× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 05e5778edc2eb82a51807cc69cfcd4408dccb50ee6957fcfe706ecd0129a0c44
File name: 6660ddbb09afd08b946fcea493c79d60.virobj
Detection ratio: 51 / 68
Analysis date: 2017-12-09 07:04:12 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6191582 20171209
AegisLab Troj.Psw.W32.Fareit!c 20171209
AhnLab-V3 Trojan/Win32.Injector.C2258669 20171208
ALYac Trojan.GenericKD.6191582 20171208
Antiy-AVL Trojan[PSW]/Win32.Fareit 20171209
Arcabit Trojan.Generic.D5E79DE 20171209
Avast Win32:Malware-gen 20171209
AVG Win32:Malware-gen 20171209
Avira (no cloud) TR/Dropper.VB.syzcl 20171209
AVware Trojan.Win32.Generic!BT 20171209
BitDefender Trojan.GenericKD.6191582 20171209
CAT-QuickHeal TrojanPWS.Fareit 20171208
ClamAV Win.Packer.VbPack-0-6334882-0 20171209
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171209
Cyren W32/Trojan.BAF.gen!Eldorado 20171209
DrWeb Trojan.PWS.Stealer.1932 20171209
Emsisoft Trojan.GenericKD.6191582 (B) 20171209
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Injector.DTOU 20171209
F-Prot W32/Trojan.BAF.gen!Eldorado 20171209
F-Secure Trojan.GenericKD.6191582 20171209
Fortinet W32/Injector.DSOV!tr 20171209
GData Trojan.GenericKD.6191582 20171209
Ikarus Trojan.Agent 20171208
Sophos ML heuristic 20170914
K7AntiVirus Riskware ( 0040eff71 ) 20171208
K7GW Riskware ( 0040eff71 ) 20171209
Kaspersky Trojan-PSW.Win32.Fareit.djum 20171209
Malwarebytes Trojan.MalPack.VB 20171209
MAX malware (ai score=99) 20171209
McAfee Fareit-FJX!6660DDBB09AF 20171209
McAfee-GW-Edition BehavesLike.Win32.Malware.ft 20171209
Microsoft PWS:Win32/Fareit 20171209
eScan Trojan.GenericKD.6191582 20171209
NANO-Antivirus Trojan.Win32.Fareit.euyjkr 20171209
nProtect Trojan-PWS/W32.Fareit.376832.D 20171209
Palo Alto Networks (Known Signatures) generic.ml 20171209
Panda Trj/GdSda.A 20171208
Qihoo-360 Win32/Trojan.Dropper.ae1 20171209
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/FareitVB-M 20171209
Symantec Trojan.Gen.2 20171209
Tencent Win32.Trojan-qqpass.Qqrob.Wofw 20171209
TrendMicro TROJ_GEN.R002C0DKE17 20171209
TrendMicro-HouseCall TROJ_GEN.R002C0DKE17 20171209
VBA32 TrojanPSW.Fareit 20171208
VIPRE Trojan.Win32.Generic!BT 20171209
ViRobot Trojan.Win32.Z.Malpack.376832 20171209
Zillya Trojan.Fareit.Win32.23574 20171207
ZoneAlarm by Check Point Trojan-PSW.Win32.Fareit.djum 20171209
Alibaba 20171208
Avast-Mobile 20171208
Baidu 20171209
Bkav 20171208
CMC 20171208
Comodo 20171209
Cybereason 20171103
eGambit 20171209
Jiangmin 20171209
Kingsoft 20171209
Rising 20171209
SUPERAntiSpyware 20171209
Symantec Mobile Insight 20171207
TheHacker 20171209
TotalDefense 20171209
Trustlook 20171209
Webroot 20171209
WhiteArmor 20171204
Yandex 20171208
Zoner 20171209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
foobar2000.org

Product COMODO
Original name Strmstningens6.exe
Internal name Strmstningens6
File version 4.00.0008
Description www.orbitdownloader.com
Comments GameRanger Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-13 05:23:05
Entry Point 0x00001184
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
_CIcos
EVENT_SINK_QueryInterface
_allmul
_adj_fprem
Ord(594)
_adj_fpatan
EVENT_SINK_AddRef
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m64
__vbaSetSystemError
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaFreeVar
_adj_fdiv_m64
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
EVENT_SINK_Release
_adj_fptan
__vbaExceptHandler
_CIatan
_adj_fdivr_m32i
_CIexp
_adj_fprem1
_adj_fdivr_m32
_CItan
__vbaFpI4
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 8
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Canon

SubsystemVersion
4.0

Comments
GameRanger Technologies

LinkerVersion
6.0

ImageVersion
4.0

FileSubtype
0

FileVersionNumber
4.0.0.8

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
www.orbitdownloader.com

CharacterSet
Unicode

InitializedDataSize
32768

EntryPoint
0x1184

OriginalFileName
Strmstningens6.exe

MIMEType
application/octet-stream

LegalCopyright
foobar2000.org

FileVersion
4.00.0008

TimeStamp
2017:11:13 06:23:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Strmstningens6

ProductVersion
4.00.0008

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PWI, Inc.

CodeSize
339968

ProductName
COMODO

ProductVersionNumber
4.0.0.8

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 6660ddbb09afd08b946fcea493c79d60
SHA1 87b74cb86dd87a1f3c8b806284bb1a5f879c5fa6
SHA256 05e5778edc2eb82a51807cc69cfcd4408dccb50ee6957fcfe706ecd0129a0c44
ssdeep
3072:Rw+1u/UILBZoOXBJ7Squ2pui5xV1l67rUlWu:Ra/xjoy7SSpY

authentihash a180afea2aa6fe25601db1f43d89dc8ed929b43ef4e334d0a74be3bfccf657e8
imphash b3f67a15e2d26c9b0e5de700bcc441e9
File size 368.0 KB ( 376832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-13 21:30:39 UTC ( 3 months, 1 week ago )
Last submission 2017-12-09 07:04:12 UTC ( 2 months, 1 week ago )
File names 44451 pdf.exe
Strmstningens6
6660ddbb09afd08b946fcea493c79d60.virobj
Strmstningens6.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications