× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0a8ee0793748d532a24626f3f869e763823c9ea3bef6458ed414b03fa5371465
File name: CodemastersTransacted
Detection ratio: 45 / 69
Analysis date: 2018-09-27 08:11:35 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40447562 20180927
AhnLab-V3 Malware/Gen.Generic.C2693902 20180927
ALYac Trojan.GenericKD.40447562 20180927
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20180927
Arcabit Trojan.Generic.D2692E4A 20180927
Avast Win32:Trojan-gen 20180927
AVG Win32:Trojan-gen 20180927
Avira (no cloud) TR/Crypt.Agent.tcmnt 20180927
BitDefender Trojan.GenericKD.40447562 20180927
CAT-QuickHeal Trojan.IGENERIC 20180926
Comodo UnclassifiedMalware 20180927
Cybereason malicious.1d70e1 20180225
Cylance Unsafe 20180927
Cyren W32/Trojan.JLLT-7968 20180927
DrWeb Trojan.PWS.Stealer.24476 20180927
Emsisoft Trojan.GenericKD.40447562 (B) 20180927
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKLK 20180927
F-Secure Trojan.GenericKD.40447562 20180927
Fortinet Malicious_Behavior.SB 20180927
GData Trojan.GenericKD.40447562 20180927
Ikarus Trojan-Banker.Ramnit 20180926
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053beb81 ) 20180927
K7GW Trojan ( 0053beb81 ) 20180927
Kaspersky Backdoor.Win32.Androm.qhgm 20180927
Malwarebytes Spyware.LokiBot 20180927
MAX malware (ai score=100) 20180927
McAfee RDN/Generic.grp 20180927
McAfee-GW-Edition RDN/Generic.grp 20180927
Microsoft Trojan:Win32/Emali.A!cl 20180927
eScan Trojan.GenericKD.40447562 20180927
NANO-Antivirus Trojan.Win32.Androm.fihviv 20180927
Palo Alto Networks (Known Signatures) generic.ml 20180927
Panda Trj/GdSda.A 20180926
Qihoo-360 Win32/Backdoor.ede 20180927
Rising Backdoor.Androm!8.113 (CLOUD) 20180927
Sophos AV Troj/Fareit-FQH 20180927
Symantec Trojan Horse 20180927
Tencent Win32.Backdoor.Androm.Aosu 20180927
TrendMicro TROJ_GEN.F0C2C00I518 20180927
TrendMicro-HouseCall TROJ_GEN.F0C2C00I518 20180927
Webroot W32.Injector.Gen 20180927
Yandex Backdoor.Androm!CNTbWNFssrA 20180926
ZoneAlarm by Check Point Backdoor.Win32.Androm.qhgm 20180925
AegisLab 20180927
Alibaba 20180921
Avast-Mobile 20180927
AVware 20180925
Babable 20180918
Baidu 20180927
Bkav 20180927
ClamAV 20180927
CMC 20180926
CrowdStrike Falcon (ML) 20180723
eGambit 20180927
F-Prot 20180927
Jiangmin 20180926
Kingsoft 20180927
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180927
TheHacker 20180927
TotalDefense 20180925
Trustlook 20180927
VBA32 20180926
VIPRE 20180927
ViRobot 20180927
Zillya 20180926
Zoner 20180926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
TWAIN Working Group All rights reserved.

Product CodemastersTransacted
Original name CodemastersTransacted.exe
Internal name CodemastersTransacted
File version 6.3.7.2
Description Poorly Oceans Stres News549 Qq Abortions
Comments Poorly Oceans Stres News549 Qq Abortions
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-03 22:07:49
Entry Point 0x00042EF5
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
OpenEventLogA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegSetValueA
RegCreateKeyExA
RegCreateKeyA
RegOpenKeyExA
SetFileSecurityA
OpenSCManagerA
GetFileSecurityA
AVIFileGetStream
AVIFileCreateStreamA
AVIStreamOpenFromFileA
AVIStreamReadFormat
AVIFileOpenA
AVIStreamSetFormat
AVIStreamLength
AVIFileInit
AVIStreamStart
AVIStreamInfoA
AVIFileInfoA
SetMapMode
GetWindowOrgEx
GetNearestColor
GetTextMetricsA
CombineRgn
GetROP2
GetViewportOrgEx
EndDoc
IntersectClipRect
GetTextFaceA
CreateEllipticRgn
GetPolyFillMode
SetTextAlign
StretchDIBits
ScaleViewportExtEx
SetWindowExtEx
SetViewportExtEx
SetBkColor
GetBkColor
SetRectRgn
SetStretchBltMode
GetCurrentPositionEx
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
LPtoDP
GetPixel
ExcludeClipRect
OffsetViewportOrgEx
SetBkMode
BitBlt
GetDeviceCaps
CreateFontA
SetAbortProc
ScaleWindowExtEx
PtVisible
ExtSelectClipRgn
SetROP2
EndPage
GetTextColor
StrokePath
Escape
BeginPath
DeleteObject
SetGraphicsMode
GetWindowExtEx
PatBlt
CreatePen
GetClipBox
Rectangle
GetObjectA
CreateDCA
LineTo
DeleteDC
GetMapMode
StartPage
GetCharWidthA
CreatePatternBrush
CreateBitmap
RectVisible
GetStockObject
GetBkMode
ExtTextOutA
SelectClipRgn
GetTextAlign
GetTextExtentPoint32A
SetWindowOrgEx
GetViewportExtEx
EndPath
GetRgnBox
SaveDC
RestoreDC
GetStretchBltMode
CreateDIBSection
SetTextColor
MoveToEx
SetViewportOrgEx
CreateCompatibleDC
CreateRectRgn
SelectObject
StartDocA
SetPolyFillMode
Ellipse
SetDCPenColor
CreateSolidBrush
DPtoLP
AbortDoc
CreateCompatibleBitmap
gluPickMatrix
ImmGetDescriptionA
ImmGetConversionStatus
ImmGetContext
ImmGetOpenStatus
ImmSetOpenStatus
ImmIsIME
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
DuplicateHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
MoveFileA
ConnectNamedPipe
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
GetStringTypeExA
OutputDebugStringA
SetLastError
LocalLock
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
RaiseException
GetVolumeInformationA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
SetEnvironmentVariableA
WaitForMultipleObjectsEx
TerminateProcess
WriteConsoleA
VirtualQuery
LocalFileTimeToFileTime
SetEndOfFile
GetVersion
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
DeleteFileA
GetProcAddress
GetProcessHeap
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
lstrcmpW
GlobalLock
GetTimeZoneInformation
CreateEventA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LocalUnlock
InterlockedIncrement
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
CreateNamedPipeA
GetShortPathNameA
LockFile
SwitchToThread
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
QueryPerformanceFrequency
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetCurrentThreadId
FreeResource
FileTimeToLocalFileTime
GetDiskFreeSpaceA
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GradientFill
ICCompressorChoose
NetAuditClear
Ord(3)
Ord(19)
Ord(72)
OleCreateFontIndirect
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
VariantChangeType
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
SysAllocStringByteLen
VariantInit
glGetIntegerv
glPushMatrix
glMatrixMode
glInitNames
glRenderMode
glOrtho
glLoadIdentity
glPushName
glSelectBuffer
SHGetFileInfoA
ExtractIconA
DragFinish
DragQueryFileA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
PathFindFileNameA
StrDupA
StrToIntExA
StrFormatByteSizeW
SHAutoComplete
StrTrimA
SetFocus
RegisterClipboardFormatA
GetForegroundWindow
SetWindowRgn
RedrawWindow
SetMenuItemBitmaps
SetRectEmpty
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
SetScrollPos
IsWindow
DispatchMessageA
ClientToScreen
GrayStringA
WindowFromPoint
CopyRect
DrawIcon
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetClassInfoA
GetMenu
DlgDirSelectExA
SetDlgItemTextA
IsClipboardFormatAvailable
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
MsgWaitForMultipleObjectsEx
CopyAcceleratorTableA
GetTopWindow
LockWindowUpdate
GetMenuItemInfoA
ScrollWindow
GetWindowTextA
EnumWindowStationsW
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
DefMDIChildProcA
GetClassInfoExA
ShowWindow
GetPropA
GetNextDlgGroupItem
ValidateRect
TranslateMDISysAccel
GetTabbedTextExtentA
EnableWindow
LoadImageA
GetDlgItemTextA
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
InsertMenuItemA
CreatePopupMenu
LoadStringA
SetParent
IsZoomed
GetWindowPlacement
DrawMenuBar
InvalidateRgn
EnableMenuItem
RegisterClassA
GetMenuItemCount
TabbedTextOutA
GetWindowLongA
SetTimer
DlgDirListA
GetActiveWindow
GetKeyboardLayout
FillRect
SetWindowContextHelpId
DeferWindowPos
ReleaseDC
EndPaint
DestroyWindow
IsChild
IsDialogMessageA
MapWindowPoints
CreateWindowExA
PostMessageA
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
EnumDisplayDevicesW
SetCapture
ReleaseCapture
IntersectRect
SetWindowLongA
IsRectEmpty
EndDialog
DdeCreateStringHandleW
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDCEx
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ScreenToClient
GetClassLongA
InsertMenuA
GetCapture
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
IsDlgButtonChecked
GetMenuState
ShowOwnedPopups
GetSystemMenu
ReuseDDElParam
GetMenuItemID
SetForegroundWindow
PostThreadMessageA
DrawTextA
GetScrollRange
GetScrollInfo
LoadMenuA
CharNextA
CreateDialogIndirectParamA
FindWindowA
MessageBeep
DrawTextExA
RemoveMenu
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
AppendMenuA
UnhookWindowsHookEx
UnregisterClassA
MoveWindow
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
ShowScrollBar
GetDesktopWindow
UnpackDDElParam
WinHelpA
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
TranslateAcceleratorA
CallWindowProcA
GetClassNameA
GetFocus
CreateMenu
IsWindowVisible
ModifyMenuA
SetMenu
SetCursor
GetThemeInt
WinHttpSendRequest
mmioStringToFOURCCA
timeGetTime
timeEndPeriod
sndPlaySoundW
mmioSeek
mmioWrite
timeBeginPeriod
EnumPrintersA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetJobA
send
htons
recv
connect
WSAGetLastError
WTSQuerySessionInformationA
SCardListInterfacesW
SCardEstablishContext
SCardLocateCardsByATRA
SCardListReadersA
GetOpenFileNameA
GetFileTitleA
OleUninitialize
CLSIDFromProgID
OleTranslateAccelerator
OleDestroyMenuDescriptor
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
CoSetProxyBlanket
OleFlushClipboard
IsAccelerator
RevokeDragDrop
CoRegisterMessageFilter
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
CoInitialize
OleInitialize
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoUninitialize
OleCreateMenuDescriptor
CoRevokeClassObject
CoInitializeSecurity
OleIsCurrentClipboard
CoTaskMemFree
Ord(204)
Number of PE resources by type
RT_RCDATA 5
RT_ICON 4
RCDATA 3
RT_BITMAP 3
RT_DIALOG 2
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 25
PE resources
Debug information
ExifTool file metadata
CodeSize
376832

SubsystemVersion
4.0

Comments
Poorly Oceans Stres News549 Qq Abortions

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.3.7.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Poorly Oceans Stres News549 Qq Abortions

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
270336

PrivateBuild
6.3.7.2

EntryPoint
0x42ef5

OriginalFileName
CodemastersTransacted.exe

MIMEType
application/octet-stream

LegalCopyright
TWAIN Working Group All rights reserved.

FileVersion
6.3.7.2

TimeStamp
2018:09:03 23:07:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CodemastersTransacted

ProductVersion
6.3.7.2

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TWAIN Working Group

LegalTrademarks
TWAIN Working Group All rights reserved.

ProductName
CodemastersTransacted

ProductVersionNumber
6.3.7.2

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 eeb0dcb1d70e101b80e3b56b8ad89c78
SHA1 9cd2da08048df74996fb365268a14d5c8acc9902
SHA256 0a8ee0793748d532a24626f3f869e763823c9ea3bef6458ed414b03fa5371465
ssdeep
12288:I58I6rofahLt26X7PCx1w2eaF3gPc5BSJXaFb:J8ahL7X7PY9g0+Jqp

authentihash fb4bcdcff98eb9c76821b5ba87eddf00456512527083287b2acff5af2ec31184
imphash 6350f13bc7da3f655b5d5fa4ff45bd2b
File size 636.0 KB ( 651264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-05 01:12:18 UTC ( 3 months, 2 weeks ago )
Last submission 2018-09-05 01:12:18 UTC ( 3 months, 2 weeks ago )
File names CodemastersTransacted
RFQ_Shpsrv_pdf.exe
CodemastersTransacted.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Code injections in the following processes
Created mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections