× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 05be49819139a3fdcdbddbdefd298398779521f3d68daa25275cc77508e42310
File name: uzo.exe
Detection ratio: 5 / 69
Analysis date: 2018-10-08 22:30:58 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180723
Endgame malicious (moderate confidence) 20180730
Ikarus Trojan-Banker.Ramnit 20181008
Sophos ML heuristic 20180717
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20181008
Ad-Aware 20181008
AegisLab 20181008
AhnLab-V3 20181008
Alibaba 20180921
ALYac 20181008
Antiy-AVL 20181008
Arcabit 20181008
Avast 20181008
Avast-Mobile 20181008
AVG 20181008
Avira (no cloud) 20181008
AVware 20180925
Babable 20180918
Baidu 20181008
BitDefender 20181008
Bkav 20181008
CAT-QuickHeal 20181008
ClamAV 20181008
CMC 20181008
Comodo 20181008
Cybereason 20180225
Cylance 20181008
Cyren 20181008
DrWeb 20181008
eGambit 20181008
Emsisoft 20181008
ESET-NOD32 20181008
F-Prot 20181008
F-Secure 20181008
Fortinet 20181008
GData 20181008
Jiangmin 20181008
K7AntiVirus 20181008
K7GW 20181008
Kaspersky 20181008
Kingsoft 20181008
Malwarebytes 20181008
MAX 20181008
McAfee 20181008
Microsoft 20181008
eScan 20181008
NANO-Antivirus 20181008
Palo Alto Networks (Known Signatures) 20181008
Panda 20181008
Qihoo-360 20181008
Rising 20181008
SentinelOne (Static ML) 20180926
Sophos AV 20181008
SUPERAntiSpyware 20181006
Symantec 20181008
Symantec Mobile Insight 20181001
TACHYON 20181008
Tencent 20181008
TheHacker 20181008
TotalDefense 20181008
TrendMicro 20181008
TrendMicro-HouseCall 20181008
Trustlook 20181008
VBA32 20181008
VIPRE 20181008
ViRobot 20181008
Webroot 20181008
Yandex 20181008
Zillya 20181008
ZoneAlarm by Check Point 20181008
Zoner 20181008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
BreakPoint Software, Inc. Copyright 2015

Product Selection
Original name Selection.exe
Internal name Selection
File version 5.3.4.365
Description Bitmap Considering
Comments Bitmap Considering
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-08 21:16:38
Entry Point 0x00045940
Number of sections 3
PE sections
PE imports
RegCloseKey
AuthzInitializeResourceManager
InitCommonControlsEx
DPtoLP
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
GradientFill
VariantInit
SHGetMalloc
AssocCreate
phoneGetLamp
UnregisterGPNotification
FindTextA
GdiplusStartup
GetPerAdapterInfo
GetColorDirectoryW
CoInitialize
Number of PE resources by type
RT_DIALOG 17
RT_ICON 6
RT_ACCELERATOR 3
RT_BITMAP 3
TXT 2
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 36
PE resources
ExifTool file metadata
CodeSize
143360

SubsystemVersion
4.0

Comments
Bitmap Considering

Languages
English

InitializedDataSize
61440

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.3.4.365

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Bitmap Considering

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

PrivateBuild
5.3.4.365

EntryPoint
0x45940

OriginalFileName
Selection.exe

MIMEType
application/octet-stream

LegalCopyright
BreakPoint Software, Inc. Copyright 2015

FileVersion
5.3.4.365

TimeStamp
2018:10:08 23:16:38+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Selection

ProductVersion
5.3.4.365

UninitializedDataSize
139264

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
BreakPoint Software, Inc.

LegalTrademarks
BreakPoint Software, Inc. Copyright 2015

ProductName
Selection

ProductVersionNumber
5.3.4.365

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
5.3.4.365

File identification
MD5 2d22ce41a5af9d807837c50ee168b040
SHA1 7bcf08a5efd57426dc61e2c8bd6ef526e487b9b6
SHA256 05be49819139a3fdcdbddbdefd298398779521f3d68daa25275cc77508e42310
ssdeep
3072:I5ocaV42zY5kV01Chr4JZABY6Natty/depmIc1CL2I41IyA7c4WefLFwLZeI:+UzY5e47AB90vpQ1CL2rA7LWTb

authentihash 87820eea186625c0a1a11b87a703f5dcf89b369f1c892155e4c87a0946ad8443
imphash d01d1a20220b3b0625c5c6e76226fd75
File size 196.5 KB ( 201216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (61.2%)
Win32 Dynamic Link Library (generic) (14.8%)
Win32 Executable (generic) (10.2%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-10-08 22:30:58 UTC ( 5 months, 2 weeks ago )
Last submission 2018-10-25 01:23:03 UTC ( 4 months, 4 weeks ago )
File names Q.exe
Selection
Selection.exe
2d22ce41a5af9d807837c50ee168b040.virobj
uzo.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs