× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 02d51c1f006c3b8309e0bc607f896f991947282541a0de41afabb4c0de095858
File name: fe29dbfa834b27b642a445aea8749be2.exe.@
Detection ratio: 28 / 69
Analysis date: 2018-12-03 18:27:43 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
AegisLab Trojan.Win32.Noon.4!c 20181203
Avast Win32:Trojan-gen 20181203
AVG Win32:Trojan-gen 20181203
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181203
DrWeb Trojan.Fbng.8 20181203
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.ECBL 20181203
Fortinet W32/Noon.CSVY!tr 20181203
GData Win32.Trojan-Stealer.FormBook.4FJHQF 20181203
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 00542c4c1 ) 20181203
K7GW Trojan ( 00542c4c1 ) 20181203
Kaspersky Trojan-Spy.Win32.Noon.xhr 20181203
Malwarebytes Trojan.Agent.VB 20181203
MAX malware (ai score=99) 20181203
McAfee RDN/Generic PWS.y 20181203
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20181203
Microsoft Program:Win32/Unwaders.C!ml 20181203
Palo Alto Networks (Known Signatures) generic.ml 20181203
Panda Trj/GdSda.A 20181203
Qihoo-360 Win32/Trojan.Spy.26e 20181203
Rising Spyware.Noon!8.E7C9 (CLOUD) 20181203
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181203
Tencent Win32.Trojan-spy.Noon.Eehd 20181203
Trapmine malicious.moderate.ml.score 20181128
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.xhr 20181203
Ad-Aware 20181203
AhnLab-V3 20181203
Alibaba 20180921
ALYac 20181203
Antiy-AVL 20181202
Arcabit 20181203
Avast-Mobile 20181203
Avira (no cloud) 20181203
Babable 20180918
Baidu 20181203
BitDefender 20181203
Bkav 20181203
CAT-QuickHeal 20181203
ClamAV 20181203
CMC 20181203
Comodo 20181203
Cybereason 20180225
Cyren 20181203
eGambit 20181203
Emsisoft 20181203
F-Prot 20181203
F-Secure 20181203
Ikarus 20181203
Jiangmin 20181203
Kingsoft 20181203
eScan 20181203
NANO-Antivirus 20181203
Sophos AV 20181203
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181203
TheHacker 20181202
TrendMicro 20181203
TrendMicro-HouseCall 20181203
Trustlook 20181203
VBA32 20181203
VIPRE 20181202
ViRobot 20181203
Webroot 20181203
Yandex 20181130
Zillya 20181130
Zoner 20181203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Microsoft OneNote
Original name OneNoteM.exe
Internal name OneNoteM
File version 15.00.4420
Description Send to OneNote Tool
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-02 16:39:29
Entry Point 0x00001234
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaEnd
EVENT_SINK_QueryInterface
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(709)
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaFreeVar
Ord(556)
Ord(619)
__vbaFileOpen
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
__vbaStrVarVal
_CIcos
_adj_fptan
__vbaVarDup
__vbaI4Var
__vbaVarMove
_CIatan
Ord(608)
__vbaFreeStr
_adj_fdivr_m32i
_CItan
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaFreeStrList
Ord(598)
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 2
SPANISH HONDURAS 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
15.0

FileSubtype
0

FileVersionNumber
15.0.0.4420

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Send to OneNote Tool

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
53248

EntryPoint
0x1234

OriginalFileName
OneNoteM.exe

MIMEType
application/octet-stream

FileVersion
15.00.4420

TimeStamp
2018:12:02 17:39:29+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
OneNoteM

ProductVersion
15.00.4420

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
835584

ProductName
Microsoft OneNote

ProductVersionNumber
15.0.0.4420

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fe29dbfa834b27b642a445aea8749be2
SHA1 546621f881ad29fadd44f24a79011e097bb146bd
SHA256 02d51c1f006c3b8309e0bc607f896f991947282541a0de41afabb4c0de095858
ssdeep
12288:T5lAPPUsLcrFjoHeR7oNv+L4eIHiG2KehSu/izU1w4:T5lAP8sLyo+pQ+L4XCGghSOt1w

authentihash 067d9af5726e2cff58acedff12e43a5b1757c81db4d7b14217e1ebc147668e43
imphash 8c161f523992cc215b6283a2b45e4309
File size 836.0 KB ( 856064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-03 06:49:29 UTC ( 3 months, 2 weeks ago )
Last submission 2019-01-22 08:00:47 UTC ( 1 month, 3 weeks ago )
File names output.114571402.txt
fe29dbfa834b27b642a445aea8749be2.exe.@
fe29dbfa834b27b642a445aea8749be2
OneNoteM
OneNoteM.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!