× I cookies sono disabilitati! Questo sito richiede i cookies abilitati per funzionare correttamente
VirusTotal
SHA256: 5e90d85043a707be0d38f657d703d09c90b63dd944b742820085220203873e5a
Nome del file: gene_pcim_v1.02_win64__fma.exe
Rapporto rilevamento: 0 / 67
Data analisi: 2017-11-02 15:16:53 UTC ( 1 anno, 3 mesi fa ) Leggli gli ultimi
Antivirus Risultato Aggiornamento
Ad-Aware 20171102
AegisLab 20171102
AhnLab-V3 20171102
Alibaba 20170911
ALYac 20171102
Antiy-AVL 20171102
Arcabit 20171102
Avast 20171102
Avast-Mobile 20171102
AVG 20171102
Avira (no cloud) 20171102
AVware 20171102
Baidu 20171101
BitDefender 20171102
Bkav 20171102
CAT-QuickHeal 20171102
ClamAV 20171102
CMC 20171102
Comodo 20171102
CrowdStrike Falcon (ML) 20171016
Cybereason 20171030
Cylance 20171102
Cyren 20171102
DrWeb 20171102
eGambit 20171102
Emsisoft 20171102
Endgame 20171024
ESET-NOD32 20171102
F-Prot 20171102
F-Secure 20171102
Fortinet 20171102
GData 20171102
Ikarus 20171102
Sophos ML 20170914
Jiangmin 20171102
K7AntiVirus 20171102
K7GW 20171102
Kaspersky 20171102
Kingsoft 20171102
Malwarebytes 20171102
MAX 20171102
McAfee 20171031
McAfee-GW-Edition 20171102
Microsoft 20171102
eScan 20171102
NANO-Antivirus 20171102
nProtect 20171102
Palo Alto Networks (Known Signatures) 20171102
Panda 20171102
Qihoo-360 20171102
Rising 20171102
SentinelOne (Static ML) 20171019
Sophos AV 20171102
SUPERAntiSpyware 20171102
Symantec 20171102
Symantec Mobile Insight 20171101
Tencent 20171102
TheHacker 20171031
TrendMicro 20171102
TrendMicro-HouseCall 20171102
Trustlook 20171102
VBA32 20171102
VIPRE 20171102
ViRobot 20171102
Webroot 20171102
WhiteArmor 20171024
Yandex 20171101
Zillya 20171102
ZoneAlarm by Check Point 20171102
Zoner 20171102
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2017-03-14 22:06:46
Entry Point 0x00001510
Number of sections 18
PE sections
Overlays
MD5 8221caeccc7e413ae87d818bc8f03070
File type data
Offset 10126336
Size 2028454
Entropy 5.04
PE imports
[+] ADVAPI32.dll
SetSecurityDescriptorDacl
RegCloseKey
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetEntriesInAclA
RegOpenKeyExA
[+] KERNEL32.dll
ReleaseMutex
WaitForSingleObject
Thread32Next
DebugBreak
GetHandleInformation
GetExitCodeProcess
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
ExpandEnvironmentStringsA
OpenFileMappingA
GetThreadContext
IsDBCSLeadByteEx
WideCharToMultiByte
GetSystemTimeAsFileTime
GetThreadTimes
Thread32First
ResumeThread
FreeLibrary
LocalFree
FormatMessageW
GetThreadPriority
InitializeCriticalSection
FindClose
TlsGetValue
OutputDebugStringA
SetLastError
OpenThread
GetEnvironmentVariableA
RtlAddFunctionTable
TryEnterCriticalSection
AddVectoredExceptionHandler
CopyFileA
HeapAlloc
GetModuleFileNameA
SetThreadPriority
RtlVirtualUnwind
UnhandledExceptionFilter
MultiByteToWideChar
SetFilePointerEx
SetProcessAffinityMask
CreateMutexA
CreateSemaphoreA
CreateThread
SetUnhandledExceptionFilter
MoveFileExA
SetThreadContext
GetDiskFreeSpaceExA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
SetCurrentDirectoryA
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
GetStartupInfoA
OpenProcess
CreateDirectoryA
DeleteFileA
GetProcAddress
GetProcessHeap
FindFirstFileA
RtlLookupFunctionEntry
ResetEvent
GetTempFileNameA
CreateFileMappingA
FindNextFileA
TerminateProcess
DuplicateHandle
WaitForMultipleObjects
RtlUnwindEx
GetProcessAffinityMask
CreateEventA
IsDebuggerPresent
TlsSetValue
CreateFileA
RemoveVectoredExceptionHandler
LeaveCriticalSection
GetLastError
GetProcessTimes
RemoveDirectoryA
GetCurrentProcessId
GetCurrentDirectoryA
GetCurrentThread
SuspendThread
RaiseException
ReleaseSemaphore
MapViewOfFile
GetModuleHandleA
RtlCaptureContext
CloseHandle
GetModuleHandleW
CreateProcessA
UnmapViewOfFile
Sleep
[+] SHELL32.dll
SHGetFolderPathA
[+] USER32.dll
GetWindowTextA
GetWindowThreadProcessId
GetClassNameA
GetForegroundWindow
[+] msvcrt.dll
__lconv_init
wcsftime
___lc_codepage_func
_strdate
_time64
strtoul
fflush
isxdigit
_fmode
strtol
fputc
strtok
strtod
fwrite
fputs
_fstat64
strcat
_setjmp
_close
iswctype
wcscoll
fclose
_aligned_free
__dllonexit
_write
strcoll
memcpy
strstr
_fsopen
memmove
signal
freopen
strcmp
memchr
strncmp
_ultoa
fgetc
memset
_msize
_setmode
fgets
__pioinfo
strchr
clock
fgetpos
fsetpos
ftell
_beginthreadex
exit
sprintf
asctime
strrchr
_acmdln
ferror
free
ungetc
_aligned_malloc
__getmainargs
ungetwc
_lseeki64
_read
fseek
wcsxfrm
strcpy
__mb_cur_max
islower
_initterm
isupper
strftime
rand
setlocale
realloc
_getcwd
strxfrm
__doserrno
printf
fopen
strncpy
_cexit
__C_specific_handler
isalnum
_open
_onexit
wcslen
_snprintf
putc
memcmp
__setusermatherr
srand
_fdopen
getenv
atoi
vfprintf
atol
atof
localeconv
strerror
isspace
abort
_localtime64
_strnicmp
putwc
malloc
fread
_finite
_strtime
fprintf
getwc
towupper
feof
_endthreadex
_amsg_exit
_errno
strlen
_lock
__initenv
_strdup
towlower
_fileno
strncat
longjmp
tolower
_unlock
calloc
setbuf
_chsize
__iob_func
iscntrl
_filelengthi64
_stat64
getc
setvbuf
__set_app_type
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2017:03:14 23:06:46+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
1025024

LinkerVersion
2.25

EntryPoint
0x1510

InitializedDataSize
1286656

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
124928

File identification
MD5 5c404de76b1d062164eb0262b7b7c401
SHA1 a695cfe4c23cb81d4b7bc03edfd6fca34879b751
SHA256 5e90d85043a707be0d38f657d703d09c90b63dd944b742820085220203873e5a
ssdeep
196608:jjJPdWJr6V0t8ccyR23SMwh5DDIL7h5a77agW:/JPdWe0s3Te5W

authentihash c34f0b247e9037ca16110238354d4c72c61bd86c3973741ab443e7bea0aec3f4
imphash 4c1d471a5b586e7e975cf4afc6e0c2c4
File size 11.6 MB ( 12154790 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (87.2%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
VXD Driver (0.0%)
Tags
64bits peexe assembly overlay

VirusTotal metadata
First submission 2017-11-02 15:16:53 UTC ( 1 anno, 3 mesi fa )
Last submission 2017-11-02 16:01:10 UTC ( 1 anno, 3 mesi fa )
Nomi dei files gene_pcim_v1.02_win64__fma.exe
Nessun commento. Nessun membro della Comunità di VirusTotal ha commentato questo item, sii il primo a farlo!
Altri commenti

Lascia il tuo commento...

?
Posta commento

Non ti sei ancora collegato. Solo gli utenti registrati possono commentare, collegati ed esprimi il tuo giudizio!

Collegati Entra nella community
Nessun voto. Nessuno ha ancora votato questo item, sii il primo a farlo!
Più voti
Blog | Twitter | Contact us | Termini di Servizio | Politica sulla privacy