× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1577bb7578149d35d50146914e0fee9018f935400e4d046ab8425f9d8d1cb921
File name: 1577bb7578149d35d50146914e0fee9018f935400e4d046ab8425f9d8d1cb921
Detection ratio: 46 / 68
Analysis date: 2017-12-25 01:51:16 UTC ( 11 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.270703 20171225
AegisLab Filerepmalware.Gen!c 20171225
ALYac Gen:Variant.Zusy.270703 20171225
Antiy-AVL Trojan/Win32.TSGeneric 20171225
Arcabit Trojan.Zusy.D4216F 20171225
Avast FileRepMalware 20171225
AVG FileRepMalware 20171225
Avira (no cloud) TR/Crypt.ZPACK.bdagj 20171224
AVware Trojan.Win32.Generic!BT 20171224
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171222
BitDefender Gen:Variant.Zusy.270703 20171224
Bkav HW32.Packed.9B6D 20171222
CAT-QuickHeal Trojan.Drixed.100454 20171223
ClamAV Win.Trojan.Emotet-6406486-0 20171224
Comodo UnclassifiedMalware 20171224
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.ee572c 20171103
Cylance Unsafe 20171225
eGambit Unsafe.AI_Score_87% 20171225
Emsisoft Gen:Variant.Zusy.270703 (B) 20171225
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.GAXP 20171224
F-Secure Gen:Variant.Zusy.270703 20171225
Fortinet W32/Kryptik.FZTF!tr 20171224
GData Gen:Variant.Zusy.270703 20171224
Ikarus Trojan.Win32.Krypt 20171224
Sophos ML heuristic 20170914
K7GW Trojan ( 005218011 ) 20171225
Kaspersky Trojan.Win32.Dovs.eke 20171225
Malwarebytes Trojan.Emotet 20171224
MAX malware (ai score=99) 20171224
McAfee RDN/Generic.grp 20171224
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20171224
Microsoft Trojan:Win32/Tiggre!rfn 20171224
eScan Gen:Variant.Zusy.270703 20171224
Palo Alto Networks (Known Signatures) generic.ml 20171225
Panda Trj/RnkBend.A 20171224
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Mal/EncPk-ANR 20171224
Symantec Trojan.Gen.2 20171224
Tencent Win32.Trojan.Dovs.Anfz 20171225
TrendMicro TROJ_GEN.R002C0PLO17 20171224
TrendMicro-HouseCall TROJ_GEN.R002C0PLO17 20171224
VIPRE Trojan.Win32.Generic!BT 20171224
Webroot W32.Trojan.Emotet 20171225
ZoneAlarm by Check Point Trojan.Win32.Dovs.eke 20171225
AhnLab-V3 20171224
Alibaba 20171222
Avast-Mobile 20171224
CMC 20171224
Cyren 20171225
DrWeb 20171225
F-Prot 20171224
Jiangmin 20171221
K7AntiVirus 20171224
Kingsoft 20171225
NANO-Antivirus 20171225
nProtect 20171225
Qihoo-360 20171225
Rising 20171225
SUPERAntiSpyware 20171224
Symantec Mobile Insight 20171222
TheHacker 20171219
TotalDefense 20171224
Trustlook 20171225
VBA32 20171222
ViRobot 20171224
WhiteArmor 20171204
Yandex 20171222
Zillya 20171222
Zoner 20171225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2008-2015 Pritek .com

Product Pritek Highspeed WDE Scanner and Editor for Balo
Original name PSEB.exe
Internal name PSEB.exe
File version 1, 1, 2, 0
Description Pritek Highspeed WDE Scanner and Editor for Baloo
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-23 07:21:40
Entry Point 0x000016D0
Number of sections 5
PE sections
PE imports
CryptDuplicateHash
RegSetValueExW
PrintDlgW
TranslateCharsetInfo
ExtTextOutA
CreateFontIndirectW
CallNamedPipeW
GetCurrentProcess
GetTempPathW
GetProcessWorkingSetSize
GetPrivateProfileIntA
GetSystemDefaultLCID
Module32First
Sleep
GetStartupInfoW
IsValidLocale
GetVersionExA
SetLastError
GetThreadLocale
MprAdminMIBEntryCreate
PathFindFileNameA
PathIsDirectoryW
InternalGetWindowText
EnumDisplayDevicesA
GetCaretBlinkTime
DrawTextA
timeGetSystemTime
CryptCATEnumerateCatAttr
CreateBindCtx
Number of PE resources by type
RT_DIALOG 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
13.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.2.0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

FileDescription
Pritek Highspeed WDE Scanner and Editor for Baloo

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
90624

EntryPoint
0x16d0

OriginalFileName
PSEB.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2008-2015 Pritek .com

FileVersion
1, 1, 2, 0

TimeStamp
2017:12:23 08:21:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PSEB.exe

ProductVersion
1, 1, 2, 0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Pritek

CodeSize
0

ProductName
Pritek Highspeed WDE Scanner and Editor for Balo

ProductVersionNumber
1.1.2.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e7ef585ff0e2bba8a3150034e3ca1a0d
SHA1 34de041ee572ca55f8b3c28648076c3b95c6cac9
SHA256 1577bb7578149d35d50146914e0fee9018f935400e4d046ab8425f9d8d1cb921
ssdeep
3072:hfAfxn+YeKIRIpBDu32CdcipMr6qtEHiXRDOI6SWwJi:hfOd+yGdci66qtVdOO

authentihash dfbb16197d35a92fe4ba21fa810fc672f95e9224665e33c334139c4e8dfd79bd
imphash e6a74d974165898918d23e1337ed21b0
File size 100.5 KB ( 102912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-22 22:29:44 UTC ( 12 months ago )
Last submission 2017-12-26 04:32:30 UTC ( 11 months, 4 weeks ago )
File names VkgH06JjfGOMBI.exe
PSEB.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications