× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fbe0567e1e3b08fbdf899dbd4f70cfbed1320d4e84ed194256d9cc00ba0cd108
File name: mEdqFxGy.exe
Detection ratio: 50 / 56
Analysis date: 2015-12-16 10:00:23 UTC ( 3 years, 4 months ago )
Antivirus Result Update
Ad-Aware Win32.Sality.3 20151216
Yandex Trojan.Ramnit!cLbJ7UZPdfE 20151214
AhnLab-V3 Win32/Kashu.E 20151216
ALYac Win32.Sality.3 20151216
Antiy-AVL Virus/Win32.Sality.gen 20151216
Arcabit Win32.Sality.3 20151216
Avast Win32:SaliCode 20151216
AVG Win32/Sality 20151216
Avira (no cloud) W32/Sality.AT 20151216
AVware Virus.Win32.Sality.atbh (v) 20151216
Baidu-International Virus.Win32.Sality.$Emu 20151215
BitDefender Win32.Sality.3 20151216
Bkav W32.Sality.PE 20151215
CAT-QuickHeal W32.Sality.U 20151216
ClamAV Trojan.Ramnit-4 20151216
Comodo TrojWare.Win32.Kryptik.KLV 20151216
Cyren W32/Ramnit.K.gen!Eldorado 20151216
DrWeb Win32.Sector.30 20151215
Emsisoft Win32.Sality.3 (B) 20151216
ESET-NOD32 Win32/Sality.NBA 20151216
F-Prot W32/Ramnit.K.gen!Eldorado 20151216
F-Secure Win32.Sality.3 20151216
Fortinet W32/Kryptik.KLV!tr 20151216
GData Win32.Sality.3 20151216
Ikarus Gen:Heur 20151216
Jiangmin Win32/HLLP.Kuku.Gen 20151216
K7AntiVirus Backdoor ( 04c4cb8a1 ) 20151216
K7GW Backdoor ( 04c4cb8a1 ) 20151216
Kaspersky Worm.Win32.Autorun.icp 20151216
Malwarebytes Spyware.Zbot 20151216
McAfee W32/Sality.gen.z 20151216
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.dh 20151216
Microsoft Virus:Win32/Sality.AT 20151216
eScan Win32.Sality.3 20151216
NANO-Antivirus Virus.Win32.Sality.bzkem 20151216
nProtect Win32.Sality.3 20151216
Panda Trj/Ramnit.F 20151215
Qihoo-360 Virus.Win32.Sality.I 20151216
Rising PE:Virus.Sality!1.A09C [F] 20151216
Sophos AV Mal/Sality-D 20151216
SUPERAntiSpyware Trojan.Agent/Gen-FakeSecurity 20151216
Symantec W32.Sality.AE 20151215
TotalDefense Win32/Sality.AA 20151216
TrendMicro PE_SALITY.ER 20151216
TrendMicro-HouseCall PE_SALITY.ER 20151216
VBA32 Virus.Win32.Sality.bakb 20151215
VIPRE Virus.Win32.Sality.atbh (v) 20151216
ViRobot Win32.Sality.Gen.A[h] 20151216
Zillya Virus.Sality.Win32.25 20151215
Zoner Win32.Ramnit.A 20151216
AegisLab 20151216
Alibaba 20151208
ByteHero 20151216
CMC 20151216
Tencent 20151216
TheHacker 20151215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2007 Avira GmbH. All rights reserved.

Internal name AntiVir/Win32
File version 7.6.0.59
Description AntiVir Command Line Scanner for Windows
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-02 18:55:02
Entry Point 0x00001100
Number of sections 5
PE sections
Overlays
MD5 37d49249d58e3ca621c96eff01bf0a16
File type data
Offset 235008
Size 512
Entropy 7.49
PE imports
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
IsTextUnicode
CreateBitmap
DeleteDC
EndDoc
SelectObject
CreateFontIndirectW
CreatePen
DeleteObject
RemoveFontResourceW
AddFontResourceW
BitBlt
GetROP2
GetTextMetricsW
GetTextExtentPoint32W
CreateCompatibleBitmap
OffsetWindowOrgEx
GetModuleFileNameW
FindResourceW
HeapAlloc
TlsAlloc
LoadLibraryA
GetLocalTime
GlobalSize
GetConsoleMode
UnhandledExceptionFilter
MultiByteToWideChar
GetProcAddress
InterlockedCompareExchange
lstrcpynW
GetTimeFormatW
FindNextFileW
GetACP
GetStringTypeW
GetLongPathNameW
ResumeThread
OpenEventW
FindClose
VirtualAlloc
LeaveCriticalSection
SetFocus
GetScrollPos
CreateCaret
DrawFrameControl
RemoveMenu
GetSystemMetrics
SetScrollRange
GetWindowRect
InflateRect
CharLowerW
GetDlgItemTextW
PostMessageW
CreateCursor
CreateDialogParamW
ShowScrollBar
EnableMenuItem
ScreenToClient
GetKeyboardState
LoadIconW
RealChildWindowFromPoint
InsertMenuW
CloseClipboard
GetSaveFileNameW
PrintDlgW
GetOpenFileNameW
ChooseColorW
OleDuplicateData
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
CodeSize
2048

UninitializedDataSize
0

InitializedDataSize
105472

ImageVersion
0.0

FileVersionNumber
7.6.0.59

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
AntiVir Command Line Scanner for Windows

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7.6.0.59

TimeStamp
2011:02:02 18:55:02+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
AntiVir/Win32

ProductVersion
7.6.0.59

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2007 Avira GmbH. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Avira GmbH

LegalTrademarks
AntiVir is a registered trademark of Avira GmbH, Germany

FileSubtype
0

ProductVersionNumber
7.6.0.59

EntryPoint
0x1100

ObjectFileType
Dynamic link library

File identification
MD5 903045d37684be45ebc576632eac57c6
SHA1 3ed5f25882b1ff4e33adcfad4fb5af22bdcd8c42
SHA256 fbe0567e1e3b08fbdf899dbd4f70cfbed1320d4e84ed194256d9cc00ba0cd108
ssdeep
3072:HnnAQVG/LytaKItS/fiLKS+f5Aq7i9djV5XDYgESNZ/RSrtckPoU/c4:HOTeHI8HiL7+f5atzYgEO/cr+kX

authentihash 4934c16fbc173ed0e80c5424e9ced9252cd5f938557276e91bf9858e2d1f5b47
imphash 093a51e0b7dcb2466b7edfd78d191aa0
File size 230.0 KB ( 235520 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (46.4%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (15.9%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-12-16 10:00:23 UTC ( 3 years, 4 months ago )
Last submission 2015-12-16 10:00:23 UTC ( 3 years, 4 months ago )
File names Win32
mEdqFxGy.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests
UDP communications