× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 012971f0765a2b8a18f59f3e8a687ddfb69adf35fc1c1c7c2812abc6a4c3dabd
File name: a1.exe
Detection ratio: 8 / 62
Analysis date: 2017-03-31 15:17:55 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9945 20170330
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (high confidence) pe1 20170330
Sophos ML trojandownloader.win32.beebone.iw 20170203
Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20170331
SentinelOne (Static ML) static engine - malicious 20170330
Symantec ML.Attribute.HighConfidence 20170331
Webroot Malicious 20170331
Ad-Aware 20170330
AegisLab 20170330
AhnLab-V3 20170330
Alibaba 20170331
ALYac 20170330
Antiy-AVL 20170330
Arcabit 20170330
Avast 20170330
AVG 20170330
Avira (no cloud) 20170330
AVware 20170330
BitDefender 20170331
Bkav 20170330
CAT-QuickHeal 20170331
ClamAV 20170331
CMC 20170331
Comodo 20170331
Cyren 20170331
DrWeb 20170331
Emsisoft 20170331
ESET-NOD32 20170331
F-Prot 20170331
F-Secure 20170331
Fortinet 20170331
GData 20170331
Ikarus 20170331
Jiangmin 20170331
K7AntiVirus 20170331
K7GW 20170331
Kaspersky 20170331
Kingsoft 20170331
Malwarebytes 20170331
McAfee 20170331
McAfee-GW-Edition 20170331
Microsoft 20170331
eScan 20170331
NANO-Antivirus 20170331
nProtect 20170331
Palo Alto Networks (Known Signatures) 20170331
Panda 20170330
Rising None
Sophos AV 20170331
SUPERAntiSpyware 20170330
Symantec Mobile Insight 20170331
Tencent 20170331
TheHacker 20170330
TotalDefense 20170331
TrendMicro 20170331
TrendMicro-HouseCall 20170331
Trustlook 20170331
VBA32 20170331
VIPRE 20170331
ViRobot 20170331
WhiteArmor 20170327
Yandex 20170327
Zillya 20170331
ZoneAlarm by Check Point 20170331
Zoner 20170331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Slankningen1
Original name Berigelsens4.exe
Internal name Berigelsens4
File version 3.07.0007
Comments Sprjtenarkomanen4
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-31 11:14:41
Entry Point 0x000011A4
Number of sections 3
PE sections
Overlays
MD5 0e0e37ed2c14f2aa057a30eb1823e753
File type data
Offset 548864
Size 2729
Entropy 2.72
PE imports
_adj_fdiv_m32
__vbaChkstk
_CIcos
EVENT_SINK_QueryInterface
_allmul
_adj_fdivr_m64
_adj_fprem
_adj_fpatan
EVENT_SINK_AddRef
__vbaCyI4
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
__vbaCyMul
_adj_fdiv_r
Ord(100)
__vbaAryConstruct2
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
EVENT_SINK_Release
_adj_fptan
Ord(685)
__vbaObjSet
_CIatan
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
_adj_fprem1
_adj_fdivr_m32
_CItan
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Sprjtenarkomanen4

InitializedDataSize
24576

ImageVersion
3.7

FileSubtype
0

FileVersionNumber
3.7.0.7

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x11a4

OriginalFileName
Berigelsens4.exe

MIMEType
application/octet-stream

FileVersion
3.07.0007

TimeStamp
2017:03:31 12:14:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Berigelsens4

ProductVersion
3.07.0007

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sitpay

CodeSize
524288

ProductName
Slankningen1

ProductVersionNumber
3.7.0.7

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 21267953d892b4985e784cae23104dc7
SHA1 0d128bed017e30917eed9096a7b77fee14a228cf
SHA256 012971f0765a2b8a18f59f3e8a687ddfb69adf35fc1c1c7c2812abc6a4c3dabd
ssdeep
6144:bUVMordTPpRA3CneNd+tIBgJfI4Q7tGyxOS2N/bE6b6Jcj6Jq:by7rtPIkeNuIBglS2N/o6

authentihash b507fef9bcc32e1ea6b47fcb2f989871ca786d0b00df17a3b44d14a54c60e1ca
imphash 1224110c26953bb437acc97600497a74
File size 538.7 KB ( 551593 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe suspicious-udp overlay

VirusTotal metadata
First submission 2017-03-31 15:17:55 UTC ( 1 year, 10 months ago )
Last submission 2017-04-03 07:14:33 UTC ( 1 year, 10 months ago )
File names Win32.Trojan.Agent@012971f0765a2b8a18f59f3e8a687ddfb69adf35fc1c1c7c2812abc6a4c3dabd.bin
Berigelsens4
012971f0765a2b8a18f59f3e8a687ddfb69adf35fc1c1c7c2812abc6a4c3dabd.exe
012971f0765a2b8a18f59f3e8a687ddfb69adf35fc1c1c7c2812abc6a4c3dabd.exe
a1.exe
a1.exe
Berigelsens4.exe
a1.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications