× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0e84525c5d07b47c4a06b64b1f6aac07e8c06df9550a8b0225b6d4cd284c5e8f
File name: BatchStore.exe
Detection ratio: 2 / 61
Analysis date: 2017-06-13 10:50:07 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9995 20170613
ViRobot Trojan.Win32.Agent.144877[h] 20170613
Ad-Aware 20170613
AegisLab 20170613
AhnLab-V3 20170613
Alibaba 20170613
ALYac 20170613
Antiy-AVL 20170613
Arcabit 20170613
Avast 20170613
AVG 20170613
Avira (no cloud) 20170613
AVware 20170613
BitDefender 20170613
Bkav 20170613
CAT-QuickHeal 20170613
ClamAV 20170613
CMC 20170613
Comodo 20170613
CrowdStrike Falcon (ML) 20170420
Cyren 20170613
DrWeb 20170613
Emsisoft 20170613
Endgame 20170612
ESET-NOD32 20170613
F-Prot 20170613
F-Secure 20170613
Fortinet 20170613
GData 20170613
Ikarus 20170613
Sophos ML 20170607
Jiangmin 20170613
K7AntiVirus 20170613
K7GW 20170613
Kaspersky 20170613
Kingsoft 20170613
Malwarebytes 20170613
McAfee 20170613
McAfee-GW-Edition 20170613
Microsoft 20170613
eScan 20170613
NANO-Antivirus 20170613
nProtect 20170613
Palo Alto Networks (Known Signatures) 20170613
Panda 20170612
Qihoo-360 20170613
Rising 20170613
SentinelOne (Static ML) 20170516
Sophos AV 20170613
SUPERAntiSpyware 20170613
Symantec 20170613
Symantec Mobile Insight 20170613
Tencent 20170613
TheHacker 20170612
TrendMicro 20170613
TrendMicro-HouseCall 20170613
Trustlook 20170613
VBA32 20170612
VIPRE 20170613
Webroot 20170613
WhiteArmor 20170608
Yandex 20170608
Zillya 20170612
ZoneAlarm by Check Point 20170613
Zoner 20170613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017

Product Batch-Store By Kvc v.1.0
File version 1.0.0.0
Description Batch-Store By Kvc v.1.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-26 19:34:11
Entry Point 0x00006444
Number of sections 4
PE sections
Overlays
MD5 5aaeb291fe0d7ee4101bb62fe966990c
File type data
Offset 135168
Size 18076001
Entropy 7.35
PE imports
GetLastError
ReadConsoleInputA
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetFileAttributesA
SetConsoleMode
WaitForSingleObject
GetExitCodeProcess
GetEnvironmentStringsW
HeapDestroy
ExitProcess
SetConsoleTextAttribute
SetConsoleCursorPosition
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
CompareStringW
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetStdHandle
GetModuleHandleA
GetTempPathA
WideCharToMultiByte
GetStringTypeA
SetFilePointer
ReadFile
WriteFile
GetCurrentProcess
CloseHandle
SetConsoleCursorInfo
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
CreateProcessA
LCMapStringA
WriteConsoleA
HeapCreate
VirtualFree
Sleep
GetFileType
SetEndOfFile
CreateFileA
GetTickCount
GetVersion
VirtualAlloc
CompareStringA
timeGetTime
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Batch-Store By Kvc v.1.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
81920

EntryPoint
0x6444

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017

FileVersion
1.0.0.0

TimeStamp
2013:02:26 20:34:11+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
TheBATeam

CodeSize
49152

ProductName
Batch-Store By Kvc v.1.0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 0e63ca51211e0cf2d78e9159447adea4
SHA1 d4e19dbb568facc25df9d4c0e283a9ecca43952c
SHA256 0e84525c5d07b47c4a06b64b1f6aac07e8c06df9550a8b0225b6d4cd284c5e8f
ssdeep
196608:qw1WUAnc89bPMoT9ZfiQEfJz50DUg/fc5WhOq7RZRdtAKHyOOZmGfOPS1nFfFQPp:qw1WF9bJP8+DUEfueDtuXOqdFWB

authentihash dda3913052408241bce85e7b55a255b179c44f4311241b4e7fd21dfeb16754bc
imphash d247a55625cd61e3f91a266bce0cd371
File size 17.4 MB ( 18211169 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-06-13 10:50:07 UTC ( 1 year, 7 months ago )
Last submission 2017-06-13 10:50:07 UTC ( 1 year, 7 months ago )
File names BatchStore.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs
UDP communications