× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fbdca5003f4160a5f39167c7b244ec80429bd06f41ff9072599b3422547f0d6d
File name: 1.exe
Detection ratio: 7 / 62
Analysis date: 2017-03-31 17:03:17 UTC ( 2 years ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9976 20170330
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (high confidence) pe1 20170330
Qihoo-360 HEUR/QVM10.1.0000.Malware.Gen 20170331
SentinelOne (Static ML) static engine - malicious 20170330
Symantec ML.Attribute.HighConfidence 20170331
Webroot Malicious 20170331
Ad-Aware 20170331
AegisLab 20170331
AhnLab-V3 20170331
Alibaba 20170331
ALYac 20170331
Antiy-AVL 20170331
Arcabit 20170330
Avast 20170330
AVG 20170330
Avira (no cloud) 20170330
AVware 20170330
BitDefender 20170331
Bkav 20170330
CAT-QuickHeal 20170331
ClamAV 20170331
CMC 20170331
Comodo 20170331
Cyren 20170331
DrWeb 20170331
Emsisoft 20170331
ESET-NOD32 20170331
F-Prot 20170331
F-Secure 20170331
Fortinet 20170331
GData 20170331
Ikarus 20170331
Sophos ML 20170203
Jiangmin 20170331
K7AntiVirus 20170331
K7GW 20170331
Kaspersky 20170331
Kingsoft 20170331
Malwarebytes 20170331
McAfee 20170331
McAfee-GW-Edition 20170331
Microsoft 20170331
eScan 20170331
NANO-Antivirus 20170331
nProtect 20170331
Palo Alto Networks (Known Signatures) 20170331
Panda 20170330
Rising 20170331
Sophos AV 20170331
SUPERAntiSpyware 20170330
Symantec Mobile Insight 20170331
Tencent 20170331
TheHacker 20170330
TotalDefense 20170331
TrendMicro 20170331
TrendMicro-HouseCall 20170331
Trustlook 20170331
VBA32 20170331
VIPRE 20170331
ViRobot 20170331
WhiteArmor 20170327
Yandex 20170327
Zillya 20170331
ZoneAlarm by Check Point 20170331
Zoner 20170331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©AtomPark Software Inc.. All rights reserved.

Product Intra
Internal name Intra
File version 5.8.8.2
Description A500 Msdn Cancel Triggering
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-25 09:43:10
Entry Point 0x0000DC76
Number of sections 4
PE sections
Overlays
MD5 0d19c0893f5576786ed7d832167c5c63
File type data
Offset 480768
Size 1995
Entropy 7.90
PE imports
CredGetSessionTypes
CredIsMarshaledCredentialA
AVIFileGetStream
AVIFileInfoA
AVIStreamGetFrameClose
AVIStreamOpenFromFileA
AVIFileInit
AVIStreamGetFrame
AVIStreamInfoA
AVIFileOpenA
AVIStreamSampleToTime
AVIFileExit
AVIStreamStart
AVIStreamRelease
AVIStreamGetFrameOpen
AVIFileRelease
AVIStreamLength
ChooseColorA
ChooseFontA
CertDuplicateStore
CryptExportPublicKeyInfoEx
CreateICA
PatBlt
CreatePen
TextOutA
CreateFontIndirectA
GetObjectA
GetEnhMetaFilePixelFormat
DeleteDC
EndDoc
StartPage
DeleteObject
BitBlt
CreateDIBSection
SetTextColor
FillRgn
CreateEllipticRgn
MoveToEx
GetStockObject
ExtTextOutA
GetDIBits
CreateCompatibleDC
StretchBlt
EndPage
ExtEscape
SelectObject
StartDocA
CreateCompatibleBitmap
SetTextJustification
CreateSolidBrush
SetBkColor
SetTextCharacterExtra
GetBkColor
GetTextExtentPoint32A
ImmGetOpenStatus
ImmReleaseContext
ImmSetOpenStatus
ImmGetDefaultIMEWnd
ImmGetContext
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
LoadResource
FindClose
InterlockedDecrement
SetLastError
GetModuleFileNameW
Beep
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
SetFilePointer
SetUnhandledExceptionFilter
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
GetCPInfo
GetUserDefaultLCID
CompareStringW
FindFirstFileA
lstrcpyA
CompareStringA
FindNextFileA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateFileW
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
CreateIoCompletionPort
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetVolumeInformationA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetTimeFormatA
WNetGetConnectionA
TransparentBlt
DrawDibClose
ICClose
ICSendMessage
DrawDibOpen
ICGetInfo
ICOpen
ICInfo
Ord(3)
Ord(36)
Ord(1)
Ord(41)
Ord(19)
Ord(2)
OleTranslateColor
glTranslatef
glTexCoord2f
glEnable
glVertex3f
glClear
glEnd
glBegin
glPixelStorei
glRotatef
glNewList
glLoadIdentity
UuidCreateSequential
RpcMgmtStopServerListening
RpcNetworkInqProtseqsW
RpcMgmtSetServerStackSize
SetupDiGetClassDevsA
SHAddToRecentDocs
Ord(64)
Shell_NotifyIconA
AcquireCredentialsHandleA
MapWindowPoints
GetMessageA
GetForegroundWindow
GetParent
UpdateWindow
LoadMenuA
OffsetRect
SendInput
CreateDialogIndirectParamA
DefWindowProcA
GetWindowLongA
MessageBoxA
DestroyMenu
PostQuitMessage
DefMDIChildProcA
ShowWindow
SetWindowLongA
FillRect
DrawFrameControl
ArrangeIconicWindows
GetSystemMetrics
EnableMenuItem
IsWindow
GetMenu
DispatchMessageA
EndPaint
SetDlgItemTextA
MoveWindow
EnumChildWindows
GetIconInfo
IsGUIThread
PeekMessageA
SetWindowPos
GetMenuCheckMarkDimensions
TranslateMessage
LoadCursorFromFileW
GetWindow
GetSysColor
SetActiveWindow
GetDC
RegisterClassExA
BeginPaint
SetWindowTextA
DestroyIcon
LoadStringA
EnumDisplayDevicesA
PtInRect
CharLowerA
DefFrameProcA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
DrawMenuBar
DrawFocusRect
BringWindowToTop
LoadImageW
CreateIconIndirect
RegisterClassA
SetRect
CallNextHookEx
LoadAcceleratorsA
GetSubMenu
IsClipboardFormatAvailable
CharUpperA
LoadCursorA
LoadIconA
SendMessageA
GetMenuItemInfoA
CopyRect
InflateRect
LoadImageA
wsprintfA
GetFocus
SwitchToThisWindow
GetTitleBarInfo
UnregisterClassA
GetKeyState
DestroyWindow
ScriptGetProperties
WSAStartup
bind
WSASocketA
htons
listen
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageGraphicsContext
CreateStreamOnHGlobal
CoInitialize
StgCreateDocfileOnILockBytes
WriteClassStm
ReadClassStm
CoCreateInstance
OleGetClipboard
CreateILockBytesOnHGlobal
CoInternetParseUrl
Number of PE resources by type
BINARY 10
RT_HTML 8
RT_RCDATA 4
RT_ICON 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 28
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.8.8.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
A500 Msdn Cancel Triggering

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
334848

EntryPoint
0xdc76

MIMEType
application/octet-stream

LegalCopyright
Copyright AtomPark Software Inc.. All rights reserved.

FileVersion
5.8.8.2

TimeStamp
2016:08:25 10:43:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Intra

ProductVersion
5.8.8.2

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AtomPark Software Inc.

CodeSize
144896

ProductName
Intra

ProductVersionNumber
5.8.8.2

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 c54470ef7802679f2a18f6de49c47b7f
SHA1 b633603db945d50e91697ad9d0dd7286b75ec4ac
SHA256 fbdca5003f4160a5f39167c7b244ec80429bd06f41ff9072599b3422547f0d6d
ssdeep
12288:07GdWoNoTN+8kUgW3wJkNUbqax6nE8laau2vOWvcs:YoNCDMW3wS26Efabh

authentihash ec6f74097c16c9e985f3873a8775fc20ab16397004cc05050ef2bc38956788ae
imphash edf3424750cdd8a5f3425bac5f564b07
File size 471.4 KB ( 482763 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-03-31 17:03:17 UTC ( 2 years ago )
Last submission 2018-05-04 07:11:16 UTC ( 11 months, 2 weeks ago )
File names 1.exe
1.exe
1_1.exe
Intra
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
UDP communications