| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | tmp5177.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 3ae44b5c2556acb6a5180a37af4870bb0d4048b1 |
| MD5: | ce8f66ec5a5cb4b16fb1b7d64125aab7 |
| First Seen Date: | 2017-05-10 00:01:17.902508 ( ) |
| Number of Clients Seen: | 4 |
| Last Analysis Date: | 2017-05-10 00:01:17.902508 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| number of sections | 8 |
| compilation time stamp | 0x58E389D2 [Tue Apr 4 11:56:02 2017 UTC] |
| InternalName | inyokern |
| FileVersion | 8.7.1.2 |
| Comments | Modified by an unpaid evaluation copy of Resource Tuner 2 (www.heaventools.com) |
| ProductName | gyires odobenus |
| ProductVersion | 4.2.0.9 |
| OriginalFilename | inyokern.exe |
| Translation | 0x0409 0x04b0 |
| entry point | 0x87a000 (.taggant) |
| machine type | Intel 386 or later - 32Bit |
| file size | 2170992 |
| sha256 | eba99e3b2e8d87533c08539c73646c775bb274343b122d9d935e4342c5d65bd6 |
| mime type | application/x-dosexec |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| - | |||||
| .rsrc | 0x31000 | 0x308 | 0x1000 | 1.204920 | - |
| .idata | 0x32000 | 0x1000 | 0x1000 | ||
| - | |||||
| zmumlchx | 0x28e000 | 0x1ea000 | 0x1ea000 | 7.914689[SUSPICIOUS] | - |
| aanxsdrv | 0x478000 | 0x1000 | 0x1000 | 0.809475[SUSPICIOUS] | - |
| .dataUn | 0x479000 | 0x1000 | 0x0 | 0.000000[SUSPICIOUS] | - |
| .taggant | 0x47a000 | 0x3000 | 0x3000 | 5.125958 | - |
-
KERNEL32
- GetProcessHeap
- GetVersionExA
- HeapAlloc
- GetModuleHandleA
- LoadLibraryA
- VirtualAlloc
- VirtualFree
- GetCurrentThreadId
- GetCommandLineA
- HeapFree
- FreeLibrary
-
USER32
- MessageBoxA
-
IMM32
- ImmSetCompositionWindow
-
COMCTL32
- ImageList_EndDrag
RT_VERSION