× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fa6d07f2801e3c5fdca7bc9bda8659f5ae2e47d7f993d912719ae8af8774cd0b
File name: 7tfr6kj.exe
Detection ratio: 2 / 54
Analysis date: 2016-01-11 09:52:21 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
Kaspersky UDS:DangerousObject.Multi.Generic 20160111
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20160111
Ad-Aware 20160111
AegisLab 20160111
Yandex 20160108
AhnLab-V3 20160111
Alibaba 20160111
ALYac 20160111
Antiy-AVL 20160111
Arcabit 20160111
Avast 20160111
AVG 20160111
Avira (no cloud) 20160111
AVware 20160111
Baidu-International 20160111
BitDefender 20160111
Bkav 20160109
ByteHero 20160111
CAT-QuickHeal 20160111
ClamAV 20160110
Comodo 20160111
Cyren 20160111
DrWeb 20160111
Emsisoft 20160111
ESET-NOD32 20160111
F-Prot 20160111
F-Secure 20160111
Fortinet 20160111
GData 20160111
Ikarus 20160111
Jiangmin 20160111
K7AntiVirus 20160111
K7GW 20160111
Malwarebytes 20160111
McAfee 20160111
McAfee-GW-Edition 20160111
Microsoft 20160111
eScan 20160111
NANO-Antivirus 20160111
nProtect 20160108
Panda 20160110
Rising 20160111
Sophos AV 20160111
SUPERAntiSpyware 20160111
Symantec 20160110
Tencent 20160111
TheHacker 20160107
TrendMicro 20160111
TrendMicro-HouseCall 20160111
VBA32 20160107
VIPRE 20160111
ViRobot 20160111
Zillya 20160110
Zoner 20160111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Корпорация Майкрософт. Все права защищены.

Product Операционная система Microsoft® Windows®
Original name g2b22.EXE
Internal name g2b22.EXE
File version 5.3.2755.5100 (xpsp.080413-2108)
Description Удаленный помощник (Microsoft)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-08 06:13:23
Entry Point 0x00023670
Number of sections 11
PE sections
PE imports
Thread32First
CallNamedPipeA
GetConsoleFontSize
SetTimeZoneInformation
GetDiskFreeSpaceW
CreateFileW
EnumSystemLocalesW
SetFileShortNameA
FreeConsole
GetConsoleTitleA
GetCompressedFileSizeA
GetProcAddress
SetFileAttributesW
LoadLibraryExA
MprInfoBlockRemove
MprConfigInterfaceCreate
wnsprintfA
RegisterWindowMessageW
wsprintfW
wsprintfA
calloc
memcpy
toupper
PdhGetDefaultPerfCounterA
Number of PE resources by type
RT_ICON 5
RT_STRING 2
RT_MENU 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 11
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
3.24

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.3.2755.5100

UninitializedDataSize
5632

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
47104

EntryPoint
0x23670

OriginalFileName
g2b22.EXE

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.3.2755.5100 (xpsp.080413-2108)

TimeStamp
2018:07:08 07:13:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
g2b22.EXE

ProductVersion
5.3.2755.5100

FileDescription
(Microsoft)

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
48640

ProductName
Microsoft Windows

ProductVersionNumber
5.3.2755.5100

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3d59b913f823314ca85839b60a9d563a
SHA1 d03a9cb00d62cd4b47ba1f9a1c879df9c6daea9e
SHA256 fa6d07f2801e3c5fdca7bc9bda8659f5ae2e47d7f993d912719ae8af8774cd0b
ssdeep
3072:migHqQJl8JwLidzwTTtWnPoLDmi6B5imbQ6XxVo:m4QJGJwLi6QPoLCjzDbQ

authentihash 8daf0e71d9ed74ed253580ed0f3f02af9571fa72ed47240aafb726a8d2ddce2b
imphash 5164a221d9a3a7df28f6a09598fd5ded
File size 152.5 KB ( 156160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-01-11 09:08:07 UTC ( 1 year, 9 months ago )
Last submission 2017-08-21 06:24:41 UTC ( 1 month, 3 weeks ago )
File names 7tfr6kj.exe
7tfr6kj.exe_JYG
warant.exe
fa6d07f2801e3c5fdca7bc9bda8659f5ae2e47d7f993d912719ae8af8774cd0b.exe
g2b22.EXE
7tfr6kj.exe
7tfr6kj_exe
3d59b913f823314ca85839b60a9d563a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications