× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 035a5616156287c0a970f9ae4a03f6f5ecf081e0f695ace35987c29ac5593426
File name: output.113592676.txt
Detection ratio: 42 / 67
Analysis date: 2018-07-10 14:32:46 UTC ( 8 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31072109 20180710
AegisLab Uds.Dangerousobject.Multi!c 20180710
AhnLab-V3 Trojan/Win32.Obfus.R231358 20180710
Antiy-AVL Trojan/Win32.Tgenic 20180710
Avast Win32:Trojan-gen 20180710
AVG Win32:Trojan-gen 20180710
BitDefender Trojan.GenericKD.31072109 20180710
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180530
Cylance Unsafe 20180710
Cyren W32/VBKrypt.BA.gen!Eldorado 20180710
DrWeb Trojan.VbCryptENT.1656 20180710
Emsisoft Trojan.Injector (A) 20180710
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Injector.DZCU 20180710
F-Prot W32/VBKrypt.BA.gen!Eldorado 20180710
F-Secure Trojan.GenericKD.31072109 20180710
Fortinet W32/GenKryptik.CESG!tr 20180710
GData Win32.Trojan.Agent.8ZZ7HG 20180710
Ikarus Trojan.Win32.Injector 20180710
Sophos ML heuristic 20180601
K7AntiVirus Trojan ( 005370b21 ) 20180710
K7GW Trojan ( 005370b21 ) 20180710
Kaspersky Trojan-Spy.Win32.Noon.oho 20180710
Malwarebytes Trojan.PasswordStealer 20180710
MAX malware (ai score=97) 20180710
McAfee Artemis!F35EC1C68FA8 20180710
McAfee-GW-Edition BehavesLike.Win32.Malware.jh 20180710
Microsoft Trojan:Win32/Occamy.C 20180710
eScan Trojan.GenericKD.31072109 20180710
Palo Alto Networks (Known Signatures) generic.ml 20180710
Qihoo-360 Win32/Trojan.Spy.203 20180710
Rising Spyware.Noon!8.E7C9 (CLOUD) 20180710
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/Formboo-BU 20180710
Symantec ML.Attribute.HighConfidence 20180710
Tencent Win32.Trojan.Inject.Auto 20180710
TrendMicro TSPY_SWOTTER.FBOAK 20180710
TrendMicro-HouseCall TSPY_SWOTTER.FBOAK 20180710
VBA32 Trojan.Fuerboos 20180710
ViRobot Trojan.Win32.Z.Vbkrypt.651264.AA 20180710
Webroot W32.Trojan.Gen 20180710
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.oho 20180710
ALYac 20180710
Arcabit 20180710
Avast-Mobile 20180710
Avira (no cloud) 20180710
AVware 20180710
Baidu 20180710
Bkav 20180706
CAT-QuickHeal 20180710
ClamAV 20180710
CMC 20180710
Comodo 20180710
Cybereason 20180225
eGambit 20180710
Jiangmin 20180710
Kingsoft 20180710
NANO-Antivirus 20180710
Panda 20180710
SUPERAntiSpyware 20180710
TACHYON 20180710
TheHacker 20180710
TotalDefense 20180710
Trustlook 20180710
VIPRE 20180710
Yandex 20180709
Zillya 20180709
Zoner 20180709
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Sourco Fira, GNj.

Product Zallo cRA jECC
Original name Beecroft.exe
Internal name Beecroft
File version 3.01
Description cAM STudiO GROUO
Comments HUAweo
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-08 22:42:12
Entry Point 0x000010D8
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(523)
EVENT_SINK_Release
Ord(673)
Ord(100)
Ord(574)
DllFunctionCall
Ord(526)
Ord(527)
ProcCallEngine
Ord(661)
Ord(525)
Ord(646)
Ord(589)
Ord(542)
EVENT_SINK_AddRef
Ord(617)
Ord(693)
Ord(610)
__vbaExceptHandler
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
638976

SubsystemVersion
4.0

Comments
HUAweo

InitializedDataSize
16384

ImageVersion
3.1

ProductName
Zallo cRA jECC

FileVersionNumber
3.1.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Beecroft.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.01

TimeStamp
2018:07:08 23:42:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Beecroft

ProductVersion
3.01

FileDescription
cAM STudiO GROUO

OSVersion
4.0

FileOS
Win32

LegalCopyright
Sourco Fira, GNj.

MachineType
Intel 386 or later, and compatibles

CompanyName
daA techNOLOGIES

LegalTrademarks
worlD

FileSubtype
0

ProductVersionNumber
3.1.0.0

EntryPoint
0x10d8

ObjectFileType
Executable application

File identification
MD5 f35ec1c68fa8d726558775b044670073
SHA1 8ac930e3bfc751c4989b8106afda6a45ac97189a
SHA256 035a5616156287c0a970f9ae4a03f6f5ecf081e0f695ace35987c29ac5593426
ssdeep
6144:LzpkI3f6nmy6M/nYQLfXZOI9navWVEO7ICRzdvI3sG:LrP/yH/uWVl7ICRzdvI3s

authentihash 7612d3fcd53bc4eac26e01df2d70b35c4155046898a0fb6189474d77ff3cfaaf
imphash 3070ad4e5dadb9fc54ce05d6a4cc9641
File size 636.0 KB ( 651264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-09 15:36:04 UTC ( 8 months, 1 week ago )
Last submission 2018-07-10 14:32:46 UTC ( 8 months, 1 week ago )
File names SM.exe
Beecroft.exe
Beecroft
output.113592676.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.