× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4ee80172598ec7826ad82d4a94c2816b079f9d0557b12d2702eed1365306ebec
File name: Solheim & Sørensen AS
Detection ratio: 50 / 64
Analysis date: 2017-07-08 10:18:05 UTC ( 1 year, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4952570 20170708
AegisLab Troj.W32.Generic!c 20170708
AhnLab-V3 Trojan/Win32.MoleCrypto.C1929047 20170707
ALYac Trojan.GenericKD.4952570 20170708
Antiy-AVL Trojan[Ransom]/Win32.Fury 20170708
Arcabit Trojan.Generic.D4B91FA 20170708
Avast Win32:Rootkit-gen [Rtk] 20170708
AVG Win32:Rootkit-gen [Rtk] 20170708
Avira (no cloud) TR/Agent.klmzc 20170708
AVware Trojan.Win32.Generic!BT 20170708
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9948 20170707
BitDefender Trojan.GenericKD.4952570 20170708
CAT-QuickHeal Trojanransom.Fury 20170708
Comodo UnclassifiedMalware 20170708
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
Cyren W32/Kryptik.B.gen!Eldorado 20170708
DrWeb Trojan.Encoder.11008 20170708
Emsisoft Trojan.GenericKD.4952570 (B) 20170708
Endgame malicious (high confidence) 20170706
ESET-NOD32 a variant of Win32/GenKryptik.ADVQ 20170708
F-Prot W32/Kryptik.B.gen!Eldorado 20170708
F-Secure Trojan.GenericKD.4952570 20170708
Fortinet W32/Generic.ADVQ!tr 20170629
GData Trojan.GenericKD.4952570 20170708
Ikarus Trojan.Win32.Krypt 20170708
Jiangmin Trojan.Generic.axbdd 20170708
K7AntiVirus Trojan ( 0050c77a1 ) 20170707
K7GW Trojan ( 0050c77a1 ) 20170708
Kaspersky HEUR:Trojan.Win32.Generic 20170708
Malwarebytes Ransom.Mole 20170708
MAX malware (ai score=88) 20170708
McAfee GenericRXBK-RO!24AF25652AFF 20170708
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20170707
Microsoft TrojanSpy:MSIL/Omaneat.B 20170708
eScan Trojan.GenericKD.4952570 20170708
NANO-Antivirus Trojan.Win32.Fury.eocwue 20170708
Palo Alto Networks (Known Signatures) generic.ml 20170708
Panda Trj/CI.A 20170708
Rising Malware.Generic.5!tfe (cloud:2BEzbHE2zHJ) 20170708
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Mal/Generic-S 20170708
Symantec Ransom.Troldesh 20170707
Tencent Win32.Trojan.Raas.Auto 20170708
TrendMicro Ransom_CRYPAURA.SM1 20170708
TrendMicro-HouseCall Ransom_CRYPAURA.SM1 20170708
VBA32 suspected of Trojan.Downloader.gen.h 20170707
VIPRE Trojan.Win32.Generic!BT 20170708
Webroot W32.Trojan.Gen 20170708
Yandex Trojan.Fury! 20170707
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170708
Alibaba 20170708
Bkav 20170706
ClamAV 20170708
CMC 20170707
Cylance 20170708
Sophos ML 20170607
Kingsoft 20170708
nProtect 20170708
Qihoo-360 20170708
SUPERAntiSpyware 20170708
Symantec Mobile Insight 20170707
TheHacker 20170707
TotalDefense 20170708
Trustlook 20170708
ViRobot 20170708
WhiteArmor 20170706
Zillya 20170707
Zoner 20170708
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Solheim & Sørensen AS Soft Copyright (C) 2011

Original name monsenda.exe
Internal name Solheim & Sørensen AS
File version 6.3.8.2
Description Solheim & Sørensen AS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-28 10:54:17
Entry Point 0x00001BFB
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
CloseServiceHandle
LookupPrivilegeValueA
RegOpenKeyA
OpenProcessToken
OpenServiceA
AdjustTokenPrivileges
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
RegCreateKeyA
OpenSCManagerA
IsTextUnicode
RegQueryValueExW
CheckTokenMembership
PrintDlgExW
FindTextA
GetOpenFileNameW
GetFileTitleW
ChooseFontW
GetSaveFileNameW
ChooseColorA
FindTextW
EndPage
TextOutW
CreateFontIndirectW
GetTextExtentPoint32W
GetTextExtentPoint32A
SetViewportExtEx
DeleteObject
SetMapMode
GetStdHandle
FileTimeToSystemTime
EncodePointer
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
FormatMessageW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
GetProfileIntW
ResumeThread
LoadResource
GlobalCompact
InterlockedDecrement
SetLastError
TlsGetValue
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
LoadLibraryA
QueryPerformanceFrequency
EnumSystemLocalesA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
CreateMutexA
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemDirectoryA
DecodePointer
TerminateProcess
GetModuleHandleExW
GlobalAlloc
SetEndOfFile
GetVersion
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
DisableThreadLibraryCalls
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GlobalSize
GetStartupInfoA
GetFileSize
GetDateFormatW
GetStartupInfoW
VirtualAllocEx
GlobalLock
GetProcessHeap
lstrcpyW
GlobalReAlloc
GetFileInformationByHandle
FindFirstFileA
GetCurrentThreadId
ResetEvent
GetComputerNameA
GlobalMemoryStatus
GetProcAddress
LocalSize
CreateFileW
CreateEventA
GetFileType
TlsSetValue
HeapAlloc
InterlockedIncrement
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetConsoleCP
GetEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
OpenMutexA
lstrcpynW
RaiseException
TlsFree
GetModuleHandleA
WriteFileEx
CloseHandle
GetACP
GetCommConfig
GetModuleHandleW
IsValidCodePage
UnmapViewOfFile
Sleep
FindResourceA
VirtualAlloc
ShellExecuteExA
ShellExecuteA
ShellAboutW
MapWindowPoints
GetMessageA
GetForegroundWindow
GetParent
DrawTextA
AttachThreadInput
SetMenuItemBitmaps
BeginPaint
SetFocus
DefWindowProcA
SetWinEventHook
CheckMenuRadioItem
LoadBitmapA
SetWindowPos
GetWindowThreadProcessId
GetMenuState
GetSystemMetrics
IsIconic
IsWindow
PeekMessageW
GetWindowRect
DispatchMessageA
EndPaint
SetCapture
CallWindowProcA
DialogBoxParamW
SetDlgItemInt
MessageBoxA
ChildWindowFromPoint
DialogBoxParamA
GetWindow
PostMessageW
GetSysColor
SetActiveWindow
GetDC
SendDlgItemMessageA
GetCursorPos
ReleaseDC
GetMenu
LoadStringA
SetClipboardData
EmptyClipboard
DestroyWindow
GetClientRect
CreateWindowExA
GetDlgItem
GetMenuCheckMarkDimensions
GetDlgItemTextW
SetScrollPos
RegisterClassA
DeleteMenu
TrackPopupMenuEx
LoadAcceleratorsA
GetSubMenu
CharNextW
LoadImageW
LoadIconA
IsDialogMessageW
GetMenuItemCount
IsDlgButtonChecked
CheckDlgButton
GetSysColorBrush
LoadCursorW
CreateWindowExW
GetWindowTextA
InvalidateRgn
TranslateAcceleratorW
IsChild
DialogBoxIndirectParamA
SetCursor
PrinterMessageBoxW
GetPrinterDataA
OpenPrinterW
Number of PE resources by type
RT_STRING 35
RT_ACCELERATOR 5
RT_DIALOG 3
RT_RCDATA 3
Struct(28) 1
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_MENU 1
RT_CURSOR 1
FYIOSDA327894JKFSDHIOJFKSDOIKL 1
RT_VERSION 1
Number of PE resources by language
FRENCH CANADIAN 43
ENGLISH US 9
HUNGARIAN DEFAULT 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
11.0

ImageVersion
0.0

FileVersionNumber
6.3.8.2

UninitializedDataSize
0

LanguageCode
Icelandic

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
135168

EntryPoint
0x1bfb

OriginalFileName
monsenda.exe

MIMEType
application/octet-stream

LegalCopyright
Solheim & S rensen AS Soft Copyright (C) 2011

FileVersion
6.3.8.2

TimeStamp
2017:04:28 11:54:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Solheim & S rensen AS

ProductVersion
6.3.8.2

FileDescription
Solheim & S rensen AS

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Solheim & S rensen ASSoft

CodeSize
28160

FileSubtype
0

ProductVersionNumber
6.3.8.2

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 24af25652affd46ef7441d1fa62c61dc
SHA1 dcae591a08851d2852fba43114221e11cfbc6897
SHA256 4ee80172598ec7826ad82d4a94c2816b079f9d0557b12d2702eed1365306ebec
ssdeep
3072:38x/E+pXRXpGZ+9QQOQOQOQuQOQOQOQx5tEKNKxmb/TXQOQOQOQJSn:38W+pXKbQOQOQOQuQOQOQOQxTGxkXQOh

authentihash d4ea482a51528cca528be8b84ac3d5b196b41ef3874abca6f2ab47fe79f259a4
imphash 4c8da57c939338ad973ffb4bf0766a28
File size 153.0 KB ( 156672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-28 13:51:16 UTC ( 1 year, 9 months ago )
Last submission 2017-04-28 13:51:16 UTC ( 1 year, 9 months ago )
File names Solheim & Sørensen AS
monsenda.exe
2017-04-28_13-36-45.bin.exe.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
TCP connections
UDP communications