× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1827888204e1a409b6fba098aed9ab8fa8ef529efaa7e8608a303c0f9a10c7c5
File name: 1827888204e1a409b6fba098aed9ab8fa8ef529efaa7e8608a303c0f9a10c7c5.bin
Detection ratio: 38 / 64
Analysis date: 2019-03-04 11:20:27 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKD.31740667 20190303
AhnLab-V3 Malware/Win32.Generic.C3058190 20190304
ALYac Trojan.GenericKD.31740667 20190304
Antiy-AVL Trojan[Spy]/Win32.Noon 20190304
Arcabit Trojan.Generic.D1E452FB 20190304
Avira (no cloud) TR/Crypt.ZPACK.Gen2 20190304
BitDefender Trojan.GenericKD.31740667 20190304
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cybereason malicious.812267 20190109
Cyren W32/GenBl.865E9897!Olympus 20190303
DrWeb Trojan.Fbng.8 20190303
Emsisoft Trojan.GenericKD.31740667 (B) 20190303
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/GenKryptik.DBEH 20190304
F-Secure Trojan.TR/Crypt.ZPACK.Gen2 20190304
Fortinet W32/GenKryptik.DBEH!tr 20190303
GData Win32.Trojan-Stealer.FormBook.DBK8IX 20190304
Ikarus Trojan.Win32.Bublik 20190304
K7AntiVirus Trojan ( 00548f8f1 ) 20190304
K7GW Trojan ( 00548f8f1 ) 20190304
Kaspersky Trojan-Spy.Win32.Noon.aawn 20190304
Malwarebytes Trojan.Injector 20190303
McAfee RDN/Generic.dx 20190304
McAfee-GW-Edition BehavesLike.Win32.ICLoader.dc 20190303
Microsoft Trojan:Win32/Tiggre!plock 20190304
eScan Trojan.GenericKD.31740667 20190304
Palo Alto Networks (Known Signatures) generic.ml 20190304
Panda Trj/GdSda.A 20190302
Qihoo-360 Trojan.Generic 20190304
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Generic-S 20190303
Symantec Trojan.Gen.2 20190304
Tencent Win32.Trojan-spy.Noon.Dztu 20190304
Trapmine malicious.high.ml.score 20190228
VBA32 BScope.Trojan.Occamy 20190304
VIPRE Trojan.Win32.Generic!BT 20190303
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.aawn 20190303
AegisLab 20190304
Alibaba 20180921
Avast 20190303
Avast-Mobile 20190304
AVG 20190303
Babable 20180917
Baidu 20190214
CAT-QuickHeal 20190304
ClamAV 20190303
CMC 20190304
Comodo 20190303
eGambit 20190304
Sophos ML 20181128
Jiangmin 20190304
Kingsoft 20190304
MAX 20190304
NANO-Antivirus 20190303
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TACHYON 20190303
TheHacker 20190224
TotalDefense 20190303
Trustlook 20190304
ViRobot 20190304
Webroot 20190304
Yandex 20190301
Zoner 20190303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Cool Moon Ltd. All rights reserved.

Product skr
Original name moonsky.exe
Internal name Sky of the Moon
File version 1.0.0.2
Description Moon Sky
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-24 20:30:29
Entry Point 0x00001220
Number of sections 4
PE sections
PE imports
DeleteDC
SelectObject
GetStockObject
BitBlt
CreateCompatibleDC
DeleteObject
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
ExitThread
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetCPInfo
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
GetModuleFileNameA
HeapCreate
VirtualFree
GetFileType
ExitProcess
GetVersion
VirtualAlloc
ReleaseDC
CreateWindowExA
LoadCursorA
LoadIconA
UpdateWindow
DispatchMessageA
TranslateMessage
EnumWindows
LoadImageA
MessageBoxA
PostQuitMessage
DefWindowProcA
ShowWindow
GetMessageA
GetDC
RegisterClassExA
Number of PE resources by type
RT_ICON 9
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
208896

ImageVersion
0.0

ProductName
skr

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
moonsky.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.2

TimeStamp
2019:02:24 12:30:29-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sky of the Moon

ProductVersion
1.0.0.2

FileDescription
Moon Sky

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Cool Moon Ltd. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Cool Moon

CodeSize
12288

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1220

ObjectFileType
Executable application

File identification
MD5 865e989705a76cc3a66602c685e7d6e6
SHA1 fd1ef9b812267b20fb3b1aa625358ae13394a55e
SHA256 1827888204e1a409b6fba098aed9ab8fa8ef529efaa7e8608a303c0f9a10c7c5
ssdeep
6144:QS0+hnNeov8LBBHdMkp++5S0PDgZSxbJD:QvkNeM8L751bgZSv

authentihash ffed92af07b6647b1174c7f0ac31be8006870e4c4a13b25a3fee93371fec64e0
imphash 1ad178290a9b085b09adac29207d1253
File size 220.0 KB ( 225280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-01 02:59:32 UTC ( 2 months, 2 weeks ago )
Last submission 2019-03-04 11:20:27 UTC ( 2 months, 2 weeks ago )
File names 1827888204e1a409b6fba098aed9ab8fa8ef529efaa7e8608a303c0f9a10c7c5
moonsky.exe
1827888204e1a409b6fba098aed9ab8fa8ef529efaa7e8608a303c0f9a10c7c5.bin
Sky of the Moon
injclient.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs