× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fdb9cece2d82591b6c2c8b48c5072155d49ff893c63c3f78eebc82fc4da810b5
File name: WhatchaDoing.exe
Detection ratio: 0 / 47
Analysis date: 2013-05-18 06:34:37 UTC ( 11 months ago )
Antivirus Result Update
AVG 20130518
Agnitum 20130517
AhnLab-V3 20130517
AntiVir 20130518
Antiy-AVL 20130517
Avast 20130518
BitDefender 20130518
ByteHero 20130517
CAT-QuickHeal 20130518
ClamAV 20130518
Commtouch 20130518
Comodo 20130518
DrWeb 20130518
ESET-NOD32 20130517
Emsisoft 20130518
F-Prot 20130518
F-Secure 20130518
Fortinet 20130518
GData 20130518
Ikarus 20130518
Jiangmin 20130518
K7AntiVirus 20130517
K7GW 20130517
Kaspersky 20130518
Kingsoft 20130506
Malwarebytes 20130517
McAfee 20130518
McAfee-GW-Edition 20130518
MicroWorld-eScan 20130518
Microsoft 20130518
NANO-Antivirus 20130518
Norman 20130517
PCTools 20130518
Panda 20130517
Rising 20130517
SUPERAntiSpyware 20130518
Sophos 20130518
Symantec 20130518
TheHacker 20130516
TotalDefense 20130517
TrendMicro 20130518
TrendMicro-HouseCall 20130518
VBA32 20130517
VIPRE 20130518
ViRobot 20130518
eSafe 20130516
nProtect 20130517
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-01 20:27:44
Link date 9:27 PM 5/1/2013
Entry Point 0x00001725
Number of sections 5
PE sections
PE imports
GetUserDefaultUILanguage
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
LoadLibraryA
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
SetStdHandle
InitializeCriticalSection
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
VirtualFree
TlsGetValue
Sleep
GetFileType
GetFullPathNameW
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
WriteConsoleW
InterlockedIncrement
CommandLineToArgvW
StrCmpW
PathRemoveFileSpecW
PathAppendW
MessageBoxExW
Ord(90)
Number of PE resources by type
RT_ICON 4
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:05:01 21:27:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32256

LinkerVersion
9.0

FileAccessDate
2013:05:18 07:34:51+01:00

EntryPoint
0x1725

InitializedDataSize
109056

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

FileCreateDate
2013:05:18 07:34:51+01:00

UninitializedDataSize
0

File identification
MD5 755e86853acecc18b70ff26c69ae87e3
SHA1 1a54969b743dcf648c76258460ac33a1263d4ce7
SHA256 fdb9cece2d82591b6c2c8b48c5072155d49ff893c63c3f78eebc82fc4da810b5
ssdeep
768:nVNlGTW4T76yYZMPWzTnIPpyUoX+JgNDs/DW61B/k95ne4++++++ZLIIIK+++++h:VuhuIP8bX74xy5nTIIIUoWTKB

File size 139.0 KB ( 142336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (13.4%)
Generic Win/DOS Executable (4.1%)
DOS Executable Generic (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-05-18 06:34:37 UTC ( 11 months ago )
Last submission 2013-05-18 06:34:37 UTC ( 11 months ago )
File names WhatchaDoing.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!