× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0db12f9b38265ebdbab0900971c60aaae17ee3e6b8a32cea230414f07bfb9da5
File name: New Thor Patcher.exe
Detection ratio: 11 / 62
Analysis date: 2017-04-28 14:15:46 UTC ( 1 year ago )
Antivirus Result Update
CAT-QuickHeal Trojan.IGENERIC 20170428
ClamAV Win.Trojan.Vilsel-143 20170428
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170130
Endgame malicious (moderate confidence) 20170419
Sophos ML virus.win32.sality.at 20170413
K7AntiVirus Riskware ( 0040eff71 ) 20170428
K7GW Riskware ( 0040eff71 ) 20170426
McAfee-GW-Edition BehavesLike.Win32.Generic.wc 20170428
NANO-Antivirus Trojan.Win32.Reconyc.dklcqv 20170428
TheHacker Trojan/Vilsel.bkyv 20170428
Yandex PUA.Downware! 20170428
Ad-Aware 20170428
AegisLab 20170428
AhnLab-V3 20170428
Alibaba 20170428
ALYac 20170428
Antiy-AVL 20170428
Arcabit 20170428
Avast 20170428
AVG 20170428
Avira (no cloud) 20170428
AVware 20170428
Baidu 20170428
BitDefender 20170428
Bkav 20170428
CMC 20170427
Comodo 20170428
Cyren 20170428
DrWeb 20170428
Emsisoft 20170428
ESET-NOD32 20170428
F-Prot 20170428
F-Secure 20170428
Fortinet 20170428
GData 20170428
Ikarus 20170428
Jiangmin 20170428
Kaspersky 20170428
Kingsoft 20170428
Malwarebytes 20170428
McAfee 20170428
Microsoft 20170428
eScan 20170428
nProtect 20170428
Palo Alto Networks (Known Signatures) 20170428
Panda 20170428
Qihoo-360 20170428
Rising 20170428
SentinelOne (Static ML) 20170330
Sophos AV 20170428
SUPERAntiSpyware 20170428
Symantec 20170428
Symantec Mobile Insight 20170428
Tencent 20170428
TotalDefense 20170426
TrendMicro 20170428
TrendMicro-HouseCall 20170428
Trustlook 20170428
VBA32 20170428
VIPRE 20170428
ViRobot 20170428
Webroot 20170428
WhiteArmor 20170409
Zillya 20170428
ZoneAlarm by Check Point 20170428
Zoner 20170428
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
AED

Product Aeomin DLIB Core
Original name Thor.exe
File version 2.6.1.66
Description Thor Patcher
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-24 03:59:20
Entry Point 0x00218984
Number of sections 10
PE sections
Overlays
MD5 7ce2a9a26049eb9724323f839d06ed65
File type ps database
Offset 2544640
Size 1550350
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryValueExA
RegRestoreKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
RegFlushKey
RegConnectRegistryW
RegOpenKeyExW
RegReplaceKeyW
RegEnumKeyA
GetUserNameA
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExA
RegLoadKeyW
RegCreateKeyExA
RegDeleteValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
RegSaveKeyW
RegDeleteValueA
RegUnLoadKeyW
ImageList_BeginDrag
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_SetImageCount
FlatSB_GetScrollInfo
ImageList_GetDragImage
FlatSB_SetScrollProp
ImageList_Create
ImageList_DragMove
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_Read
ImageList_Replace
ImageList_SetOverlayImage
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_GetIcon
FlatSB_SetScrollPos
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
InitializeFlatSB
FlatSB_GetScrollPos
ImageList_DragShowNolock
ImageList_Remove
ImageList_Copy
ImageList_LoadImageW
ImageList_EndDrag
GetSaveFileNameA
PrintDlgW
SetDIBits
GetTextMetricsW
SetMapMode
GetWindowOrgEx
ResizePalette
SetTextAlign
GetPaletteEntries
PathToRegion
CopyEnhMetaFileW
SetPixel
EndDoc
SetPaletteEntries
StretchDIBits
GetTextExtentPointW
CreatePalette
CreateDIBitmap
GetDIBits
GetEnhMetaFileBits
GetDCOrgEx
StretchBlt
GetTextFaceA
CloseFigure
Pie
Arc
SetBkColor
SetWinMetaFileBits
GetDIBColorTable
DeleteEnhMetaFile
CombineRgn
GetSystemPaletteEntries
SetStretchBltMode
EnumFontsW
GetCurrentPositionEx
TextOutA
CreateEnhMetaFileW
CreateRectRgnIndirect
EndPath
GetPixel
GetBrushOrgEx
ExcludeClipRect
SetBkMode
BitBlt
CreateFontA
SetAbortProc
FrameRgn
CreateBrushIndirect
SelectPalette
CloseEnhMetaFile
SetROP2
EndPage
AbortDoc
GetNearestPaletteIndex
SetDIBColorTable
BeginPath
DeleteObject
CreatePenIndirect
PatBlt
CreatePen
GetClipBox
Rectangle
GetDeviceCaps
LineTo
DeleteDC
CreateFontIndirectW
StartPage
GetObjectW
CreateDCW
RealizePalette
SetEnhMetaFileBits
IntersectClipRect
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
UnrealizeObject
GdiFlush
SelectClipRgn
RoundRect
GetTextExtentPoint32A
GetWinMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
SetWindowOrgEx
GetTextExtentPoint32W
LPtoDP
Polygon
CreateHalftonePalette
GetRgnBox
SaveDC
CreateICW
MaskBlt
GetEnhMetaFilePaletteEntries
RestoreDC
GetBitmapBits
CreateDIBSection
SetTextColor
ExtFloodFill
MoveToEx
EnumFontFamiliesExW
SetViewportOrgEx
ExtTextOutW
CreateCompatibleDC
PolyBezierTo
CreateFontW
PolyBezier
Chord
SetBrushOrgEx
CreateRectRgn
SelectObject
StartDocA
CreateCompatibleBitmap
CreateSolidBrush
Polyline
StartDocW
Ellipse
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
ReleaseMutex
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
FindNextFileA
SignalObjectAndWait
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetLocaleInfoA
LocalAlloc
ExpandEnvironmentStringsA
OpenFileMappingA
SetErrorMode
GetThreadContext
GetLocaleInfoW
GetFileTime
GetTempPathA
WideCharToMultiByte
LoadLibraryW
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
GetTimeZoneInformation
GetDiskFreeSpaceA
GetThreadPriority
SetFileAttributesA
SetEvent
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
GetFullPathNameW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
InterlockedDecrement
GlobalFindAtomW
lstrcpynW
GetModuleFileNameW
TryEnterCriticalSection
Beep
IsDebuggerPresent
ExitProcess
RemoveDirectoryA
RaiseException
GetPriorityClass
LoadLibraryExA
SetThreadPriority
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
EnumCalendarInfoW
CreateRemoteThread
CreateMutexA
GetModuleHandleA
GlobalMemoryStatus
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
GetSystemDefaultUILanguage
CreatePipe
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
ExitThread
WaitForMultipleObjectsEx
TerminateProcess
GetVersion
SetCurrentDirectoryW
VirtualQuery
VirtualQueryEx
CreateEventW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
EnterCriticalSection
TerminateThread
lstrcmpiA
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
CopyFileW
GlobalSize
GetStartupInfoA
GetFileSize
GetUserDefaultLangID
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
GetComputerNameW
CompareStringW
lstrcpyW
GlobalReAlloc
lstrcmpA
FindNextFileW
ResetEvent
GetComputerNameA
FindFirstFileW
IsValidLocale
DuplicateHandle
GlobalLock
CreateFileMappingW
GetModuleFileNameA
LocalSize
CreateFileW
CopyFileA
GetFileType
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
GlobalDeleteAtom
GetSystemInfo
GlobalFree
FindResourceW
FindFirstFileA
GetThreadLocale
GlobalUnlock
GlobalAlloc
lstrlenW
CreateProcessW
SwitchToThread
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
SuspendThread
QueryPerformanceFrequency
MapViewOfFile
SetFilePointer
ReadFile
InterlockedExchangeAdd
CloseHandle
GetACP
GetModuleHandleW
FreeResource
FileTimeToLocalFileTime
CreateProcessA
UnmapViewOfFile
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
FindResourceA
VirtualAlloc
AlphaBlend
CreateStreamOnHGlobal
OleUninitialize
OleDraw
CoInitialize
OleInitialize
ProgIDFromCLSID
IsAccelerator
CoCreateInstance
OleRegEnumVerbs
CoUninitialize
StringFromCLSID
CoGetClassObject
OleSetMenuDescriptor
IsEqualGUID
CoTaskMemFree
CoTaskMemAlloc
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
GetActiveObject
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
GetErrorInfo
SysFreeString
VariantInit
ShellExecuteExA
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
MapWindowPoints
GetMessagePos
SetWindowRgn
RedrawWindow
LoadBitmapW
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
WindowFromPoint
DrawIcon
GetMessageTime
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetMenuStringW
SendMessageW
SendMessageA
UnregisterClassW
GetClientRect
GetMenuItemInfoW
DefMDIChildProcW
DrawTextW
SetScrollPos
CallNextHookEx
GetSysColor
GetKeyboardState
ClientToScreen
GetTopWindow
GetWindowTextW
LoadImageA
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
GetPropW
SetClassLongW
EnumWindows
GetMessageW
ShowWindow
FlashWindowEx
SetPropW
GetDesktopWindow
PeekMessageW
TranslateMDISysAccel
InsertMenuItemW
SetWindowPlacement
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
RegisterClassW
GetIconInfo
SetParent
SetClipboardData
IsZoomed
GetWindowPlacement
LoadStringW
GetKeyboardLayoutList
DrawMenuBar
IsIconic
RegisterClassA
GetDCEx
GetSubMenu
SetTimer
GetActiveWindow
IsDialogMessageW
FlashWindow
EnumThreadWindows
CreateAcceleratorTableW
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
GetWindowLongW
CharNextW
IsChild
IsDialogMessageA
SetFocus
RegisterWindowMessageW
DrawEdge
SetCapture
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
CopyIcon
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
DefWindowProcA
GetClipboardData
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
EnumChildWindows
GetScrollRange
GetMessageExtraInfo
CharLowerW
SetWindowLongA
PostMessageW
GetKeyNameTextW
DrawTextExW
WaitMessage
SetWindowTextA
CheckMenuItem
DrawFocusRect
GetClassLongW
GetLastActivePopup
DrawIconEx
CharUpperBuffW
SetWindowTextW
CreateWindowExA
RemovePropW
CharLowerBuffW
BringWindowToTop
GetSystemMenu
ScreenToClient
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
AttachThreadInput
GetMenuState
ShowOwnedPopups
LoadCursorW
LoadIconW
FindWindowExW
GetDC
InsertMenuW
FillRect
SetForegroundWindow
PostThreadMessageA
OpenClipboard
EmptyClipboard
DrawTextA
IntersectRect
GetScrollInfo
GetKeyboardLayout
FindWindowW
GetCapture
CreatePopupMenu
MessageBeep
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
MessageBoxW
GetMenu
DestroyIcon
DrawFrameControl
UnhookWindowsHookEx
LoadKeyboardLayoutW
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
MsgWaitForMultipleObjectsEx
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EnableMenuItem
DefFrameProcW
IsWindowVisible
SetCursorPos
SystemParametersInfoW
DispatchMessageW
FrameRect
SetRect
DeleteMenu
InvalidateRect
SendMessageTimeoutA
CreateIcon
CallWindowProcW
DestroyWindow
GetClassInfoW
SetWindowsHookExW
GetCursor
GetFocus
CreateMenu
EnableWindow
CloseClipboard
SetMenu
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
ClosePrinter
DocumentPropertiesW
GetDefaultPrinterW
EnumPrintersW
OpenPrinterW
setsockopt
bind
socket
recvfrom
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
connect
sendto
closesocket
htons
recv
select
PE exports
Number of PE resources by type
RT_BITMAP 37
RT_STRING 36
RT_RCDATA 9
RT_GROUP_CURSOR 8
RT_CURSOR 8
RT_ICON 3
RT_DIALOG 2
MAD 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 59
ENGLISH US 48
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
349184

ImageVersion
0.0

ProductName
Aeomin DLIB Core

FileVersionNumber
2.6.1.66

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

OriginalFileName
Thor.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.6.1.66

TimeStamp
2011:01:24 04:59:20+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.4.3

FileDescription
Thor Patcher

OSVersion
5.0

FileOS
Win32

LegalCopyright
AED

MachineType
Intel 386 or later, and compatibles

CodeSize
2194432

FileSubtype
0

ProductVersionNumber
2.6.1.66

EntryPoint
0x218984

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 b817b526d9f3b1deb2a50135ae5bd1dd
SHA1 3ecc8d1e4055bcd7d1e061a530ccae4d76654f98
SHA256 0db12f9b38265ebdbab0900971c60aaae17ee3e6b8a32cea230414f07bfb9da5
ssdeep
98304:yPgK+T8+qEcN5AmHBdo1mQw0gSQm7BUwj:t5XcNemH3Cg3oBdj

authentihash b041bde5f50f6a15fd404ba753f21cb18680ae5e4bf01f11b64f84ed182b56ed
imphash f9e78b6ec727643df400ec910e558768
File size 3.9 MB ( 4094990 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (62.7%)
Win32 EXE PECompact compressed (generic) (23.7%)
Windows screen saver (7.4%)
Win32 Executable (generic) (2.5%)
Win16/32 Executable Delphi generic (1.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-04-28 14:15:46 UTC ( 1 year ago )
Last submission 2017-04-28 14:15:46 UTC ( 1 year ago )
File names New Thor Patcher.exe
Thor.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications