× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 14bb87e77b28d618004a3cf69150293161531af89582b7dca5080f69ad46c1c3
File name: 9p.exe
Detection ratio: 18 / 68
Analysis date: 2018-06-20 06:52:22 UTC ( 11 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180620
AVG FileRepMalware 20180620
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20180530
Cylance Unsafe 20180620
Cyren W32/VBInject.PA.gen!Eldorado 20180620
Emsisoft Trojan.Injector (A) 20180620
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Injector.DYTM 20180620
F-Prot W32/VBInject.PA.gen!Eldorado 20180620
Fortinet W32/Injector.DYTM!tr 20180620
Sophos ML heuristic 20180601
Malwarebytes Spyware.PasswordStealer 20180620
McAfee Trojan-FPTS!CB87637AA2CD 20180620
McAfee-GW-Edition BehavesLike.Win32.Fareit.jh 20180620
Palo Alto Networks (Known Signatures) generic.ml 20180620
Qihoo-360 HEUR/QVM03.0.F731.Malware.Gen 20180620
SentinelOne (Static ML) static engine - malicious 20180618
TrendMicro-HouseCall TSPY_HPFAREIT.SM4 20180620
Ad-Aware 20180620
AegisLab 20180620
AhnLab-V3 20180620
Alibaba 20180620
ALYac 20180620
Antiy-AVL 20180620
Arcabit 20180620
Avast-Mobile 20180620
Avira (no cloud) 20180619
AVware 20180618
Babable 20180406
Baidu 20180620
BitDefender 20180620
Bkav 20180619
CAT-QuickHeal 20180620
ClamAV 20180620
CMC 20180620
Comodo 20180620
Cybereason 20180225
DrWeb 20180620
eGambit 20180620
F-Secure 20180620
GData 20180620
Ikarus 20180619
Jiangmin 20180620
K7AntiVirus 20180620
K7GW 20180620
Kaspersky 20180620
Kingsoft 20180620
MAX 20180620
Microsoft 20180619
eScan 20180620
NANO-Antivirus 20180620
Panda 20180619
Rising 20180620
Sophos AV 20180620
SUPERAntiSpyware 20180620
Symantec 20180620
Symantec Mobile Insight 20180619
TACHYON 20180620
Tencent 20180620
TheHacker 20180619
TotalDefense 20180620
TrendMicro 20180620
Trustlook 20180620
VBA32 20180619
VIPRE 20180620
ViRobot 20180620
Webroot 20180620
Yandex 20180618
Zillya 20180619
ZoneAlarm by Check Point 20180620
Zoner 20180619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
cSYA

Product jAQ sOFGWAek
Original name Melismatics.exe
Internal name Melismatics
File version 8.05
Description hEWLETC-pACKARC cs.
Comments Epsoc
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-19 16:26:22
Entry Point 0x000019BC
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(645)
EVENT_SINK_Release
__vbaStrCmp
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(617)
Ord(525)
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(526)
Ord(540)
__vbaStrToUnicode
_CIatan
__vbaCyMulI2
__vbaStrCopy
Ord(673)
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaStrMove
Ord(589)
Ord(517)
__vbaRecAnsiToUni
Ord(544)
_adj_fprem1
Ord(100)
_adj_fdiv_r
_adj_fdiv_m64
__vbaUI1I4
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaLenBstrB
Ord(612)
__vbaFreeStr
_CIcos
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI2Var
__vbaFileClose
Ord(581)
__vbaObjSet
__vbaI4Var
__vbaFpI4
__vbaVarMove
Ord(646)
__vbaRecUniToAnsi
__vbaFreeVar
__vbaNew2
__vbaOnError
_adj_fdivr_m32i
_CItan
_CIexp
Ord(685)
__vbaStrToAnsi
Ord(588)
_adj_fdivr_m32
__vbaFPFix
__vbaFreeStrList
Ord(609)
Ord(698)
_adj_fdiv_m16i
__vbaExceptHandler
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
TEAMVIewwR gMAQ

SubsystemVersion
4.0

Comments
Epsoc

LinkerVersion
6.0

ImageVersion
8.5

FileSubtype
0

FileVersionNumber
8.5.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
hEWLETC-pACKARC cs.

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x19bc

OriginalFileName
Melismatics.exe

MIMEType
application/octet-stream

LegalCopyright
cSYA

FileVersion
8.05

TimeStamp
2018:06:19 17:26:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Melismatics

ProductVersion
8.05

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PIRIFOra cF

CodeSize
692224

ProductName
jAQ sOFGWAek

ProductVersionNumber
8.5.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cb87637aa2cdb6692a2651969a2c16bd
SHA1 ebc9d8a21e94cb701b809d1590a2db20129d5c24
SHA256 14bb87e77b28d618004a3cf69150293161531af89582b7dca5080f69ad46c1c3
ssdeep
12288:kDAuny2GoovR2PhzKijH7fbFVlZzRFNlL2E4SMe+b4q4945YU8//KntWYLH/Ura4:kEuyJFChuir7fbFVlZzRFNlL2E4SMe+a

authentihash 4c2598441ed1d9d9a0cb5c21f44b53354ec4a8aeb1fd4629709cda92ccd4d3e2
imphash b7f256bb37d4c327dfaf8b43bacd527d
File size 692.0 KB ( 708608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-20 06:07:09 UTC ( 11 months, 1 week ago )
Last submission 2018-06-21 10:16:06 UTC ( 11 months ago )
File names Melismatics
ffeff84beb44698d8fa98d91a35e14954252d9cc
9p.exe
Melismatics.exe
output.113477036.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.