× მზა ფაილები (Cookies) გამორთულია! ეს საიტი მოთხოვს მზა ფაილებს (cookies ) გამართული მუშაობისათვის
SHA256: dc39f1371bbb11f724fb9bb00cbe0a00b83f6cf4dbd6e60ae31bd3d82d383f9a
ფაილის სახელი: gibtest.exe
დაფიქსირების შეფარდება: 17 / 63
ანალიზის თარიღი: 2017-07-14 07:13:21 UTC ( 1 წელი, 10 თვე-ის წინ ) ბოლო
ანტივირუსი შედეგები განახლება
AegisLab Troj.Spy.W32!c 20170714
AhnLab-V3 Trojan/Win32.Crypt.C2035268 20170714
Avast Win32:Malware-gen 20170714
AVG Win32:Malware-gen 20170714
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170710
Cyren W32/Trojan.WOTP-5058 20170714
ESET-NOD32 a variant of Win32/GenKryptik.ANSB 20170714
F-Prot W32/Trojan3.AANG 20170714
Sophos ML heuristic 20170607
Kaspersky Trojan-Spy.Win32.Noon.fj 20170714
McAfee Artemis!14358C6D2582 20170714
McAfee-GW-Edition Artemis 20170714
Palo Alto Networks (Known Signatures) generic.ml 20170714
Qihoo-360 Win32/Trojan.Spy.902 20170714
Rising Malware.Heuristic!ET#83% (rdm+) 20170714
Webroot W32.Adware.Gen 20170714
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.fj 20170714
Ad-Aware 20170714
Alibaba 20170714
ALYac 20170714
Antiy-AVL 20170714
Arcabit 20170714
Avira (no cloud) 20170713
AVware 20170714
Baidu 20170714
BitDefender 20170714
Bkav 20170713
CAT-QuickHeal 20170714
ClamAV 20170714
CMC 20170713
Comodo 20170714
Cylance 20170714
DrWeb 20170714
Emsisoft 20170714
Endgame 20170713
F-Secure 20170714
Fortinet 20170629
GData 20170714
Ikarus 20170713
Jiangmin 20170714
K7AntiVirus 20170714
K7GW 20170714
Kingsoft 20170714
Malwarebytes 20170714
MAX 20170714
Microsoft 20170714
eScan 20170714
NANO-Antivirus 20170714
nProtect 20170714
Panda 20170713
SentinelOne (Static ML) 20170516
Sophos AV 20170714
SUPERAntiSpyware 20170714
Symantec 20170714
Symantec Mobile Insight 20170713
Tencent 20170714
TheHacker 20170712
TrendMicro 20170714
TrendMicro-HouseCall 20170714
Trustlook 20170714
VBA32 20170713
VIPRE 20170714
ViRobot 20170714
WhiteArmor 20170713
Yandex 20170713
Zillya 20170713
Zoner 20170714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2016 NVIDIA Corporation. All rights reserved.

Product NVIDIA GeForce Experience
Internal name NVIDIA GeForce Experience
File version 51.2704.1434.1
Description NVIDIA GeForce Experience
Signature verification The digital signature of the object did not verify.
Signing date 2:44 AM 9/21/2017
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-04 18:27:14
Entry Point 0x00032B6A
Number of sections 6
PE sections
Overlays
MD5 8a053f43848dd81eb1b4ab6bf5521fe7
File type data
Offset 637952
Size 14784
Entropy 7.40
PE imports
SystemFunction036
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
HeapReAlloc
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
HeapSize
GetCurrentProcessId
WriteConsoleW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
VirtualProtect
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
RaiseException
WideCharToMultiByte
TlsFree
FindNextFileW
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
GetACP
FindFirstFileExW
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
GetModuleHandleExW
IsValidCodePage
CreateFileW
FindClose
TlsGetValue
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
SetLastError
LeaveCriticalSection
_i64toa_s
_gmtime32
_i64tow_s
Ord(464)
Ord(711)
Ord(712)
Ord(719)
_getws
_heapwalk
Ord(460)
Ord(710)
Ord(722)
Ord(469)
Ord(454)
Ord(455)
_global_unwind2
Ord(467)
Ord(453)
_heapchk
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL DEFAULT 5
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
390144

ImageVersion
0.0

ProductName
NVIDIA GeForce Experience

FileVersionNumber
51.2704.1434.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
NVIDIA GeForce Experience

CharacterSet
Windows, Latin1

LinkerVersion
14.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
51.2704.1434.1

TimeStamp
2017:07:04 19:27:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NVIDIA GeForce Experience

ProductVersion
51.2704.1434.1

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Unknown (0)

LegalCopyright
(C) 2016 NVIDIA Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
NVIDIA Corporation

CodeSize
245760

FileSubtype
0

ProductVersionNumber
51.2704.1434.1

EntryPoint
0x32b6a

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 14358c6d25828cb7f09d86675060fe91
SHA1 d831deccb7850a3bf6d61090838c8e31497bfd12
SHA256 dc39f1371bbb11f724fb9bb00cbe0a00b83f6cf4dbd6e60ae31bd3d82d383f9a
ssdeep
3072:F7Yfs9krkHG1by/iX3padtF9c0TYwU+CRb7tCcZCir/cKhSyy6nJWwkSCuDfDuxc:NCsAJFX3wTF9aVRH3Zx/cKhSyrnMM

authentihash 60004fcf830afd0f3c0efffe3c7bd445aa8138f6b645c6e856ea7cc8ea7a2914
imphash 58bbcbfbe63ad4c3b69f00f3179b04f1
File size 637.4 კბ ( 652736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-07-14 02:37:19 UTC ( 1 წელი, 10 თვე-ის წინ )
Last submission 2017-08-02 09:36:07 UTC ( 1 წელი, 9 თვე-ის წინ )
ფაილის სახელები NVIDIA GeForce Experience
gibtest.exe
gibtest.exe
კომენტარები არაა. ვირუსტოტალის წევრებს არ დაუტოვებიათ კომენტარი, იყავი პირველი!

დატოვე კომენტარი...

?
გამოაქვეყნე კომენტარი

თქვენ არ შესულხართ სისტემაში მხოლოდ დარეგისტრირებულ წევრებს შეუძლიათ კომენტარის დატოვება. დარეგისტრირდით რათა გქონდეთ თქვენი ხმა,

შეფასებები არ არის. ეს ფაილი არავის შეუფასებია, იყავი პირველი!