× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 11fa3a920ea2169885a2a3b9200b79b5dcfecb021983b65c0e9d6f518aca41ae
File name: Lime.exe
Detection ratio: 30 / 69
Analysis date: 2018-12-21 08:29:22 UTC ( 5 months ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan/MSIL.Fsysna 20181221
Arcabit Trojan.Razy.D60C68 20181221
Avast Win32:KeyloggerX-gen [Trj] 20181221
AVG Win32:KeyloggerX-gen [Trj] 20181221
Avira (no cloud) TR/Spy.Gen8 20181220
BitDefender Gen:Variant.Razy.396392 20181221
CAT-QuickHeal Trojan.MSIL 20181220
Comodo Malware@#2xajh2ev6rsz5 20181220
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cyren W32/Tasker.A.gen!Eldorado 20181221
DrWeb Trojan.Siggen7.56607 20181221
Emsisoft Gen:Variant.Razy.396392 (B) 20181221
ESET-NOD32 a variant of MSIL/Agent.BPK 20181221
F-Secure Gen:Variant.Razy.396392 20181221
Fortinet W32/Generic.AC.423184 20181221
GData Gen:Variant.Razy.396392 20181221
Ikarus Trojan.MSIL.Agent 20181221
Sophos ML heuristic 20181128
Kaspersky HEUR:Trojan.MSIL.Fsysna.gen 20181221
MAX malware (ai score=82) 20181221
McAfee-GW-Edition BehavesLike.Win32.Backdoor.fh 20181221
Microsoft Trojan:Win32/Skeeyah.A!rfn 20181221
eScan Gen:Variant.Razy.396392 20181221
NANO-Antivirus Trojan.Win32.Gen8.fjxjaf 20181221
Rising Trojan.Agent!8.B1E (CLOUD) 20181221
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.R058C0WK718 20181221
TrendMicro-HouseCall TROJ_GEN.R058C0WK718 20181221
Yandex Trojan.PowerShell! 20181220
ZoneAlarm by Check Point HEUR:Trojan.MSIL.Fsysna.gen 20181221
Acronis 20180726
Ad-Aware 20181221
AegisLab 20181221
AhnLab-V3 20181220
Alibaba 20180921
ALYac 20181221
Avast-Mobile 20181220
Babable 20180918
Baidu 20181207
Bkav 20181220
ClamAV 20181221
CMC 20181220
Cybereason 20180225
Cylance 20181221
eGambit 20181221
Endgame 20181108
F-Prot 20181221
Jiangmin 20181221
K7AntiVirus 20181221
K7GW 20181221
Kingsoft 20181221
Malwarebytes 20181221
McAfee 20181221
Palo Alto Networks (Known Signatures) 20181221
Panda 20181220
Qihoo-360 20181221
SentinelOne (Static ML) 20181011
Sophos AV 20181221
SUPERAntiSpyware 20181220
Symantec 20181221
Symantec Mobile Insight 20181215
TACHYON 20181221
Tencent 20181221
TheHacker 20181220
Trustlook 20181221
VBA32 20181220
ViRobot 20181220
Webroot 20181221
Zillya 20181219
Zoner 20181221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-24 15:04:40
Entry Point 0x0001D4F9
Number of sections 6
PE sections
Overlays
MD5 1b1893b2daa7bccff8d4c4cd2db0d774
File type application/x-rar
Offset 300544
Size 14440
Entropy 7.99
PE imports
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
FindNextFileA
EncodePointer
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
SetFilePointerEx
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
InitializeCriticalSection
LoadResource
AllocConsole
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
QueryPerformanceFrequency
LoadLibraryExA
SetThreadPriority
FindClose
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
FoldStringW
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
CreateSemaphoreW
IsProcessorFeaturePresent
TzSpecificLocalTimeToSystemTime
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
DecodePointer
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
CompareStringW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindFirstFileExA
FindNextFileW
ResetEvent
FreeConsole
FindFirstFileW
GlobalLock
SetEvent
GetTempPathW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
AttachConsole
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GlobalFree
GetConsoleCP
GetTimeFormatW
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
VirtualQuery
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
FindResourceW
Sleep
GetOEMCP
CreateHardLinkW
GdiplusShutdown
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipAlloc
GdipFree
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
Number of PE resources by type
RT_STRING 10
RT_ICON 7
RT_DIALOG 6
PNG 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 27
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:06:24 16:04:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
190464

LinkerVersion
14.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1d4f9

InitializedDataSize
238080

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 b5f32bc781dd75722857059cdbfc8d5f
SHA1 b9e6724aadf2ba4b39c9fa2b560c873d72b66e98
SHA256 11fa3a920ea2169885a2a3b9200b79b5dcfecb021983b65c0e9d6f518aca41ae
ssdeep
6144:vfsd47W6Q4PGWMK/bJ7dF3vcOiX+tG6zyHfLW+:nsOW6Q4OWz9hPiX+tG6zyHfa+

authentihash dcdd177744ef83b0cdf436ee2d0985752d5f71aa9b21bbd8553a12720f466532
imphash 00be6e6c4f9e287672c8301b72bdabf3
File size 307.6 KB ( 314984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-21 08:29:22 UTC ( 5 months ago )
Last submission 2018-12-21 08:29:22 UTC ( 5 months ago )
File names lime.exe
Lime.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs