× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 18cd4867107e85de0b06d7e51d47abd94a63132d0c9bb5c1b2222e40805b9c8e
File name: 44783m8uh77g8l8_nkubyhu5vfxxbh878xo6hlttkppzf28tsdu5kwppk_11c1jl.exe
Detection ratio: 11 / 68
Analysis date: 2019-01-09 16:47:43 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cylance Unsafe 20190109
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20190109
Microsoft Trojan:Win32/MereTam.A 20190109
Palo Alto Networks (Known Signatures) generic.ml 20190109
Qihoo-360 Win32/Trojan.Multi.daf 20190109
SentinelOne (Static ML) static engine - malicious 20181223
Trapmine malicious.moderate.ml.score 20190103
Webroot W32.Trojan.Gen 20190109
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190109
Acronis 20181227
Ad-Aware 20190109
AegisLab 20190109
AhnLab-V3 20190108
Alibaba 20180921
ALYac 20190109
Antiy-AVL 20190109
Arcabit 20190109
Avast 20190109
Avast-Mobile 20190109
AVG 20190109
Avira (no cloud) 20190109
Babable 20180918
Baidu 20190109
Bkav 20190108
CAT-QuickHeal 20190109
ClamAV 20190109
CMC 20190108
Comodo 20190109
Cybereason 20190109
Cyren 20190109
DrWeb 20190109
eGambit 20190109
Emsisoft 20190109
Endgame 20181108
ESET-NOD32 20190109
F-Prot 20190109
F-Secure 20190109
Fortinet 20190109
Ikarus 20190109
Jiangmin 20190109
K7AntiVirus 20190109
K7GW 20190109
Kingsoft 20190109
MAX 20190109
McAfee 20190109
McAfee-GW-Edition 20190109
eScan 20190109
NANO-Antivirus 20190109
Panda 20190109
Rising 20190109
Sophos AV 20190109
SUPERAntiSpyware 20190102
Symantec 20190109
TACHYON 20190109
Tencent 20190109
TheHacker 20190106
TotalDefense 20190109
TrendMicro 20190109
TrendMicro-HouseCall 20190109
Trustlook 20190109
VBA32 20190109
VIPRE 20190109
ViRobot 20190109
Yandex 20181229
Zillya 20190109
Zoner 20190109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Funky Mafia Jack
Original name Funky Mafia Jack.exe
Internal name Funky Mafia Jack
File version 15.2356.0001
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-08 20:25:43
Entry Point 0x00001280
Number of sections 3
PE sections
PE imports
VirtualProtect
RtlMoveMemory
GetUserDefaultLCID
VirtualAlloc
GetStartupInfoW
_adj_fdiv_m32
__vbaChkstk
_CIatan
__vbaRedim
_allmul
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
__vbaVarLateMemSt
__vbaAryMove
__vbaVarLateMemCallLdRf
_adj_fpatan
__vbaRedimPreserve
__vbaVarForInit
__vbaVarVargNofree
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
__vbaUbound
__vbaVarTstLt
Ord(100)
__vbaFreeVar
_adj_fdiv_r
_adj_fdiv_m64
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaVarCopy
__vbaVarTstGt
__vbaAryLock
_CIcos
__vbaVarTstEq
_adj_fptan
__vbaI4Var
__vbaVarMove
__vbaNew2
__vbaVarForNext
__vbaOnError
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
_adj_fprem1
_adj_fdivr_m32
__vbaVar2Vec
_CItan
_adj_fdiv_m16i
Number of PE resources by type
RT_STRING 5
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
15.2356

FileSubtype
0

FileVersionNumber
15.2356.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
323584

EntryPoint
0x1280

OriginalFileName
Funky Mafia Jack.exe

MIMEType
application/octet-stream

FileVersion
15.2356.0001

TimeStamp
2019:01:08 12:25:43-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
Funky Mafia Jack

ProductVersion
15.2356.0001

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TakuaSoft

CodeSize
12288

ProductName
Funky Mafia Jack

ProductVersionNumber
15.2356.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 0c2b57796fda7135774fd8a4fb640b90
SHA1 bf96196d9e3502532989e4e21e04c7be1101c7f4
SHA256 18cd4867107e85de0b06d7e51d47abd94a63132d0c9bb5c1b2222e40805b9c8e
ssdeep
3072:nUjk3B3ODEBWBTc+39LPuYOxHJQU/Gg/iPl6rlFZyWfmZ3S6rU8zMQRgUVqLXn+p:nUjk3E/kzmz7BefFP4X3

authentihash 9c475c2f27cca17b86486b9da37ce112ae72eb2c82b0bba6c4a0dbd3ccfcf9ec
imphash 2565df53927645b06698d6b7530608c1
File size 332.0 KB ( 339968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-09 14:56:39 UTC ( 1 month, 2 weeks ago )
Last submission 2019-02-13 12:45:19 UTC ( 1 week, 2 days ago )
File names Funky Mafia Jack.exe
table.png
thhf.exe
table.png
0c2b57796fda7135774fd8a4fb640b90.virobj
ptrcu.exe
gimftyye.exe
Funky Mafia Jack
44783m8uh77g8l8_nkubyhu5vfxxbh878xo6hlttkppzf28tsdu5kwppk_11c1jl.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.