× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 89f42631e9c7b91a5313246eeb39522b4bc9550919fe5e070a66e35f1b84c460
File name: FGP.EXE
Detection ratio: 39 / 56
Analysis date: 2016-11-06 19:48:27 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Packed.58692 20161106
AegisLab Packer.W32.Tibs.l4Hz 20161106
AhnLab-V3 Trojan/Win32.Xema.N316783721 20161106
ALYac Trojan.Packed.58692 20161106
Arcabit Trojan.Packed.DE544 20161106
Avast Win32:Malware-gen 20161106
AVG PSW.Generic8.BOUD 20161106
Avira (no cloud) TR/Renaz.5237 20161106
AVware Trojan.Win32.Generic!BT 20161106
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161104
BitDefender Trojan.Packed.58692 20161106
CAT-QuickHeal (Suspicious) - DNAScan 20161105
ClamAV Win.Trojan.Agent-852609 20161106
CMC Packed.Win32.TDSS!O 20161106
Comodo UnclassifiedMalware 20161106
CrowdStrike Falcon (ML) malicious_confidence_71% (D) 20161024
Cyren W32/Heuristic-162!Eldorado 20161106
Emsisoft Trojan.Packed.58692 (B) 20161106
F-Prot W32/Heuristic-162!Eldorado 20161106
F-Secure Trojan.Packed.58692 20161106
Fortinet PossibleThreat 20161106
GData Trojan.Packed.58692 20161106
Ikarus Trojan-Downloader.Win32.Small 20161106
Sophos ML generic.a 20161018
K7AntiVirus Trojan ( 0036e6f71 ) 20161106
K7GW Trojan ( 0036e6f71 ) 20161106
Kaspersky UDS:DangerousObject.Multi.Generic 20161106
McAfee RDN/PWS-Mmorpg!na 20161106
McAfee-GW-Edition RDN/PWS-Mmorpg!na 20161106
eScan Trojan.Packed.58692 20161106
NANO-Antivirus Trojan.Win32.Renaz.bdcajf 20161106
Panda Generic Malware 20161106
Qihoo-360 Win32/Trojan.03f 20161106
Sophos AV Mal/Behav-066 20161106
Tencent Win32.Trojan.Renaz.Agbk 20161106
TrendMicro-HouseCall PAK_Generic.002 20161106
VIPRE Trojan.Win32.Generic!BT 20161106
Yandex Packed/FSG 20161105
Zillya Trojan.Agent.Win32.160044 20161105
Alibaba 20161104
Antiy-AVL 20161106
Bkav 20161105
DrWeb 20161106
ESET-NOD32 20161106
Jiangmin 20161106
Kingsoft 20161106
Malwarebytes 20161106
Microsoft 20161106
nProtect 20161106
Rising 20161106
SUPERAntiSpyware 20161106
Symantec 20161106
TheHacker 20161106
TrendMicro 20161106
VBA32 20161105
ViRobot 20161106
Zoner 20161106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT FSG
PEiD FSG v2.0 -> bart/xt
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1987-10-09 23:38:12
Entry Point 0x00000154
Number of sections 2
PE sections
PE imports
LoadLibraryA
GetProcAddress
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1987:10:10 00:38:12+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1024

LinkerVersion
0.0

EntryPoint
0x0154

InitializedDataSize
6144

SubsystemVersion
4.0

ImageVersion
4.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 781c50c9a52b4eaad0ff61ffa1fd7538
SHA1 f653e362743e7ef64a46e3a01f2bebe8d09b58dc
SHA256 89f42631e9c7b91a5313246eeb39522b4bc9550919fe5e070a66e35f1b84c460
ssdeep
96:YRbySLOtJyg4DCxheN0bIb6jXKL6gAgK87K:ybyFKDaUabhh8m

authentihash 836ff9673520c67a321d41bceae40e8cbc63bb379ceb23a04896601eecd1501b
imphash 87bed5a7cba00c7e1f4015f1bdae2183
File size 5.1 KB ( 5237 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe fsg

VirusTotal metadata
First submission 2009-01-25 11:52:21 UTC ( 8 years, 10 months ago )
Last submission 2016-11-10 15:45:03 UTC ( 1 year ago )
File names 781c50c9a52b4eaad0ff61ffa1fd7538
FGP.EXE
file-2631414_EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Runtime DLLs
UDP communications