× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0f9ca5c555ddf4b5b29573ea1a513a69555afcfd0b1d3fa8f441bc6991bce543
File name: envbit32.exe
Detection ratio: 10 / 63
Analysis date: 2017-11-02 10:56:21 UTC ( 8 months, 3 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171101
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171102
eGambit Unsafe.AI_Score_100% 20171102
Endgame malicious (high confidence) 20171024
Fortinet W32/Kryptik.FYKM!tr 20171102
Sophos ML heuristic 20170914
Palo Alto Networks (Known Signatures) generic.ml 20171102
Qihoo-360 HEUR/QVM19.1.EA65.Malware.Gen 20171102
Tencent Suspicious.Heuristic.Gen.b.0 20171102
Ad-Aware 20171102
AegisLab 20171102
AhnLab-V3 20171102
Alibaba 20170911
Antiy-AVL 20171102
Arcabit 20171102
Avast 20171102
Avast-Mobile 20171102
AVG 20171102
Avira (no cloud) 20171102
AVware 20171102
BitDefender 20171102
Bkav 20171102
CAT-QuickHeal 20171102
ClamAV 20171102
CMC 20171102
Comodo 20171102
Cybereason 20171030
Cyren 20171102
DrWeb 20171102
Emsisoft 20171102
ESET-NOD32 20171102
F-Prot 20171102
F-Secure 20171102
GData 20171102
Jiangmin 20171102
K7AntiVirus 20171102
K7GW 20171102
Kaspersky 20171102
Kingsoft 20171102
Malwarebytes 20171102
MAX 20171102
McAfee-GW-Edition 20171102
Microsoft 20171102
eScan 20171102
NANO-Antivirus 20171102
nProtect 20171102
Panda 20171101
Rising 20171102
SentinelOne (Static ML) 20171019
Sophos AV 20171102
SUPERAntiSpyware 20171102
Symantec 20171102
Symantec Mobile Insight 20171101
TheHacker 20171031
TotalDefense 20171102
TrendMicro 20171102
TrendMicro-HouseCall 20171102
Trustlook 20171102
VBA32 20171102
VIPRE 20171102
ViRobot 20171102
WhiteArmor 20171024
Yandex 20171101
Zillya 20171102
ZoneAlarm by Check Point 20171102
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-11 07:05:41
Entry Point 0x0000EA13
Number of sections 4
PE sections
PE imports
CmMalloc
CmRealloc
CmAtolA
CertDeleteCRLFromStore
CertAlgIdToOID
CertGetNameStringA
CertDuplicateCRLContext
CertCompareCertificate
CertCloseStore
CertFindExtension
CertControlStore
CryptEnumOIDInfo
CertFindChainInStore
CertFindAttribute
CertSaveStore
CryptFindOIDInfo
CertNameToStrA
EnterCriticalSection
LoadLibraryW
lstrcmp
WaitForSingleObjectEx
GetFileSize
lstrcatA
SetFileTime
GetStartupInfoW
GetCommandLineA
GetProcAddress
ReadConsoleA
CreateSemaphoreA
GetStringTypeA
GetModuleHandleA
CreateFileMappingA
FindNextFileA
GetSystemDirectoryA
GetVersion
IsBadStringPtrW
SearchPathW
FindClose
MoveFileW
GetCurrentThreadId
DeleteFileW
GetExpandedNameA
SE_IsShimDll
SE_InstallBeforeInit
wsprintfA
CreateWindowExA
LoadCursorA
PeekMessageA
GetClassLongW
PostMessageA
LoadBitmapW
DrawStateA
LoadMenuW
LoadStringW
LoadImageA
LoadIconW
DialogBoxParamA
MessageBoxW
IsCharLowerW
GetPropA
CreateDesktopW
LoadIconA
Number of PE resources by type
DCXA 2
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:06:11 08:05:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
599552

LinkerVersion
10.0

EntryPoint
0xea13

InitializedDataSize
13824

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 caf3575a95198ee925f2dfdeba2e78f3
SHA1 2f267d5e2fb9d6ae818d5caa7f2fa508daf09d67
SHA256 0f9ca5c555ddf4b5b29573ea1a513a69555afcfd0b1d3fa8f441bc6991bce543
ssdeep
12288:sfK3FAyt2y5esclHdwCVJEJHGMWxfLoFB5nVRZ6mOkJuijB:sfoFVes8HCCVJEZGMWBUNVP6mNjj

imphash 96c766b3e774d8e412189713e40b75ea
File size 600.0 KB ( 614400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (40.5%)
Win32 Dynamic Link Library (generic) (20.3%)
Win32 Executable (generic) (13.9%)
Win16/32 Executable Delphi generic (6.4%)
OS/2 Executable (generic) (6.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-02 10:56:21 UTC ( 8 months, 3 weeks ago )
Last submission 2018-05-27 17:38:25 UTC ( 1 month, 3 weeks ago )
File names 0f9ca5c555ddf4b5b29573ea1a5.exe
CAF3575A95198EE925F2DFDEBA2E78F3.exe
envbit32.exe
O77enbdGF5
VirusShare_caf3575a95198ee925f2dfdeba2e78f3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications