Antivirus scan for 13944d91c46a1a8c4fa33befd4dd0fddbbc85359f9a788bb9a7a2c1c088e59da at 2018-11-19 07:06:04 UTC

Antivirus	Result	Update
AVG	FileRepMalware	20181119
Bkav	HW32.Packed.	20181119
CrowdStrike Falcon (ML)	malicious_confidence_100% (D)	20181022
Cylance	Unsafe	20181119
eGambit	Unsafe.AI_Score_91%	20181119
Endgame	malicious (high confidence)	20181108
Sophos ML	heuristic	20181108
McAfee-GW-Edition	BehavesLike.Win32.Emotet.cc	20181119
Microsoft	Trojan:Win32/Fuerboos.A!cl	20181119
NANO-Antivirus	Virus.Win32.Gen.ccmw	20181119
Qihoo-360	HEUR/QVM20.1.4E34.Malware.Gen	20181119
Rising	Trojan.Kryptik!1.B4D6 (CLASSIC)	20181119
SentinelOne (Static ML)	static engine - malicious	20181011
Symantec	ML.Attribute.HighConfidence	20181118
Ad-Aware		20181119
AegisLab		20181119
AhnLab-V3		20181118
Alibaba		20180921
ALYac		20181119
Antiy-AVL		20181119
Arcabit		20181119
Avast		20181119
Avast-Mobile		20181118
Avira (no cloud)		20181118
Babable		20180918
Baidu		20181119
BitDefender		20181119
CAT-QuickHeal		20181118
ClamAV		20181119
CMC		20181118
Comodo		20181119
Cybereason		20180225
Cyren		20181119
DrWeb		20181119
Emsisoft		20181119
ESET-NOD32		20181119
F-Prot		20181119
F-Secure		20181119
Fortinet		20181119
GData		20181119
Ikarus		20181118
Jiangmin		20181119
K7AntiVirus		20181119
K7GW		20181119
Kaspersky		20181119
Kingsoft		20181119
Malwarebytes		20181119
MAX		20181119
McAfee		20181119
eScan		20181119
Palo Alto Networks (Known Signatures)		20181119
Panda		20181118
Sophos AV		20181119
SUPERAntiSpyware		20181114
Symantec Mobile Insight		20181108
TACHYON		20181119
Tencent		20181119
TheHacker		20181118
TotalDefense		20181118
TrendMicro		20181119
TrendMicro-HouseCall		20181119
Trustlook		20181119
VBA32		20181116
ViRobot		20181119
Webroot		20181119
Yandex		20181116
Zillya		20181116
ZoneAlarm by Check Point		20181119
Zoner		20181119

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

Internal name sims

Description Poomare

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 1996-06-16 22:07:08

Entry Point 0x00003780

Number of sections 8

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

DATA 4096 10574 12288 6.02 fc44a21234ba687225b39bef48492772

.m 16384 2378 4096 2.99 3aca14d954904f81dc2d2e0db5be6b1d

.data 20480 11660 4096 3.77 1f50461fb4ed450308e433ffd497c4c6

CODE 32768 33074 36864 7.51 d67bb2fabca000062293ee7614bfb544

DATA 69632 52126 53248 7.95 4919622a9fd20fee0cbb832c07f73220

.data 122880 13358 16384 7.17 1efbd6b4fc4ce371ee1e7744de2e8d99

.rsrc 139264 1864 4096 1.73 e77afb8c0fa0bc2ef00b9dbe1019d440

.reloc 143360 1344 4096 2.76 1bdf88e8ba566a1361653a28627e5a50

PE imports

Number of PE resources by type

RT_STRING 3

RT_VERSION 1

Number of PE resources by language

NORWEGIAN BOKMAL 4

PE resources

043682eb90c932a3cc5509e78b522fe3f84bf8096075270a4eebc2b2bdd973a4 ASCII text

09e9e22cc3cf9d21653f18d5accc5053b87ad2076303cb4ffc94e39988e5c97c ASCII text

a89eb85fdde6054b18cfdfe70b41782de83c04edcc2b6e04cc80a122ddb683d2 data

cd1984df43d496bc1cbe563defbc6e33357f2bff36c7fdae379339c09e6e9a1d ASCII text

Debug information

Type Timestamp Offset Size

IMAGE_DEBUG_TYPE_CODEVIEW (2) Sun Jun 16 22:07:08 1996 17776 35 Bytes

12 (12) Mon Nov 19 07:00:16 2018 17900 20 Bytes

ExifTool file metadata

UninitializedDataSize

LinkerVersion

14.0

ImageVersion

1.1

FileVersionNumber

1.6.0.0

LanguageCode

English (U.S.)

FileFlagsMask

0x003f

FileDescription

Poomare

ImageFileCharacteristics

Executable, 32-bit

CharacterSet

Unicode

Microsoft Corporation. All r

EntryPoint

0x3780

MIMEType

application/octet-stream

TimeStamp

1996:06:17 00:07:08+02:00

FileType

Win32 EXE

PEType

PE32

InternalName

sims

SubsystemVersion

5.0

OSVersion

6.0

FileOS

Windows NT 32-bit

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

CompanyName

Mic

TVersion

1.0

CodeSize

12288

FileSubtype

ProductVersionNumber

1.6.0.0

InitializedDataSize

FileTypeExtension

exe

ObjectFileType

Executable application

File identification

MD5 4209c3138403a27582588ed95768f11e

SHA1 ebc078c49a08bc082a7d05d331c320128c18824a

SHA256 13944d91c46a1a8c4fa33befd4dd0fddbbc85359f9a788bb9a7a2c1c088e59da

ssdeep

3072:hpNZJ4lP0NUJekQdu+igYFM76LY0C13g5dJJj8B:h1JlNIlQduZG7Io3g5Z

authentihash 3ebbe0ed22f2c2426eab4df4788006629cc8c7744bcc539b0b4ea2803444b583

imphash cdb558c4f414706ef76474c69fc5bde2

File size 136.0 KB ( 139264 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Win32 Dynamic Link Library (generic) (38.4%) Win32 Executable (generic) (26.3%) OS/2 Executable (generic) (11.8%) Generic Win/DOS Executable (11.6%) DOS Executable Generic (11.6%)

VirusTotal metadata

First submission 2018-11-19 07:06:04 UTC ( 3 months ago )

Last submission 2018-11-19 08:22:49 UTC ( 3 months ago )

File names

sims
26797128.exe
bmBYikvX.exe
machinemachine.exe----
32106040.exe
pcVY6mqE.exe

Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.

Opened files

\\.\PIPE\lsarpc (successful)

Runtime DLLs

rpcrt4.dll (successful)

mswsock.dll (successful)

ws2_32.dll (successful)

SHA256:	13944d91c46a1a8c4fa33befd4dd0fddbbc85359f9a788bb9a7a2c1c088e59da
File name:	32106040.exe
Detection ratio:	14 / 68
Analysis date:	2018-11-19 07:06:04 UTC ( 3 months ago ) View latest

Ciphered bundle