× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 06cb344ee38f7f66dd8241e0c1065da6693cefb1df32a312b2e281f0c7e98f9b
File name: 51ad80d5be4ad4ae1b13bbd60a89c414ef4f276f
Detection ratio: 33 / 70
Analysis date: 2019-02-08 19:02:27 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31667617 20190208
ALYac Trojan.Autoruns.GenericKDS.31667617 20190208
Arcabit Trojan.Autoruns.GenericS.D1E335A1 20190208
Avast Win32:Malware-gen 20190208
AVG Win32:Malware-gen 20190208
BitDefender Trojan.Autoruns.GenericKDS.31667617 20190208
Comodo Malware@#3h1jfyta4fnuu 20190208
Cyren W32/Trojan.ELEJ-3140 20190208
DrWeb Trojan.Siggen8.3450 20190208
Emsisoft Trojan.Autoruns.GenericKDS.31667617 (B) 20190208
ESET-NOD32 Win32/Spy.IcedId.H 20190208
Fortinet W32/IcedId.H!tr.spy 20190208
GData Win32.Trojan.Agent.BMDGCA 20190208
Ikarus Trojan-Spy.Agent 20190208
Kaspersky Trojan-Banker.Win32.IcedID.tpkr 20190208
Malwarebytes Trojan.IcedID 20190208
MAX malware (ai score=99) 20190208
McAfee GenericR-OUB!2000419CD872 20190208
McAfee-GW-Edition Artemis!Trojan 20190208
Microsoft TrojanSpy:Win32/IcedId!rfn 20190208
eScan Trojan.Autoruns.GenericKDS.31667617 20190208
Palo Alto Networks (Known Signatures) generic.ml 20190208
Panda Trj/GdSda.A 20190208
Qihoo-360 Win32/Trojan.eef 20190208
Rising Spyware.IcedId!8.F061 (CLOUD) 20190208
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Generic-S 20190208
Symantec Trojan.Gen.2 20190208
Tencent Win32.Trojan-banker.Icedid.Hlxg 20190208
TrendMicro-HouseCall TROJ_GEN.R002H0CB819 20190208
VBA32 Trojan.Fuerboos 20190208
Webroot W32.Trojan.Gen 20190208
ZoneAlarm by Check Point Trojan-Banker.Win32.IcedID.tpkr 20190208
Acronis 20190208
AegisLab 20190208
AhnLab-V3 20190208
Alibaba 20180921
Antiy-AVL 20190208
Avast-Mobile 20190208
Avira (no cloud) 20190208
Babable 20180918
Baidu 20190202
Bkav 20190201
CAT-QuickHeal 20190208
ClamAV 20190208
CMC 20190208
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190208
eGambit 20190208
Endgame 20181108
F-Prot 20190208
F-Secure 20190208
Sophos ML 20181128
Jiangmin 20190208
K7AntiVirus 20190208
K7GW 20190208
Kingsoft 20190208
NANO-Antivirus 20190208
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190207
TACHYON 20190208
TheHacker 20190203
TotalDefense 20190206
Trapmine 20190123
TrendMicro 20190208
Trustlook 20190208
ViRobot 20190208
Yandex 20190208
Zillya 20190208
Zoner 20190208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2003-2015, Rally Software Development indicate Pushfinish nose drive

Product Facewinter
Original name Foodsuit.exe
Internal name Facewinter
File version 14.8.50.88
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-06 11:48:21
Entry Point 0x0002990C
Number of sections 5
PE sections
PE imports
ImageList_GetImageCount
ImageList_Create
ImageList_GetImageInfo
ImageList_EndDrag
ImageList_GetDragImage
GetFileTitleA
ChooseColorA
GetSaveFileNameA
GetOpenFileNameA
CreateBitmap
GetClipBox
SetTextColor
StretchDIBits
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetModuleHandleW
GetWindowsDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetUserDefaultLCID
VirtualProtectEx
EncodePointer
GetLocaleInfoW
SetStdHandle
CompareStringW
RaiseException
InitializeCriticalSection
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
SetEnvironmentVariableA
HeapAlloc
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InterlockedIncrement
PathGetDriveNumberA
AssocQueryStringA
wnsprintfA
PathIsUNCA
PathAppendA
MapWindowPoints
ValidateRect
BeginDeferWindowPos
CreateMenu
LoadCursorA
TranslateMessage
UnregisterHotKey
BeginPaint
PostMessageA
GetSystemMetrics
DeferWindowPos
DestroyMenu
RegisterWindowMessageA
OpenClipboard
InvalidateRect
Ord(12)
Ord(3)
Ord(26)
Ord(11)
Ord(10)
Ord(24)
Ord(23)
Ord(28)
Ord(22)
Ord(20)
Ord(6)
Ord(30)
Ord(7)
Ord(15)
Ord(4)
Ord(16)
Ord(5)
Ord(18)
Ord(9)
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 10
PE resources
Debug information
ExifTool file metadata
CodeSize
235520

SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
14.8.50.88

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
210432

EntryPoint
0x2990c

OriginalFileName
Foodsuit.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2003-2015, Rally Software Development indicate Pushfinish nose drive

FileVersion
14.8.50.88

TimeStamp
2011:02:06 12:48:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Facewinter

ProductVersion
14.8.50.88

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Rally Software Development

LegalTrademarks
Facewinter landvowel learn

ProductName
Facewinter

ProductVersionNumber
14.8.50.88

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2000419cd87249da5760c9688d4f7bf5
SHA1 51ad80d5be4ad4ae1b13bbd60a89c414ef4f276f
SHA256 06cb344ee38f7f66dd8241e0c1065da6693cefb1df32a312b2e281f0c7e98f9b
ssdeep
6144:HOSWra4caVMISWXA1Aqj+5HznRmLxBASDr7VNitw3ip/WPENUuv:HO524ca9SqA2qQRoAS37VNitLp/mQUO

authentihash 3cb0679a97ef4c531cba17f80d58d32b1d619afd1b484e7cdd62f0507e85c73a
imphash 65c7c158c529e302aecd144b48b20b72
File size 368.0 KB ( 376832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-06 18:53:45 UTC ( 1 month, 1 week ago )
Last submission 2019-02-06 18:53:45 UTC ( 1 month, 1 week ago )
File names Facewinter
Foodsuit.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.