× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fd1814a678938038e3a8b6f40ddd61d6d0489e225d327d0f9c3ab246cccdf9a7
File name: 20151207_malicious.mal
Detection ratio: 1 / 55
Analysis date: 2015-12-07 12:56:50 UTC ( 3 years ago ) View latest
Antivirus Result Update
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20151207
Ad-Aware 20151207
AegisLab 20151207
Yandex 20151206
AhnLab-V3 20151206
Alibaba 20151207
ALYac 20151207
Antiy-AVL 20151207
Arcabit 20151207
Avast 20151207
AVG 20151207
Avira (no cloud) 20151207
AVware 20151207
Baidu-International 20151207
BitDefender 20151207
Bkav 20151205
ByteHero 20151207
CAT-QuickHeal 20151207
ClamAV 20151204
CMC 20151201
Comodo 20151202
Cyren 20151207
DrWeb 20151207
Emsisoft 20151207
ESET-NOD32 20151207
F-Prot 20151207
F-Secure 20151207
Fortinet 20151204
GData 20151207
Ikarus 20151207
Jiangmin 20151206
K7AntiVirus 20151202
K7GW 20151202
Kaspersky 20151207
Malwarebytes 20151207
McAfee 20151207
McAfee-GW-Edition 20151207
Microsoft 20151207
eScan 20151207
NANO-Antivirus 20151207
nProtect 20151207
Panda 20151207
Rising 20151205
Sophos AV 20151207
SUPERAntiSpyware 20151207
Symantec 20151206
Tencent 20151207
TheHacker 20151205
TrendMicro 20151207
TrendMicro-HouseCall 20151207
VBA32 20151204
VIPRE 20151207
ViRobot 20151207
Zillya 20151207
Zoner 20151207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1987-1998 Microsoft Corp.

Product MSMask
Internal name MSMask
File version 6.00.8418
Description MSMask
Comments February 22, 1999
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-07 13:12:19
Entry Point 0x0000105A
Number of sections 6
PE sections
PE imports
OpenCluster
WriteProfileSectionA
FormatMessageW
GetGeoInfoA
lstrcatA
RegisterWaitForSingleObjectEx
GetCalendarInfoW
GetDiskFreeSpaceExW
WriteProfileSectionW
FatalAppExitA
SwitchToFiber
TlsSetValue
SetProcessAffinityMask
GetProcAddress
SetConsoleOutputCP
GetModuleHandleW
GetLocalTime
VarUI2FromI4
MessageBoxA
cos
wcstoul
swscanf
isalpha
wcstol
fwprintf
Number of PE resources by type
RT_STRING 16
RT_DIALOG 2
RT_ICON 1
TYPELIB 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 23
PE resources
Debug information
ExifTool file metadata
CodeSize
61440

SubsystemVersion
4.0

Comments
February 22, 1999

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.0.84.18

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
MSMask

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
139264

EntryPoint
0x105a

MIMEType
application/octet-stream

LegalCopyright
Copyright 1987-1998 Microsoft Corp.

FileVersion
6.00.8418

TimeStamp
2015:12:07 14:12:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSMask

ProductVersion
6.00.8418

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation. Windows(tm) is a trademark of Microsoft Corporation.

ProductName
MSMask

ProductVersionNumber
6.0.84.18

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 9b203d747a992990c75d610ae53adc6b
SHA1 ec4055e9613e0914e08c87afdeea6fad2bb52dac
SHA256 fd1814a678938038e3a8b6f40ddd61d6d0489e225d327d0f9c3ab246cccdf9a7
ssdeep
3072:4AYMqhqHqM76GruNolBCW0sy7AsuTOAh03c6CmVXdTavr3M0AhO/UmL/:JNqYHqQ6GkNS8c6CmVNTK45

authentihash 887ef435d5f805765304ad423a3365b5f026b197765490d389336df1f05e5a0d
imphash 4d322ba477fc73eddcc50224b6e15544
File size 196.0 KB ( 200704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-07 12:51:30 UTC ( 3 years ago )
Last submission 2018-04-25 04:41:10 UTC ( 7 months, 4 weeks ago )
File names MSMask
exe
fd1814a678938038e3a8b6f40ddd61d6d0489e225d327d0f9c3ab246cccdf9a7.exe
20151207_malicious.mal
paaeme1.exe
VirusShare_9b203d747a992990c75d610ae53adc6b
paaeme1.exe
43wedf.exe.1
43wedf.exe
43wedf(2).exe
43wedf.bad
9b203d747a992990c75d610ae53adc6b.exe
VirusShare_9b203d747a992990c75d610ae53adc6b
43wedf.exe
paaeme1.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections