× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 17010ce4058b4b46656bca1c68ee7cc191b57c9253b9be268e7b1c9582b8d70f
File name: 17010CE4058B4B46656BCA1C68EE7CC191B57C9253B9BE268E7B1C9582B8D70F
Detection ratio: 14 / 63
Analysis date: 2019-02-21 18:27:51 UTC ( 3 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190221
Avira (no cloud) TR/Kryptik.lyfxs 20190221
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Injector.EDTW 20190221
F-Secure Trojan.TR/Kryptik.lyfxs 20190221
Fortinet W32/GenKryptik.CZWQ!tr 20190220
Kaspersky UDS:DangerousObject.Multi.Generic 20190221
Malwarebytes Trojan.MalPack.VB 20190221
McAfee Fareit-FNJ!CDCF2A4689AB 20190221
Microsoft Trojan:Win32/Azden.A!cl 20190221
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190221
Trapmine malicious.high.ml.score 20190123
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190221
Ad-Aware 20190221
AegisLab 20190221
AhnLab-V3 20190221
Alibaba 20180921
ALYac 20190221
Antiy-AVL 20190221
Arcabit 20190221
Avast 20190222
Avast-Mobile 20190221
AVG 20190222
Babable 20180918
Baidu 20190215
BitDefender 20190221
CAT-QuickHeal 20190221
ClamAV 20190221
CMC 20190221
Comodo 20190221
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190221
DrWeb 20190221
eGambit 20190221
Emsisoft 20190221
GData 20190221
Sophos ML 20181128
Jiangmin 20190221
K7AntiVirus 20190221
K7GW 20190221
Kingsoft 20190221
MAX 20190221
McAfee-GW-Edition 20190221
eScan 20190221
NANO-Antivirus 20190221
Palo Alto Networks (Known Signatures) 20190221
Panda 20190221
Qihoo-360 20190221
Rising 20190221
Sophos AV 20190221
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
TACHYON 20190221
Tencent 20190221
TheHacker 20190217
TotalDefense 20190221
Trustlook 20190221
VBA32 20190221
ViRobot 20190221
Webroot 20190221
Yandex 20190221
Zoner 20190220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
HP, inC.

Product yaHoO, INC.
Original name symphysiotomybretagnersstormskadeers.exe
Internal name symphysiotomybretagnersstormskadeers
File version 1.00
Description PIrIfORM LtD
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-21 07:10:54
Entry Point 0x000013E8
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(645)
EVENT_SINK_Release
__vbaStrCmp
Ord(607)
_allmul
Ord(695)
_adj_fdivr_m64
Ord(531)
_adj_fprem
Ord(572)
EVENT_SINK_AddRef
__vbaLenBstr
Ord(709)
__vbaVarTstNe
_adj_fpatan
_adj_fdiv_m32i
__vbaFreeObjList
__vbaStrToUnicode
_adj_fdivr_m16i
Ord(525)
__vbaStrCopy
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
__vbaRecDestruct
__vbaStrMove
_CIsin
Ord(581)
__vbaExitProc
Ord(100)
__vbaUI1I2
__vbaFreeVar
Ord(516)
__vbaObjSetAddref
__vbaStrVarVal
_adj_fdiv_r
__vbaInStr
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
__vbaVarSub
_CIlog
Ord(660)
__vbaInStrVar
Ord(513)
_CIcos
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
Ord(685)
__vbaVarDup
Ord(628)
Ord(539)
__vbaI4Var
Ord(538)
Ord(613)
__vbaObjSet
__vbaVarLateMemSt
_CIatan
Ord(608)
__vbaNew2
__vbaErrorOverflow
__vbaOnError
_adj_fdivr_m32i
Ord(631)
_CItan
_CIexp
__vbaStrI2
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaR8FixI4
__vbaFreeStrList
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 9
DARED 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
ENGLISH US 1
KONKANI DEFAULT 1
PE resources
ExifTool file metadata
CodeSize
409600

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
PIrIfORM LtD

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
32768

EntryPoint
0x13e8

OriginalFileName
symphysiotomybretagnersstormskadeers.exe

MIMEType
application/octet-stream

LegalCopyright
HP, inC.

FileVersion
1.0

TimeStamp
2019:02:21 08:10:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
symphysiotomybretagnersstormskadeers

ProductVersion
1.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PhIlIPS

LegalTrademarks
LItEcOIn prOJect

ProductName
yaHoO, INC.

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 cdcf2a4689ab462c4faa3234ef3d90f2
SHA1 e925763bcf4f68f99efacb33d7f1ba08c6024772
SHA256 17010ce4058b4b46656bca1c68ee7cc191b57c9253b9be268e7b1c9582b8d70f
ssdeep
6144:x8Z5AHFT9fMqBRU9GNzVgbtqWs6nK/+/dEdrNa:Cgf/0E36Q6nv/dE

authentihash 3f0ee2151df02318153d5f7e7488bba6ea5267b812562564aa4a5da36dd95d68
imphash cc7ed236c5a165cf17b3577d77d31541
File size 436.0 KB ( 446464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (68.2%)
Win64 Executable (generic) (22.9%)
Win32 Executable (generic) (3.7%)
OS/2 Executable (generic) (1.6%)
Generic Win/DOS Executable (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-21 18:27:42 UTC ( 3 months ago )
Last submission 2019-02-24 15:55:21 UTC ( 2 months, 4 weeks ago )
File names biger.exe
symphysiotomybretagnersstormskadeers
symphysiotomybretagnersstormskadeers.exe
vbc.exe
17010ce4058b4b46656bca1c68ee7cc191b57c9253b9be268e7b1c9582b8d70f.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.