× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0bcdf313aec08e1ccb6d77330559c6a1c695b4a2fadfb5905ecbd8eeab202dc9
File name: .
Detection ratio: 26 / 70
Analysis date: 2019-02-04 18:27:23 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190130
AhnLab-V3 Malware/Gen.Generic.C2883532 20190204
Antiy-AVL Trojan[Banker]/Win32.IcedID 20190204
Avast Win32:Trojan-gen 20190204
AVG Win32:Trojan-gen 20190204
Avira (no cloud) TR/AD.IcedId.hdfcp 20190204
DrWeb Trojan.IcedID.15 20190204
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOHF 20190204
Fortinet W32/Kryptik.GNRO!tr 20190201
K7AntiVirus Trojan ( 005450b91 ) 20190204
K7GW Trojan ( 005450b91 ) 20190204
Kaspersky HEUR:Trojan.Win32.Generic 20190204
McAfee Ursnif-FQLY!AF4CD8743619 20190204
McAfee-GW-Edition Ursnif-FQLY!AF4CD8743619 20190204
NANO-Antivirus Trojan.Win32.IcedID.fkxnhg 20190204
Panda Generic Malware 20190204
Rising Trojan.GenKryptik!8.AA55 (RDM+:cmRtazoHuy5LWaPIsGN8PacZu3wg) 20190204
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Troj/BokBot-H 20190204
Trapmine suspicious.low.ml.score 20190123
VBA32 TrojanBanker.IcedID 20190204
Webroot W32.Trojan.Gen 20190204
Yandex Trojan.PWS.IcedID! 20190204
Zillya Trojan.Generic.Win32.399666 20190201
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190204
Ad-Aware 20190204
AegisLab 20190204
Alibaba 20180921
ALYac 20190204
Arcabit 20190204
Avast-Mobile 20190204
Babable 20180918
Baidu 20190202
BitDefender 20190204
Bkav 20190201
CAT-QuickHeal 20190204
ClamAV 20190204
CMC 20190204
Comodo 20190204
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190204
eGambit 20190204
Emsisoft 20190204
F-Prot 20190204
F-Secure 20190204
GData 20190204
Ikarus 20190204
Sophos ML 20181128
Jiangmin 20190204
Kingsoft 20190204
Malwarebytes 20190204
MAX 20190204
Microsoft 20190204
eScan 20190204
Palo Alto Networks (Known Signatures) 20190204
Qihoo-360 20190204
SUPERAntiSpyware 20190130
Symantec 20190204
TACHYON 20190204
Tencent 20190204
TheHacker 20190203
TotalDefense 20190204
TrendMicro 20190204
TrendMicro-HouseCall 20190204
Trustlook 20190204
VIPRE 20190204
ViRobot 20190203
Zoner 20190204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2002 Technology Finance Partners Party. All rights reserved.

Product Heldcost
Internal name Heldcost
File version 8.7.69.86
Description Heldcost
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-04 11:17:38
Entry Point 0x00004E2A
Number of sections 4
PE sections
PE imports
ImageList_GetDragImage
ImageList_Create
ImageList_GetImageInfo
ImageList_EndDrag
ImageList_GetImageCount
OffsetViewportOrgEx
ScaleViewportExtEx
CreateRectRgn
GetPixel
CreateFontA
ScaleWindowExtEx
SelectClipRgn
CreateCompatibleDC
SetViewportExtEx
GetLastError
GetEnvironmentVariableA
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
GetEnvironmentStringsW
IsDebuggerPresent
EncodePointer
TlsAlloc
VirtualProtect
FlushFileBuffers
RemoveDirectoryA
RtlUnwind
GetSystemDirectoryA
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetModuleHandleW
GetCurrentDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetUserDefaultLCID
InterlockedCompareExchange
GetLocaleInfoW
SetStdHandle
InitializeCriticalSectionAndSpinCount
RaiseException
InitializeCriticalSection
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
IsProcessorFeaturePresent
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
TerminateProcess
GetModuleFileNameA
QueryPerformanceCounter
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
FindClose
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
ExitProcess
WriteConsoleW
InterlockedIncrement
SetFocus
GetCursorPos
GetWindowTextLengthA
OpenClipboard
AppendMenuA
SystemParametersInfoA
FrameRect
BeginPaint
PostMessageA
GetSystemMetrics
ValidateRect
CallWindowProcA
GetClassInfoExA
DestroyMenu
GetFocus
InvalidateRect
ClientToScreen
MapWindowPoints
RegisterClassExA
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
Number of PE resources by type
RT_ICON 7
RT_MANIFEST 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
155136

ImageVersion
0.0

ProductName
Heldcost

FileVersionNumber
8.7.69.86

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
8.7.69.86

TimeStamp
2011:12:04 12:17:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Heldcost

ProductVersion
8.7.69.86

FileDescription
Heldcost

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright 2002 Technology Finance Partners Party. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Technology Finance Partners Party

CodeSize
122368

FileSubtype
0

ProductVersionNumber
8.7.69.86

EntryPoint
0x4e2a

ObjectFileType
Executable application

File identification
MD5 af4cd874361940cbfcf19898ea198971
SHA1 a3e1e8e6b38711dd327a2cd0dc97af7803a3eb16
SHA256 0bcdf313aec08e1ccb6d77330559c6a1c695b4a2fadfb5905ecbd8eeab202dc9
ssdeep
3072:I6F5KXsd7mq64frNHqTK0aqX7G708G29tMzw3G3q88FPhIfUfK3F:I6EacWrNHewqro6HwMyji3F

authentihash 6247e67e1967a59df0ee2016bc8c4f9d9d4856dcdca9226de331e79aae3caa77
imphash 2fb0507054240ed7ac7012a9540056e7
File size 225.0 KB ( 230400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-04 18:27:23 UTC ( 1 month, 2 weeks ago )
Last submission 2019-02-04 18:27:23 UTC ( 1 month, 2 weeks ago )
File names Heldcost
.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.