× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 126193f8561881e02fe547dc69bfb31fc14c21f883c39dcf1c4fac0fa52814c2
File name: fc431f69760c598098f34eec337c8415
Detection ratio: 36 / 57
Analysis date: 2016-10-21 23:09:10 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.CAAS 20161021
AegisLab Uds.Dangerousobject.Multi!c 20161021
AhnLab-V3 Trojan/Win32.Injector.N2135849512 20161021
Arcabit Trojan.Agent.CAAS 20161021
Avast Win32:Malware-gen 20161021
AVG Generic_vb.NHH 20161021
Avira (no cloud) TR/Dropper.VB.pijjw 20161021
AVware Trojan.Win32.Generic!BT 20161021
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161021
BitDefender Trojan.Agent.CAAS 20161021
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/Trojan.WTNH-3633 20161021
DrWeb Trojan.KillProc.47199 20161021
Emsisoft Trojan.Agent.CAAS (B) 20161021
ESET-NOD32 a variant of Win32/Injector.DGMW 20161021
F-Secure Trojan.Agent.CAAS 20161021
GData Trojan.Agent.CAAS 20161021
Ikarus Win32.SuspectCrc 20161021
Sophos ML virtool.win32.vbinject.wx 20161018
K7AntiVirus Trojan ( 004fb32a1 ) 20161021
K7GW Trojan ( 004fb32a1 ) 20161021
Kaspersky Trojan.Win32.VB.dipx 20161021
Malwarebytes Trojan.TrickBot 20161021
McAfee Generic.grp 20161021
McAfee-GW-Edition BehavesLike.Win32.Rontokbro.cm 20161021
eScan Trojan.Agent.CAAS 20161021
NANO-Antivirus Trojan.Win32.KillProc.ehmnty 20161021
Qihoo-360 Win32/Trojan.Multi.daf 20161022
Sophos AV Mal/Generic-L 20161021
Symantec Trojan Horse 20161021
Tencent Win32.Trojan.Vb.Eegx 20161022
TrendMicro TROJ_FRS.0NA003JL16 20161021
TrendMicro-HouseCall TROJ_FRS.0NA003JL16 20161021
VIPRE Trojan.Win32.Generic!BT 20161021
ViRobot Trojan.Win32.Agent.130569[h] 20161021
Yandex Trojan.VB!ahHiLwf4pAs 20161021
Alibaba 20161021
ALYac 20161021
Antiy-AVL 20161021
Bkav 20161021
CAT-QuickHeal 20161021
ClamAV 20161021
CMC 20161021
Comodo 20161021
F-Prot 20161021
Fortinet 20161021
Jiangmin 20161021
Kingsoft 20161022
Microsoft 20161021
nProtect 20161021
Panda 20161021
Rising 20161021
SUPERAntiSpyware 20161021
TheHacker 20161020
TotalDefense 20161021
VBA32 20161021
Zillya 20161021
Zoner 20161021
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
be the de p endent outcome variable in a regression p

Product be the de p endent outcome variable in a regression p
Original name Bertiopas.exe
Internal name Bertiopas
File version 1.01.0099
Description be the de p endent outcome variable in a regression p
Comments be the de p endent outcome variable in a regression p
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-20 05:53:53
Entry Point 0x00001108
Number of sections 3
PE sections
Overlays
MD5 eb710fc33cea24852be579590228a7c0
File type data
Offset 122880
Size 7689
Entropy 7.98
PE imports
EVENT_SINK_QueryInterface
Ord(537)
Ord(648)
Ord(570)
Ord(616)
EVENT_SINK_AddRef
Ord(300)
Ord(717)
Ord(583)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(599)
Ord(100)
Ord(526)
ProcCallEngine
Ord(711)
Ord(585)
EVENT_SINK_Release
Ord(595)
Ord(582)
Ord(306)
Ord(614)
Ord(598)
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
110592

SubsystemVersion
4.0

Comments
be the de p endent outcome variable in a regression p

LinkerVersion
6.0

ImageVersion
1.1

FileSubtype
0

FileVersionNumber
1.1.0.99

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
be the de p endent outcome variable in a regression p

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
28672

EntryPoint
0x1108

OriginalFileName
Bertiopas.exe

MIMEType
application/octet-stream

LegalCopyright
be the de p endent outcome variable in a regression p

FileVersion
1.01.0099

TimeStamp
2016:10:20 07:53:53+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Bertiopas

ProductVersion
1.01.0099

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
FlAsH

LegalTrademarks
be the de p endent outcome variable in a regression p

ProductName
be the de p endent outcome variable in a regression p

ProductVersionNumber
1.1.0.99

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 fc431f69760c598098f34eec337c8415
SHA1 f7906640a0ddb628d4c15ff1ad51f1d2a7f89934
SHA256 126193f8561881e02fe547dc69bfb31fc14c21f883c39dcf1c4fac0fa52814c2
ssdeep
1536:3s9Q+Qdd0Q959rm959TkZ71PwZCvBQ94MEb:86+QddUkDwgvBQ9a

authentihash a4c5712a9f392588bf7835396b1067437a7eba6a32918b48e132229e6c6866dd
imphash 576ec89c64552a0535fcbc8107b7c484
File size 127.5 KB ( 130569 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-10-20 15:51:51 UTC ( 2 years, 6 months ago )
Last submission 2018-05-12 00:06:52 UTC ( 11 months, 1 week ago )
File names aa
Bertiopas
VirusShare_fc431f69760c598098f34eec337c8415
fc431f69760c598098f34eec337c8415.vir
gJEwHvSo.dwg
Bertiopas.exe
fax198-203-9153.scr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications