4303)
Ord(5214)
Ord(5105)
Ord(5301)
Ord(2383)
Ord(2414)
Ord(4246)
Ord(3216)
Ord(6215)
Ord(6625)
Ord(1725)
Ord(517)
Ord(3869)
Ord(554)
Ord(4531)
Ord(815)
Ord(2723)
Ord(641)
Ord(3830)
Ord(4428)
Ord(3351)
Ord(4875)
Ord(4696)
Ord(2514)
Ord(4425)
Ord(3454)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5104)
Ord(5300)
Ord(5284)
Ord(5008)
Ord(6216)
Ord(5265)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2127)
Ord(6571)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(3092)
Ord(5307)
Ord(796)
Ord(4823)
Ord(1746)
Ord(567)
Ord(2542)
Ord(4424)
Ord(5241)
Ord(540)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(2448)
Ord(3059)
Ord(2554)
Ord(4376)
Ord(1859)
Ord(5791)
Ord(4614)
Ord(2117)
Ord(3692)
Ord(1727)
Ord(823)
Ord(4496)
Ord(2642)
Ord(2725)
Ord(640)
Ord(1776)
Ord(5805)
Ord(5472)
Ord(268)
Ord(4436)
Ord(4457)
Ord(800)
Ord(4262)
Ord(4245)
Ord(912)
Ord(4694)
Ord(2512)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(2884)
Ord(6131)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(3825)
Ord(5101)
Ord(1858)
Ord(6375)
Ord(5283)
Ord(4615)
Ord(2370)
Ord(400)
Ord(4077)
Ord(6336)
Ord(6175)
Ord(1567)
Ord(6052)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(6376)
Ord(4353)
Ord(2880)
Ord(3748)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(784)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(4152)
Ord(2396)
Ord(1936)
Ord(2101)
Ord(4159)
Ord(3831)
Ord(5100)
Ord(4545)
Ord(5280)
Ord(986)
Ord(4612)
Ord(4486)
Ord(2976)
Ord(4998)
Ord(323)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(6080)
Ord(2445)
Ord(2649)
Ord(4163)
Ord(5163)
Ord(2446)
Ord(6329)
Ord(2510)
Ord(3402)
Ord(402)
Ord(6000)
Ord(4623)
Ord(324)
Ord(4341)
Ord(4238)
Ord(3749)
Ord(1871)
Ord(2385)
Ord(4613)
Ord(4349)
Ord(2878)
Ord(4899)
Ord(5776)
Ord(6334)
Ord(652)
Ord(5255)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(3147)
Ord(4837)
Ord(5264)
Ord(3571)
Ord(289)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(6374)
Ord(3403)
Ord(3711)
Ord(4622)
Ord(561)
Ord(4216)
Ord(2390)
Ord(411)
Ord(4960)
Ord(5102)
Ord(1640)
Ord(4543)
Ord(2302)
Ord(2879)
Ord(3262)
Ord(4529)
Ord(5277)
Ord(529)
Ord(4698)
Ord(5254)
Ord(613)
Ord(4752)
Ord(976)
Ord(6055)
Ord(296)
Ord(4858)
Ord(4153)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(2382)
Ord(1825)
Ord(860)
Ord(5731)
Ord(783)
__p__fmode
malloc
_acmdln
_ftol
__dllonexit
_except_handler3
_itoa
_onexit
exit
_XcptFilter
??1type_info@@UAE@XZ
__setusermatherr
__p__commode
__CxxFrameHandler
_adjust_fdiv
free
__getmainargs
atof
_exit
_setmbcp
_initterm
_controlfp
__set_app_type
ReleaseDC
SetScrollRange
UpdateWindow
GetScrollRange
EnableWindow
FindWindowW
SendMessageA
GetClientRect
LoadCursorA
SetScrollPos
GetDC
SetCursor
Number of PE resources by type
RT_STRING 14
RT_DIALOG 5
RT_ICON 4
RT_MENU 2
RT_GROUP_ICON 2
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 31
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
32768

EntryPoint
0x852f

OriginalFileName
ColorProcess.EXE

MIMEType
application/octet-stream

LegalCopyright
(C) 1999

FileVersion
1, 0, 0, 1

TimeStamp
2017:02:12 18:47:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ColorProcess

ProductVersion
1, 0, 0, 1

FileDescription
ColorProcess Microsoft

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
32768

ProductName
ColorProcess

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 97e4dcbc24f18c9e912fafc088a34e18
SHA1 88fcdbdb8efc4938be91eae6fae7df9e7ab27406
SHA256 fa092bfd24a1255d5e870b447cfc229e3bc6b0dd3f59ade7fa7369aff45b7a29
ssdeep
3072:9Z4dGnTalyAx1xFI2ssuDcQfhiYLGHo/Krjt5e3:9oGTaAIFsplLlKrjbs

authentihash 04f91b8ffb40cf9708051680cf2f62caa2f06aa1fcc0c1bcf36cdf7019778b04
imphash 8953a2f5029d3f170ae665356eff0aa8
File size 184.3 KB ( 188770 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-02-15 21:45:21 UTC ( 1 year, 11 months ago )
Last submission 2017-02-15 21:45:21 UTC ( 1 year, 11 months ago )
File names ColorProcess
rad73363.tmp.exe
ColorProcess.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!