× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1cbf711a4644e4ab8074db6aa5bc226021c0c9aaaa7b0faf8e6f89eba1e44694
File name: setup.exe
Detection ratio: 34 / 72
Analysis date: 2019-01-06 02:06:58 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31483734 20190106
ALYac Trojan.GenericKD.40911085 20190106
Arcabit Trojan.Autoruns.GenericS.D1E06756 20190106
Avast Win32:Malware-gen 20190106
AVG Win32:Malware-gen 20190106
BitDefender Trojan.Autoruns.GenericKDS.31483734 20190106
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20190106
Cyren W32/GenBl.8888CB1C!Olympus 20190106
Emsisoft Trojan.GenericKD.40911085 (B) 20190105
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CVRV 20190105
F-Secure Trojan.GenericKD.40911085 20190105
Fortinet W32/Mansabo.BTK!tr 20190105
GData Win32.Trojan-Spy.TrickBot.9RWZQR 20190105
Ikarus Trojan.Win32.Krypt 20190105
Sophos ML heuristic 20181128
K7GW Riskware ( 0040eff71 ) 20190105
Kaspersky Trojan.Win32.Mansabo.btk 20190105
MAX malware (ai score=99) 20190106
McAfee GenericR-OJR!8888CB1CF284 20190105
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20190105
Microsoft Trojan:Win32/MereTam.A 20190105
eScan Trojan.Autoruns.GenericKDS.31483734 20190105
Palo Alto Networks (Known Signatures) generic.ml 20190106
Qihoo-360 HEUR/QVM03.0.52AD.Malware.Gen 20190106
Rising Trojan.MereTam!8.E4CE (CLOUD) 20190105
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Generic-S 20190105
Symantec Trojan.Gen.2 20190105
Tencent Win32.Trojan.Mansabo.Ebqu 20190106
Trapmine malicious.high.ml.score 20190103
Webroot W32.Trojan.Gen 20190106
ZoneAlarm by Check Point Trojan.Win32.Mansabo.btk 20190106
Acronis 20181227
AegisLab 20190105
AhnLab-V3 20190105
Alibaba 20180921
Antiy-AVL 20190105
Avast-Mobile 20190105
Avira (no cloud) 20190106
AVware 20180925
Babable 20180918
Baidu 20190104
Bkav 20190104
CAT-QuickHeal 20190105
ClamAV 20190106
CMC 20190105
Comodo 20190105
Cybereason 20180225
DrWeb 20190105
eGambit 20190106
F-Prot 20190105
Jiangmin 20190105
K7AntiVirus 20190105
Kingsoft 20190106
Malwarebytes 20190105
NANO-Antivirus 20190105
Panda 20190105
SUPERAntiSpyware 20190102
TACHYON 20190105
TheHacker 20190104
TotalDefense 20190105
TrendMicro 20190105
TrendMicro-HouseCall 20190105
Trustlook 20190106
VBA32 20190104
VIPRE 20190105
ViRobot 20190106
Yandex 20181229
Zillya 20190105
Zoner 20190106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
DJ Cartier Bad Boy Brown Host

Product Graphic
Original name Graphic.exe
Internal name Graphic
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-03 09:33:10
Entry Point 0x00001360
Number of sections 3
PE sections
PE imports
WideCharToMultiByte
RtlMoveMemory
VirtualProtect
GetProcAddress
VirtualAlloc
GetModuleHandleW
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
_allmul
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
EVENT_SINK_AddRef
__vbaR4Var
__vbaAryMove
_adj_fpatan
_adj_fdiv_m32i
__vbaFreeObjList
__vbaVarForInit
Ord(535)
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
__vbaUbound
__vbaVarAdd
__vbaVarTstLt
Ord(100)
__vbaUI1I2
__vbaFreeVar
__vbaR4Str
_adj_fdiv_r
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
__vbaAryLock
_CIcos
__vbaVarTstEq
_adj_fptan
__vbaVarSub
_CItan
Ord(581)
__vbaObjSet
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaVarForNext
Ord(644)
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrR8
_adj_fprem1
_adj_fdivr_m32
__vbaVar2Vec
__vbaFreeStrList
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
LoadStringW
Number of PE resources by type
RT_STRING 6
RT_ICON 1
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
NEUTRAL DEFAULT 2
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
172032

EntryPoint
0x1360

OriginalFileName
Graphic.exe

MIMEType
application/octet-stream

LegalCopyright
DJ Cartier Bad Boy Brown Host

FileVersion
1.0

TimeStamp
2019:01:03 10:33:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Graphic

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NironSoft

CodeSize
32768

ProductName
Graphic

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8888cb1cf2844ce9818f23045935dce2
SHA1 596eb6b56d8160850e26627bb93047cdfae1b5ad
SHA256 1cbf711a4644e4ab8074db6aa5bc226021c0c9aaaa7b0faf8e6f89eba1e44694
ssdeep
3072:k8i3Ut7o0x9NCJfay+102hVAT+XDzs8cf6lnQbNPUBOI8D73ndN3Q:/No0xG5+y2twf6cPUAdtNA

authentihash fa2ad5846c323ee1929589a28fe0304723a43607bdc3f8af492eb66d65c5294d
imphash 6823fecaa9992080b47fe69e2b09b0ff
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-04 15:37:49 UTC ( 1 month, 1 week ago )
Last submission 2019-01-10 08:59:07 UTC ( 1 month, 1 week ago )
File names setup.exe
worming.png
Graphic
Graphic.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Code injections in the following processes
Runtime DLLs