× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0f176962720cf60b2bf5d8b21330cda10ef2ea82026cbdfb7b0fd99158af3521
File name: Product.exe
Detection ratio: 29 / 67
Analysis date: 2017-11-06 06:04:41 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Midie.41634 20171106
AhnLab-V3 Trojan/Win32.Fareit.R211966 20171105
ALYac Gen:Variant.Midie.41634 20171104
Arcabit Trojan.Midie.DA2A2 20171106
Avast Win32:Malware-gen 20171106
AVG Win32:Malware-gen 20171106
BitDefender Gen:Variant.Midie.41634 20171106
ClamAV Win.Packer.VbPack-0-6334882-0 20171103
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20171016
Cylance Unsafe 20171106
Cyren W32/Fareit.BL.gen!Eldorado 20171106
Emsisoft Gen:Variant.Midie.41634 (B) 20171106
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Injector.DTCU 20171106
F-Prot W32/Fareit.BL.gen!Eldorado 20171106
F-Secure Gen:Variant.Midie.41634 20171106
Fortinet W32/GenKryptik.BANO!tr 20171106
GData Gen:Variant.Midie.41634 20171106
Ikarus Win32.Outbreak 20171105
Sophos ML heuristic 20170914
Kaspersky Trojan-PSW.Win32.Fareit.dehy 20171106
MAX malware (ai score=83) 20171106
eScan Gen:Variant.Midie.41634 20171106
Panda Trj/GdSda.A 20171105
Qihoo-360 Win32/Trojan.PSW.478 20171106
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/FareitVB-M 20171106
Tencent Win32.Trojan.Midie.Anpg 20171106
ZoneAlarm by Check Point Trojan-PSW.Win32.Fareit.dehy 20171106
AegisLab 20171106
Alibaba 20170911
Antiy-AVL 20171103
Avast-Mobile 20171105
Avira (no cloud) 20171105
AVware 20171106
Baidu 20171103
Bkav 20171104
CAT-QuickHeal 20171106
CMC 20171104
Comodo 20171106
Cybereason 20171030
DrWeb 20171106
eGambit 20171106
Jiangmin 20171105
K7AntiVirus 20171105
K7GW 20171106
Kingsoft 20171106
McAfee 20171031
McAfee-GW-Edition 20171106
Microsoft 20171106
NANO-Antivirus 20171106
nProtect 20171106
Palo Alto Networks (Known Signatures) 20171106
Rising 20171106
SUPERAntiSpyware 20171106
Symantec 20171106
Symantec Mobile Insight 20171103
TheHacker 20171102
TotalDefense 20171105
TrendMicro 20171106
TrendMicro-HouseCall 20171106
Trustlook 20171106
VBA32 20171104
VIPRE 20171106
ViRobot 20171106
Webroot 20171106
WhiteArmor 20171104
Yandex 20171102
Zillya 20171104
Zoner 20171106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Jollo_7

Product Jollo_7
Original name Datateknik.exe
Internal name Datateknik
File version 2.09.0005
Description Jollo_7
Comments Jollo_7
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-01 21:36:53
Entry Point 0x000011C8
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaCyI4
__vbaStrCmp
__vbaI4Cy
_adj_fdivr_m64
_adj_fprem
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
__vbaCyAdd
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
_allmul
EVENT_SINK_Release
EVENT_SINK_QueryInterface
_adj_fptan
_CItan
_CIcos
__vbaErrorOverflow
_CIatan
__vbaNew2
_adj_fdivr_m32i
_CIexp
_adj_fprem1
_adj_fdivr_m32
__vbaFreeStrList
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
LegalTrademarks
Jollo_7

SubsystemVersion
4.0

Comments
Jollo_7

LinkerVersion
6.0

ImageVersion
2.9

FileSubtype
0

FileVersionNumber
2.9.0.5

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x0000

FileDescription
Jollo_7

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x11c8

OriginalFileName
Datateknik.exe

MIMEType
application/octet-stream

LegalCopyright
Jollo_7

FileVersion
2.09.0005

TimeStamp
2017:11:01 22:36:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Datateknik

ProductVersion
2.09.0005

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
HeckiN

CodeSize
114688

ProductName
Jollo_7

ProductVersionNumber
2.9.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 ebb04ed1aa608596f7b09f060f205d9c
SHA1 8d51456176c131534c520740a96ad47273d29c9c
SHA256 0f176962720cf60b2bf5d8b21330cda10ef2ea82026cbdfb7b0fd99158af3521
ssdeep
3072:jC4RzkR74TF5uUd8Doqa2vTU3VJob5s3Lv74hHZ:j5RzsYlITNu7A

authentihash 4811fac4acf918605ae9630a6059635211dd575047543d0cb4d720941343907c
imphash ea11824bb531b0af4b3b31feb0bfc42d
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-06 06:04:41 UTC ( 1 year, 5 months ago )
Last submission 2017-11-06 06:04:41 UTC ( 1 year, 5 months ago )
File names Datateknik
localfile~
Product.exe
Datateknik.exe
Product.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!