× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0c444ad103fbfefe29fcaa0e65206461ae2d79ab89a1b84d25d2d0a02842a24d
File name: Rip.exe
Detection ratio: 29 / 65
Analysis date: 2017-09-30 17:13:22 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.408249 20170930
AegisLab W32.W.AutoRun.lmJt 20170930
AhnLab-V3 Trojan/Win32.Generic.C2174004 20170930
ALYac Gen:Variant.Graftor.408249 20170930
Antiy-AVL Trojan/Win32.AGeneric 20170930
Arcabit Trojan.Graftor.D63AB9 20170930
Avira (no cloud) TR/Crypt.XPACK.Gen 20170930
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9859 20170930
BitDefender Gen:Variant.Graftor.408249 20170930
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170930
Emsisoft Gen:Variant.Graftor.408249 (B) 20170930
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/PSW.Delf.ORF 20170930
F-Secure Gen:Variant.Graftor.408249 20170930
Fortinet W32/Delf.ORF!tr.pws 20170929
GData Gen:Variant.Graftor.408249 20170930
Sophos ML heuristic 20170914
Kaspersky HEUR:Trojan.Win32.Generic 20170930
Malwarebytes Spyware.Mephistophilus 20170930
MAX malware (ai score=84) 20170930
eScan Gen:Variant.Graftor.408249 20170930
Panda Trj/GdSda.A 20170930
Qihoo-360 HEUR/QVM05.1.3207.Malware.Gen 20170930
Rising Stealer.Delf!8.415 (TFE:dGZlOgQO48EauF9S3w) 20170930
SentinelOne (Static ML) static engine - malicious 20170806
Symantec ML.Attribute.HighConfidence 20170929
VBA32 suspected of Trojan.Notifier.gen 20170929
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170930
Alibaba 20170911
Avast 20170930
Avast-Mobile 20170929
AVG 20170930
AVware 20170930
CAT-QuickHeal 20170930
ClamAV 20170930
CMC 20170928
Comodo 20170930
Cyren 20170930
DrWeb 20170930
F-Prot 20170930
Ikarus 20170930
Jiangmin 20170930
K7AntiVirus 20170928
K7GW 20170930
Kingsoft 20170930
McAfee 20170930
McAfee-GW-Edition 20170930
Microsoft 20170930
NANO-Antivirus 20170930
nProtect 20170930
Palo Alto Networks (Known Signatures) 20170930
Sophos AV 20170930
SUPERAntiSpyware 20170930
Symantec Mobile Insight 20170928
Tencent 20170930
TheHacker 20170928
TotalDefense 20170930
TrendMicro 20170930
TrendMicro-HouseCall 20170930
Trustlook 20170930
VIPRE 20170930
ViRobot 20170930
Webroot 20170930
WhiteArmor 20170927
Yandex 20170908
Zillya 20170929
Zoner 20170930
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00070EFC
Number of sections 6
PE sections
Overlays
MD5 d500d81892d2968fd39c0f27e66eed07
File type ASCII text
Offset 517632
Size 1552951
Entropy 0.00
PE imports
RegCreateKeyExW
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
RegEnumKeyW
FreeSid
CryptGetHashParam
RegQueryValueExA
RegOpenKeyExW
CreateProcessAsUserW
RegEnumKeyA
LookupAccountSidA
RegEnumValueA
RegOpenKeyW
RegOpenKeyExA
CryptHashData
GetUserNameW
AllocateAndInitializeSid
RegQueryValueExW
CryptDestroyHash
CryptCreateHash
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
GetTempPathA
WideCharToMultiByte
GetDiskFreeSpaceW
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetFullPathNameA
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
FindClose
FormatMessageA
GetFullPathNameW
OutputDebugStringA
GetSystemTime
CopyFileW
GetModuleFileNameW
TryEnterCriticalSection
ExitProcess
GetVersionExA
GetModuleFileNameA
FlushViewOfFile
UnhandledExceptionFilter
MultiByteToWideChar
MoveFileW
CreateMutexA
GetModuleHandleA
LockFileEx
CreateThread
SetEnvironmentVariableW
CreateMutexW
ExitThread
SetCurrentDirectoryW
SetEndOfFile
GetCurrentThreadId
AreFileApisANSI
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
DeleteFileA
DeleteFileW
GetProcAddress
GetProcessHeap
GetComputerNameW
ExpandEnvironmentStringsW
FindNextFileW
HeapValidate
CreateFileMappingA
FindFirstFileW
CreateFileW
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
CreateFileMappingW
HeapCreate
GetSystemInfo
lstrlenA
HeapReAlloc
GetThreadLocale
WaitForSingleObjectEx
HeapCompact
LockFile
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
UnlockFileEx
GetVersion
GetFileAttributesExW
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
CoCreateInstance
OleInitialize
SysReAllocStringLen
SysFreeString
SysAllocStringLen
EnumDisplayDevicesA
MessageBoxA
GetKeyboardType
CharNextA
wvsprintfA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
458752

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
57856

SubsystemVersion
4.0

EntryPoint
0x70efc

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 334cbcef3e743782897d179d3c81f5f4
SHA1 0b4b7fe913df5491f8514e7f2e0f2380478070ac
SHA256 0c444ad103fbfefe29fcaa0e65206461ae2d79ab89a1b84d25d2d0a02842a24d
ssdeep
12288:6V6O7RrY2wDJ7q6D+/gx5KYEwqyDaUVdCd6rLcJNzzpJdKZ:6gO7RuDJ7q5uKwqxdEcJNz

authentihash 6958d98f5262705e7b3268252f97f5c80ed4e26e2b6e7cfe3ecdf7e6ace6c5a1
imphash cf0f3daecc72f2b660bf345f0ec970d7
File size 2.0 MB ( 2070583 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (40.5%)
Win32 Dynamic Link Library (generic) (20.3%)
Win32 Executable (generic) (13.9%)
Win16/32 Executable Delphi generic (6.4%)
OS/2 Executable (generic) (6.2%)
Tags
bobsoft peexe overlay

VirusTotal metadata
First submission 2017-09-30 17:13:22 UTC ( 1 year, 3 months ago )
Last submission 2018-07-31 18:13:14 UTC ( 5 months, 3 weeks ago )
File names unpacked.exe.vir
Rip.exe
1000-0b4b7fe913df5491f8514e7f2e0f2380478070ac
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications