× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0fefdfbc442c4667670b1b9001f1b586dbf7d7eeb13bcaf21af53984d5ad14a6
File name: boun10.yarn
Detection ratio: 15 / 67
Analysis date: 2018-05-08 18:04:33 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.81535 20180508
ALYac Gen:Variant.Symmi.81535 20180508
Arcabit Trojan.Symmi.D13E7F 20180508
Avast Win32:Evo-gen [Susp] 20180508
AVG Win32:Evo-gen [Susp] 20180508
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9979 20180508
BitDefender Gen:Variant.Symmi.81535 20180508
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180418
Emsisoft Gen:Variant.Symmi.81535 (B) 20180508
Endgame malicious (high confidence) 20180507
F-Secure Gen:Variant.Symmi.81535 20180508
GData Gen:Variant.Symmi.81535 20180508
MAX malware (ai score=95) 20180508
eScan Gen:Variant.Symmi.81535 20180508
Symantec Packed.Generic.523 20180508
AegisLab 20180508
AhnLab-V3 20180508
Alibaba 20180508
Antiy-AVL 20180508
Avast-Mobile 20180508
Avira (no cloud) 20180508
AVware 20180428
Babable 20180406
Bkav 20180508
CAT-QuickHeal 20180508
ClamAV 20180508
CMC 20180508
Comodo 20180508
Cybereason None
Cylance 20180508
Cyren 20180508
DrWeb 20180508
eGambit 20180508
ESET-NOD32 20180508
F-Prot 20180508
Fortinet 20180508
Ikarus 20180508
Sophos ML 20180503
Jiangmin 20180508
K7AntiVirus 20180508
K7GW 20180508
Kaspersky 20180508
Kingsoft 20180508
Malwarebytes 20180508
McAfee 20180508
McAfee-GW-Edition 20180508
Microsoft 20180508
NANO-Antivirus 20180508
nProtect 20180508
Palo Alto Networks (Known Signatures) 20180508
Panda 20180508
Qihoo-360 20180508
Rising 20180508
SentinelOne (Static ML) 20180225
Sophos AV 20180508
SUPERAntiSpyware 20180508
Symantec Mobile Insight 20180505
Tencent 20180508
TheHacker 20180504
TotalDefense 20180508
TrendMicro 20180508
TrendMicro-HouseCall 20180508
Trustlook 20180508
VBA32 20180508
VIPRE 20180508
ViRobot 20180508
Webroot 20180508
Yandex 20180508
Zillya 20180508
ZoneAlarm by Check Point 20180508
Zoner 20180507
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Lay Operate
Original name Lay Operate.exe
File version 9, 8, 3041, 5597
Description Lay Operate
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-08 13:01:14
Entry Point 0x0007E17A
Number of sections 4
PE sections
PE imports
ImageList_LoadImageW
CreatePropertySheetPageW
ImageList_SetDragCursorImage
PropertySheetW
FindTextW
GetSaveFileNameW
GetOpenFileNameW
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
RtlUnwind
GetLocalTime
HeapSetInformation
GetCurrentProcess
DecodePointer
GetCurrentProcessId
UnhandledExceptionFilter
GetCommandLineW
GetCPInfo
GetVolumeInformationW
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetProcAddress
DeleteCriticalSection
GetStartupInfoW
ExitProcess
GetFileTime
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
GetSystemTimeAsFileTime
GetDiskFreeSpaceW
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
OleCreateFontIndirect
OleTranslateColor
OleCreatePictureIndirect
OleCreatePropertyFrameIndirect
OleLoadPicture
OleCreatePropertyFrame
GetThemeBackgroundRegion
CloseThemeData
CoUninitialize
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
OleUIUpdateLinksW
OleUIPromptUserW
OleUIAddVerbMenuW
Number of PE resources by type
RT_ICON 10
RT_MANIFEST 1
RT_STRING 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
CodeSize
532992

UninitializedDataSize
0

InitializedDataSize
840192

ImageVersion
0.0

ProductName
Lay Operate

FileVersionNumber
9.8.3041.5597

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
Lay Operate.exe

MIMEType
application/octet-stream

FileVersion
9, 8, 3041, 5597

TimeStamp
2011:05:08 06:01:14-07:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

ProductVersion
9, 8, 3041, 5597

FileDescription
Lay Operate

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

LegalTrademarks
Lay Operate

FileSubtype
0

ProductVersionNumber
9.8.3041.5597

EntryPoint
0x7e17a

ObjectFileType
Executable application

File identification
MD5 681d069ba16ba020b01a3a304fd2971f
SHA1 185dba0cfdbf512fbf64ab41c0771f2784032a8a
SHA256 0fefdfbc442c4667670b1b9001f1b586dbf7d7eeb13bcaf21af53984d5ad14a6
ssdeep
24576:raFlzTx4k6M2AsuPv+V1eO8Z9h5+reLLsvuoqN/NNNNNk2:rMTxAVuP01e7dEeLLs5

authentihash a5ad4981c7d4ce670603d070fed5a3defd5e805af219af674b1fe94dd4c5364c
imphash 14893b0a87d59b65ebf79b7a54abb8b2
File size 1.3 MB ( 1323008 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-08 18:04:33 UTC ( 9 months, 2 weeks ago )
Last submission 2018-05-28 17:38:25 UTC ( 9 months ago )
File names boun6.yarn
boun8.yarn
dony10.yarn
dony6.yarn
dony1.yarn
boun2.yarn
anee1.yarn
boun10.yarn
boun4.yarn
anee10.yarn
dony2.yarn
boun9.yarn
anee9.yarn
anee2.yarn
anee8.yarn
dony8.yarn
Lay Operate.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Runtime DLLs