× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 18dd6c60f93618da4957f890f7f22ab123396846be141ae76cc6aceb91078efe
File name: fusionsoft-dvd-78-jetelecharge.exe
Detection ratio: 2 / 67
Analysis date: 2018-09-25 19:44:00 UTC ( 5 months, 3 weeks ago )
Antivirus Result Update
Kingsoft Win32.Malware.Heur_Generic.B.(kcloud) 20180925
Rising Trojan.Win32.Generic.14F9FF25 (C64:YzY0OtObIBQdVWAv) 20180925
Ad-Aware 20180925
AegisLab 20180925
AhnLab-V3 20180925
Alibaba 20180921
Antiy-AVL 20180925
Arcabit 20180925
Avast 20180925
Avast-Mobile 20180925
AVG 20180925
Avira (no cloud) 20180925
AVware 20180925
Babable 20180918
Baidu 20180925
BitDefender 20180925
Bkav 20180925
CAT-QuickHeal 20180923
ClamAV 20180924
CMC 20180925
Comodo 20180925
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180925
Cyren 20180925
DrWeb 20180925
eGambit 20180925
Emsisoft 20180925
Endgame 20180730
ESET-NOD32 20180925
F-Prot 20180925
Fortinet 20180925
GData 20180925
Ikarus 20180925
Sophos ML 20180717
Jiangmin 20180925
K7AntiVirus 20180925
K7GW 20180925
Kaspersky 20180925
Malwarebytes 20180925
MAX 20180925
McAfee 20180925
McAfee-GW-Edition 20180925
Microsoft 20180925
eScan 20180925
NANO-Antivirus 20180925
Palo Alto Networks (Known Signatures) 20180925
Panda 20180925
Qihoo-360 20180925
SentinelOne (Static ML) 20180925
Sophos AV 20180925
SUPERAntiSpyware 20180907
Symantec 20180925
Symantec Mobile Insight 20180924
TACHYON 20180925
Tencent 20180925
TheHacker 20180924
TotalDefense 20180925
TrendMicro 20180925
TrendMicro-HouseCall 20180925
Trustlook 20180925
VBA32 20180925
VIPRE 20180925
ViRobot 20180925
Webroot 20180925
Yandex 20180924
Zillya 20180925
ZoneAlarm by Check Point 20180925
Zoner 20180924
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT INNO, appended, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000BEB8
Number of sections 8
PE sections
Overlays
MD5 89bc1d2b71aafd498d3fc29312bc794c
File type data
Offset 61440
Size 3050821
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
InitCommonControls
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetFileAttributesA
ExitProcess
GetVersionExA
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCPInfo
GetCommandLineA
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
GetTempFileNameA
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
GetSystemMetrics
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
CharNextA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
46592

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
16384

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0xbeb8

OSVersion
1.0

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Compressed bundles
File identification
MD5 fc98d2d14567f9a639b1cd0c96ada3a0
SHA1 a4460ceb41fb4a60eaa3a4c8fb9b9fde27c25552
SHA256 18dd6c60f93618da4957f890f7f22ab123396846be141ae76cc6aceb91078efe
ssdeep
49152:QAT+srpT5y1+JoeiCxYjE/04sq1cUzPLG2jvXxVvIaV3QFqjxGTyZi/JTIMVGE2V:QAThrpdy1+2eiCyjwAAcUzTjvxRx3nxz

authentihash 422c70c4c92a525efe38aa8f788e1c1ba533bd8559551b08f152a20c35205231
imphash dd62ce950362f0283a54430c7fabd1da
File size 3.0 MB ( 3112261 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.8%)
Win32 Executable Delphi generic (10.7%)
Win32 Executable (generic) (3.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2009-09-06 20:31:06 UTC ( 9 years, 6 months ago )
Last submission 2018-09-25 19:44:00 UTC ( 5 months, 3 weeks ago )
File names fusionsoft-dvd-78-jetelecharge.exe
aa
KH32M5qc.ps1
output.20182981.txt
fusionsoft-dvd-78-jetelecharge.exe
FSoftDVD45_Setup.exe
79cnvNt.ps1
fusionsoft-dvd-78-jetelecharge.exe
software.exe
fusionsoft-dvd-78-jetelecharge.exe
fusionsoft-dvd-78-jetelecharge.exe
urdaz22b7nfgb2vdutepxg473yt4evks.exe
fusionsoft-dvd-78-jetelecharge.exe
20182981
FSoftDVD45_Setup.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
UDP communications