× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 175f78789993f18a469a363a63328c2593778d20e9911bd92c47f96d66b1717d
File name: ORg1ie.jpg
Detection ratio: 14 / 68
Analysis date: 2018-10-03 14:15:05 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20181003
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cylance Unsafe 20181003
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.EATL 20181003
Fortinet W32/GenKryptik.CMXU!tr 20181003
Sophos ML heuristic 20180717
Malwarebytes Trojan.MalPack.VB 20181003
McAfee Fareit-FLZ!97E7B1F23209 20181003
McAfee-GW-Edition Fareit-FLZ!97E7B1F23209 20181003
Palo Alto Networks (Known Signatures) generic.ml 20181003
Qihoo-360 HEUR/QVM03.0.4753.Malware.Gen 20181003
SentinelOne (Static ML) static engine - malicious 20180926
Symantec Packed.Generic.535 20181003
Ad-Aware 20181003
AegisLab 20181003
AhnLab-V3 20181003
Alibaba 20180921
ALYac 20181003
Antiy-AVL 20181003
Arcabit 20181003
Avast 20181003
Avast-Mobile 20181003
Avira (no cloud) 20181003
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20181003
Bkav 20181003
CAT-QuickHeal 20181001
ClamAV 20181003
CMC 20181003
Comodo 20181003
Cybereason 20180225
Cyren 20181003
DrWeb 20181003
eGambit 20181003
Emsisoft 20181003
F-Prot 20181003
F-Secure 20181003
Ikarus 20181003
Jiangmin 20181003
K7AntiVirus 20181003
K7GW 20181003
Kaspersky 20181003
Kingsoft 20181003
MAX 20181003
Microsoft 20181003
eScan 20181003
NANO-Antivirus 20181003
Panda 20181003
Rising 20181003
Sophos AV 20181003
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20181001
TACHYON 20181003
Tencent 20181003
TheHacker 20181001
TotalDefense 20181003
TrendMicro 20181003
TrendMicro-HouseCall 20181003
Trustlook 20181003
VBA32 20181003
VIPRE 20181003
ViRobot 20181003
Webroot 20181003
Yandex 20180927
Zillya 20181003
ZoneAlarm by Check Point 20180925
Zoner 20181003
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Csuh
Original name Omejes.exe
Internal name Omejes
File version 8.06
Description ALLoyManyCuts ALLoyManyCuts
Comments dtellao Sto
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 11:49 AM 2/20/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-02 12:18:00
Entry Point 0x000013C0
Number of sections 3
PE sections
Overlays
MD5 d1af3879de11e74c7c9d63d8f33052fe
File type data
Offset 540672
Size 4488
Entropy 7.57
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(546)
_CIcos
__vbaStrCmp
__vbaVarDup
_CIsin
_adj_fdivr_m64
_adj_fprem
EVENT_SINK_AddRef
__vbaObjSetAddref
Ord(525)
Ord(545)
_adj_fpatan
__vbaFreeObjList
Ord(650)
Ord(543)
Ord(693)
Ord(563)
__vbaVarForInit
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
__vbaRedim
DllFunctionCall
__vbaFPException
__vbaStrVarMove
__vbaStrToUnicode
_adj_fdivr_m16i
Ord(552)
EVENT_SINK_Release
__vbaCyMul
_adj_fdiv_r
Ord(100)
__vbaDerefAry1
_allmul
__vbaFreeVar
Ord(536)
Ord(542)
Ord(519)
Ord(547)
_CItan
__vbaDateVar
_adj_fdiv_m64
__vbaUI1I4
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
__vbaVarSub
_CIlog
Ord(660)
__vbaI4Cy
Ord(575)
__vbaLsetFixstr
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI2Var
Ord(610)
Ord(714)
__vbaI4Var
__vbaVarMove
Ord(646)
__vbaErrorOverflow
_CIatan
Ord(540)
__vbaNew2
__vbaVarForNext
__vbaOnError
_adj_fdivr_m32i
Ord(553)
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaFreeStrList
Ord(609)
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
SystemS Cne.

SubsystemVersion
4.0

Comments
dtellao Sto

InitializedDataSize
20480

ImageVersion
8.6

ProductName
Csuh

FileVersionNumber
8.6.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Omejes.exe

MIMEType
application/octet-stream

FileVersion
8.06

TimeStamp
2014:12:02 04:18:00-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
Omejes

ProductVersion
8.06

FileDescription
ALLoyManyCuts ALLoyManyCuts

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Hhe pidgIN COmmunity

CodeSize
516096

FileSubtype
0

ProductVersionNumber
8.6.0.0

EntryPoint
0x13c0

ObjectFileType
Executable application

File identification
MD5 97e7b1f232097372f377911530134e22
SHA1 11e36bf36365a16311e29c6d7352fbf34955657a
SHA256 175f78789993f18a469a363a63328c2593778d20e9911bd92c47f96d66b1717d
ssdeep
3072:iT9v4vLyBeb8OuS1GFxv3sfnkNnFCzLS4xL3erDAPdaVUmgkjK2P2su3E6KPPn60:6v4P8C1GFmcH4xjabjWdCrEi01LyRxjz

authentihash 74963c0c9a195186917fa1bffcbb9c9b2b5c44c27742fb56c3f4f0b489af0a11
imphash 7154a65c804dc5bd29479b8d94f2f627
File size 532.4 KB ( 545160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-10-03 14:15:05 UTC ( 7 months, 3 weeks ago )
Last submission 2018-10-03 14:15:05 UTC ( 7 months, 3 weeks ago )
File names ORg1ie.jpg
Omejes.exe
Omejes
ORg1ie.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.