× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 05e5778edc2eb82a51807cc69cfcd4408dccb50ee6957fcfe706ecd0129a0c44
File name: Strmstningens6
Detection ratio: 50 / 67
Analysis date: 2017-11-20 04:22:12 UTC ( 3 days, 14 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6191582 20171120
AegisLab Troj.Psw.W32.Fareit!c 20171120
AhnLab-V3 Trojan/Win32.Injector.C2258669 20171119
ALYac Trojan.GenericKD.6191582 20171120
Antiy-AVL Trojan[PSW]/Win32.Fareit 20171120
Arcabit Trojan.Generic.D5E79DE 20171120
Avast Win32:Malware-gen 20171120
AVG Win32:Malware-gen 20171120
Avira (no cloud) TR/Dropper.VB.syzcl 20171119
AVware Trojan.Win32.Generic!BT 20171120
BitDefender Trojan.GenericKD.6191582 20171120
CAT-QuickHeal TrojanPWS.Fareit 20171118
ClamAV Win.Packer.VbPack-0-6334882-0 20171120
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171120
Cyren W32/Trojan.BAF.gen!Eldorado 20171120
DrWeb Trojan.PWS.Stealer.1932 20171120
Emsisoft Trojan.GenericKD.6191582 (B) 20171120
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Injector.DTOU 20171119
F-Prot W32/Trojan.BAF.gen!Eldorado 20171120
F-Secure Trojan.GenericKD.6191582 20171120
Fortinet W32/Injector.DSOV!tr 20171120
GData Trojan.GenericKD.6191582 20171120
Ikarus Trojan.Agent 20171119
Sophos ML heuristic 20170914
K7AntiVirus Riskware ( 0040eff71 ) 20171117
K7GW Riskware ( 0040eff71 ) 20171120
Kaspersky Trojan-PSW.Win32.Fareit.djum 20171120
Malwarebytes Trojan.MalPack.VB 20171119
MAX malware (ai score=94) 20171120
McAfee Fareit-FJX!6660DDBB09AF 20171120
McAfee-GW-Edition Fareit-FJX!6660DDBB09AF 20171120
Microsoft PWS:Win32/Fareit 20171120
eScan Trojan.GenericKD.6191582 20171120
NANO-Antivirus Trojan.Win32.Fareit.euyjkr 20171120
nProtect Trojan-PWS/W32.Fareit.376832.D 20171120
Palo Alto Networks (Known Signatures) generic.ml 20171120
Panda Trj/GdSda.A 20171119
Qihoo-360 Win32/Trojan.Dropper.ae1 20171120
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/FareitVB-M 20171120
Symantec Trojan.Gen.2 20171119
Tencent Win32.Trojan-qqpass.Qqrob.Wofw 20171120
TrendMicro TROJ_GEN.R002C0DKE17 20171120
TrendMicro-HouseCall TROJ_GEN.R002C0DKE17 20171120
VIPRE Trojan.Win32.Generic!BT 20171120
ViRobot Trojan.Win32.Z.Malpack.376832 20171120
Zillya Trojan.Fareit.Win32.23574 20171117
ZoneAlarm by Check Point Trojan-PSW.Win32.Fareit.djum 20171120
Alibaba 20170911
Avast-Mobile 20171119
Baidu 20171117
Bkav 20171118
CMC 20171119
Comodo 20171120
Cybereason 20171103
eGambit 20171120
Jiangmin 20171120
Kingsoft 20171120
Rising 20171120
SUPERAntiSpyware 20171119
Symantec Mobile Insight 20171117
TheHacker 20171117
TotalDefense 20171119
Trustlook 20171120
VBA32 20171117
Webroot 20171120
WhiteArmor 20171104
Yandex 20171118
Zoner 20171120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
foobar2000.org

Product COMODO
Original name Strmstningens6.exe
Internal name Strmstningens6
File version 4.00.0008
Description www.orbitdownloader.com
Comments GameRanger Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-13 05:23:05
Entry Point 0x00001184
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
_CIcos
EVENT_SINK_QueryInterface
_allmul
_adj_fprem
Ord(594)
_adj_fpatan
EVENT_SINK_AddRef
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m64
__vbaSetSystemError
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaFreeVar
_adj_fdiv_m64
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
EVENT_SINK_Release
_adj_fptan
__vbaExceptHandler
_CIatan
_adj_fdivr_m32i
_CIexp
_adj_fprem1
_adj_fdivr_m32
_CItan
__vbaFpI4
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 8
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Canon

SubsystemVersion
4.0

Comments
GameRanger Technologies

LinkerVersion
6.0

ImageVersion
4.0

FileSubtype
0

FileVersionNumber
4.0.0.8

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
www.orbitdownloader.com

CharacterSet
Unicode

InitializedDataSize
32768

EntryPoint
0x1184

OriginalFileName
Strmstningens6.exe

MIMEType
application/octet-stream

LegalCopyright
foobar2000.org

FileVersion
4.00.0008

TimeStamp
2017:11:13 06:23:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Strmstningens6

ProductVersion
4.00.0008

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PWI, Inc.

CodeSize
339968

ProductName
COMODO

ProductVersionNumber
4.0.0.8

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6660ddbb09afd08b946fcea493c79d60
SHA1 87b74cb86dd87a1f3c8b806284bb1a5f879c5fa6
SHA256 05e5778edc2eb82a51807cc69cfcd4408dccb50ee6957fcfe706ecd0129a0c44
ssdeep
3072:Rw+1u/UILBZoOXBJ7Squ2pui5xV1l67rUlWu:Ra/xjoy7SSpY

authentihash a180afea2aa6fe25601db1f43d89dc8ed929b43ef4e334d0a74be3bfccf657e8
imphash b3f67a15e2d26c9b0e5de700bcc441e9
File size 368.0 KB ( 376832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-13 21:30:39 UTC ( 1 week, 2 days ago )
Last submission 2017-11-13 21:30:39 UTC ( 1 week, 2 days ago )
File names 44451 pdf.exe
Strmstningens6
Strmstningens6.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications