× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 032d620e3229f62622a4bf0f150bf00876c7ea08bc4c004f16ac1cc2d5fac6ee
File name: 2p8uomsp.exe
Detection ratio: 7 / 61
Analysis date: 2017-04-10 21:30:24 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170410
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Endgame malicious (moderate confidence) 20170407
ESET-NOD32 Win32/TrojanProxy.Agent.NYH 20170410
Microsoft TrojanProxy:Win32/Bunitu.Q!bit 20170410
Symantec ML.Attribute.HighConfidence 20170410
Webroot W32.Suspicious.Heur 20170410
Ad-Aware 20170410
AegisLab 20170410
AhnLab-V3 20170410
Alibaba 20170410
ALYac 20170410
Antiy-AVL 20170410
Arcabit 20170410
Avast 20170410
AVG 20170410
Avira (no cloud) 20170410
AVware 20170410
BitDefender 20170410
Bkav 20170410
CAT-QuickHeal 20170410
ClamAV 20170410
CMC 20170410
Comodo 20170410
Cyren 20170410
DrWeb 20170410
Emsisoft 20170410
F-Prot 20170410
F-Secure 20170410
Fortinet 20170410
GData 20170410
Ikarus 20170410
Sophos ML 20170203
Jiangmin 20170410
K7AntiVirus 20170410
K7GW 20170410
Kaspersky 20170410
Kingsoft 20170410
Malwarebytes 20170410
McAfee 20170410
McAfee-GW-Edition 20170410
eScan 20170410
NANO-Antivirus 20170410
nProtect 20170410
Palo Alto Networks (Known Signatures) 20170410
Panda 20170410
Qihoo-360 20170410
Rising 20170410
SentinelOne (Static ML) 20170330
Sophos AV 20170410
SUPERAntiSpyware 20170410
Symantec Mobile Insight 20170406
Tencent 20170410
TheHacker 20170410
TrendMicro 20170410
TrendMicro-HouseCall 20170410
Trustlook 20170410
VBA32 20170410
VIPRE 20170410
ViRobot 20170410
WhiteArmor 20170409
Yandex 20170410
Zillya 20170410
ZoneAlarm by Check Point 20170410
Zoner 20170410
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1999

Product handle Application
Original name handle.EXE
Internal name handle
File version 1, 0, 0, 1
Description handle MFC Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-05 20:47:18
Entry Point 0x00005C0C
Number of sections 4
PE sections
Overlays
MD5 1bee19a724ecafae32c7d1de5392ebb7
File type data
Offset 61440
Size 123234
Entropy 8.00
PE imports
CloseServiceHandle
LookupPrivilegeValueA
OpenProcessToken
OpenServiceA
AdjustTokenPrivileges
ControlService
DeleteService
OpenSCManagerA
DeviceIoControl
OpenProcess
FileTimeToSystemTime
GetModuleFileNameW
GetLastError
FreeLibrary
GetVersionExA
LoadLibraryA
GetStartupInfoA
GetDateFormatA
CompareFileTime
lstrcatA
GetCurrentDirectoryA
GetProcAddress
GetModuleHandleA
lstrcpyA
GetCurrentProcess
GetTimeFormatA
TerminateProcess
GetLogicalDriveStringsA
CreateFileW
CreateFileA
VirtualAlloc
CloseHandle
Ord(1775)
Ord(2438)
Ord(4080)
Ord(5252)
Ord(4710)
Ord(3597)
Ord(527)
Ord(3136)
Ord(4524)
Ord(554)
Ord(1842)
Ord(3641)
Ord(5237)
Ord(4303)
Ord(5577)
Ord(3350)
Ord(6905)
Ord(6375)
Ord(4403)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(4508)
Ord(3610)
Ord(2252)
Ord(1665)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(807)
Ord(4964)
Ord(6215)
Ord(4441)
Ord(4529)
Ord(4531)
Ord(815)
Ord(2723)
Ord(6270)
Ord(366)
Ord(641)
Ord(1175)
Ord(796)
Ord(4532)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4402)
Ord(4425)
Ord(3454)
Ord(5199)
Ord(567)
Ord(4077)
Ord(1134)
Ord(4220)
Ord(4465)
Ord(4108)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(3481)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(5290)
Ord(825)
Ord(3910)
Ord(3081)
Ord(3092)
Ord(5307)
Ord(4242)
Ord(4823)
Ord(2390)
Ord(6605)
Ord(2542)
Ord(4424)
Ord(540)
Ord(5076)
Ord(4078)
Ord(3293)
Ord(2554)
Ord(693)
Ord(2510)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(1727)
Ord(3370)
Ord(1776)
Ord(1644)
Ord(813)
Ord(4998)
Ord(5981)
Ord(5472)
Ord(823)
Ord(4436)
Ord(3654)
Ord(800)
Ord(656)
Ord(3749)
Ord(2512)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4696)
Ord(4349)
Ord(4079)
Ord(3058)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(4615)
Ord(4892)
Ord(1726)
Ord(3371)
Ord(3259)
Ord(6336)
Ord(2584)
Ord(4890)
Ord(4244)
Ord(3262)
Ord(5653)
Ord(674)
Ord(975)
Ord(1576)
Ord(5243)
Ord(2614)
Ord(4353)
Ord(3301)
Ord(2583)
Ord(3748)
Ord(5065)
Ord(5253)
Ord(3059)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(6453)
Ord(3663)
Ord(3346)
Ord(858)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(520)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(3825)
Ord(2976)
Ord(303)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(6052)
Ord(2818)
Ord(6329)
Ord(3499)
Ord(4376)
Ord(3286)
Ord(3402)
Ord(2582)
Ord(4623)
Ord(324)
Ord(5265)
Ord(4238)
Ord(794)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4341)
Ord(4613)
Ord(2884)
Ord(3098)
Ord(2878)
Ord(3079)
Ord(4899)
Ord(6334)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(3996)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(4622)
Ord(561)
Ord(1746)
Ord(355)
Ord(4543)
Ord(2302)
Ord(4610)
Ord(4961)
Ord(2879)
Ord(4486)
Ord(2535)
Ord(529)
Ord(3640)
Ord(4698)
Ord(4370)
Ord(4588)
Ord(5163)
Ord(6055)
Ord(296)
Ord(4858)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(5731)
Ord(1849)
strncmp
__p__fmode
malloc
__CxxFrameHandler
_ftol
memset
fclose
strcat
__dllonexit
_stricmp
_controlfp
fprintf
fopen
strlen
_except_handler3
_onexit
exit
sprintf
__setusermatherr
_adjust_fdiv
_XcptFilter
_acmdln
__p__commode
free
__getmainargs
_initterm
_setmbcp
wcstombs
strchr
strcpy
__mb_cur_max
_strnicmp
_exit
strcmp
__set_app_type
GetSubMenu
SetTimer
GetMessagePos
UpdateWindow
EnableWindow
LoadMenuA
PostMessageA
GetClientRect
FindWindowW
SendMessageA
KillTimer
GetWindowLongA
ScreenToClient
PtInRect
Number of PE resources by type
RT_STRING 15
RT_DIALOG 3
RT_MENU 2
RT_GROUP_CURSOR 1
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 26
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
32768

ImageVersion
0.0

ProductName
handle Application

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
handle MFC Application

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
handle.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2017:04:05 21:47:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
handle

ProductVersion
1, 0, 0, 1

SubsystemVersion
4.0

OSVersion
0.0

FileOS
Win32

LegalCopyright
Copyright (C) 1999

MachineType
Intel 386 or later, and compatibles

CodeSize
24576

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x5c0c

ObjectFileType
Executable application

File identification
MD5 e5c355e76f0c0315d197cc2b064a3d38
SHA1 cbd9589a41ca824bc783dad19024a682d983925a
SHA256 032d620e3229f62622a4bf0f150bf00876c7ea08bc4c004f16ac1cc2d5fac6ee
ssdeep
3072:VFsJjz7+rlhND3uOeHkn7qThFuCtmC03SigMi3uXmKDmMn1fCIDqa:YJT+L9+OeEKFuCCRguXKo1ca

authentihash 09963814872176e2f212f10927a8e8bf8d6ff69dce53f933388fdceaf4ae1500
imphash 1100968872dd8fe1fbcfca33627cdd6f
File size 180.3 KB ( 184674 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-04-10 21:30:24 UTC ( 1 year, 11 months ago )
Last submission 2017-04-10 21:30:24 UTC ( 1 year, 11 months ago )
File names 2p8uomsp.exe
handle.EXE
handle
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications