× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1e01aedd33aad7032de936b1ad2ce23097593dddcd2f7ddcee9eeb350c889749
File name: zbetcheckin_tracker_Festus.exe
Detection ratio: 41 / 69
Analysis date: 2018-12-17 19:10:34 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.DLJQ 20181217
AhnLab-V3 Win-Trojan/Delphiless.Exp 20181217
ALYac Trojan.Agent.DLJQ 20181217
Antiy-AVL Trojan[Backdoor]/Win32.NanoBot 20181217
Arcabit Trojan.Agent.DLJQ 20181217
BitDefender Trojan.Agent.DLJQ 20181217
ClamAV Win.Malware.Smal-6783306-0 20181217
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cylance Unsafe 20181217
Cyren W32/Buterat.DSZH-0851 20181217
DrWeb Trojan.MulDrop7.11447 20181217
Emsisoft Trojan.Agent.DLJQ (B) 20181217
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.ECGP 20181217
F-Prot W32/Buterat.B 20181217
F-Secure Trojan.Agent.DLJQ 20181217
Fortinet W32/Kryptik.GLZZ!tr 20181217
GData Trojan.Agent.DLJQ 20181217
Ikarus Trojan.Crypt 20181217
Sophos ML heuristic 20181128
Jiangmin Backdoor.Buterat.jo 20181217
K7AntiVirus Riskware ( 0040eff71 ) 20181217
K7GW Riskware ( 0040eff71 ) 20181217
Kaspersky HEUR:Backdoor.Win32.Buterat.gen 20181217
Malwarebytes Trojan.MalPack.DLF 20181217
MAX malware (ai score=88) 20181217
McAfee Trojan-FQIO!29D191585653 20181217
McAfee-GW-Edition BehavesLike.Win32.Fareit.jc 20181217
Microsoft PWS:Win32/Fareit.Delph!MTB 20181217
eScan Trojan.Agent.DLJQ 20181217
NANO-Antivirus Trojan.Win32.Drop.flaydl 20181217
Rising Malware.Heuristic!ET#90% (RDM+:cmRtazq+EhQV4NS8sg5kvPVoJ58Z) 20181217
SentinelOne (Static ML) static engine - malicious 20181011
Symantec Infostealer 20181217
Trapmine malicious.high.ml.score 20181205
TrendMicro TrojanSpy.Win32.LOKI.SMAL01.hp 20181217
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMAL01.hp 20181217
VBA32 TScope.Trojan.Delf 20181217
Webroot W32.Trojan.Gen 20181217
ZoneAlarm by Check Point HEUR:Backdoor.Win32.Buterat.gen 20181217
Zoner Trojan.High 20181217
AegisLab 20181217
Alibaba 20180921
Avast 20181216
Avast-Mobile 20181216
AVG 20181217
Avira (no cloud) 20181217
Babable 20180918
Baidu 20181207
Bkav 20181217
CAT-QuickHeal 20181217
CMC 20181216
Comodo 20181217
Cybereason 20180225
eGambit 20181217
Kingsoft 20181217
Palo Alto Networks (Known Signatures) 20181217
Panda 20181217
Qihoo-360 20181217
Sophos AV 20181217
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181215
TACHYON 20181217
Tencent 20181217
TheHacker 20181216
TotalDefense 20181217
Trustlook 20181217
ViRobot 20181217
Yandex 20181217
Zillya 20181217
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-02 02:33:09
Entry Point 0x00058E98
Number of sections 8
PE sections
Overlays
MD5 bf619eac0cdf3f68d496ea9344137e8b
File type ASCII text
Offset 685568
Size 512
Entropy 0.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_Replace
InitCommonControls
ImageList_SetDragCursorImage
ImageList_Read
ImageList_GetDragImage
ImageList_Create
ImageList_DragMove
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_DragShowNolock
ImageList_Remove
ImageList_EndDrag
GetOpenFileNameA
GetSaveFileNameA
GetBrushOrgEx
GetDIBColorTable
GetWindowOrgEx
PatBlt
GetClipBox
GetCurrentPositionEx
SaveDC
CreateFontIndirectA
GetTextMetricsA
MaskBlt
SetStretchBltMode
GetPixel
GetDCOrgEx
Rectangle
GetObjectA
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
SetBkMode
GetSystemPaletteEntries
SetPixel
CreateSolidBrush
IntersectClipRect
CreateHalftonePalette
CreateCompatibleDC
CreateDIBSection
RealizePalette
SetTextColor
GetDeviceCaps
MoveToEx
BitBlt
CreateBitmap
RectVisible
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
UnrealizeObject
GetDIBits
SetBrushOrgEx
SelectClipRgn
RoundRect
StretchBlt
GetBitmapBits
ScaleWindowExtEx
SetROP2
CreateRectRgn
SelectObject
GetTextExtentPoint32A
GetPaletteEntries
SetDIBColorTable
CreateCompatibleBitmap
InvertRgn
CreateBrushIndirect
SetWindowOrgEx
Polyline
SetBkColor
DeleteObject
Ellipse
CreatePenIndirect
SetThreadLocale
GetLastError
GetStringTypeExA
GetStdHandle
EnterCriticalSection
GlobalDeleteAtom
ReadFile
GetSystemInfo
lstrlenA
GlobalFree
WaitForSingleObject
FreeLibrary
MulDiv
GlobalFindAtomA
ExitProcess
GetThreadLocale
GetVersionExA
InterlockedExchange
GlobalUnlock
GetModuleFileNameA
GlobalHandle
RtlUnwind
LoadLibraryA
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
SizeofResource
GetLocaleInfoA
LocalAlloc
GlobalAddAtomA
LockResource
SetErrorMode
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetCPInfo
GetCommandLineA
GetProcAddress
SetFilePointer
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
GetDiskFreeSpaceA
GetModuleHandleA
FindFirstFileA
GlobalReAlloc
WriteFile
EnumCalendarInfoA
ResetEvent
lstrcpynA
GetACP
GlobalLock
CreateThread
GetCurrentThreadId
FreeResource
GlobalAlloc
GetFullPathNameA
SetEvent
LocalFree
FindResourceA
InitializeCriticalSection
LoadResource
lstrcpyA
VirtualQuery
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
Sleep
FormatMessageA
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
GetVersion
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
InterlockedIncrement
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
RedrawWindow
GetForegroundWindow
EnableScrollBar
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
SetMenuItemInfoA
WindowFromPoint
DrawIcon
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
SetScrollPos
CallNextHookEx
GetKeyboardState
ClientToScreen
GetTopWindow
ShowCursor
ScrollWindow
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
SetClassLongA
GetPropA
GetDesktopWindow
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
InsertMenuItemA
GetIconInfo
LoadStringA
SetParent
CharLowerA
IsZoomed
GetWindowPlacement
GetKeyboardLayoutList
DrawMenuBar
IsIconic
RegisterClassA
GetMenuItemCount
GetWindowLongA
SetTimer
OemToCharA
GetActiveWindow
ShowOwnedPopups
FillRect
EnumThreadWindows
CharNextA
GetSysColorBrush
CreateMenu
DestroyWindow
IsChild
IsDialogMessageA
SetFocus
MapVirtualKeyA
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
MapWindowPoints
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
GetScrollRange
SetWindowLongA
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
CreateWindowExA
GetDlgItem
ScreenToClient
InsertMenuA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
GetMenuState
GetKeyboardLayout
GetSystemMenu
GetDC
SetForegroundWindow
CharToOemA
DrawTextA
IntersectRect
GetScrollInfo
GetCapture
WaitMessage
FindWindowA
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
CallWindowProcA
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
GetMenuItemInfoA
SystemParametersInfoA
DestroyIcon
GetKeyNameTextA
IsWindowVisible
GetDCEx
WinHelpA
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
CreateIcon
IsRectEmpty
GetCursor
GetFocus
GetKeyboardType
SetMenu
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_CURSOR 78
RT_STRING 16
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_RCDATA 3
RT_DIALOG 1
RT_MESSAGETABLE 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 74
NEUTRAL 45
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:02 04:33:09+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
360448

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
324096

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x58e98

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 29d191585653550588f18d8e93633178
SHA1 0e4f6984b832d0a4c3b47933d0f4ef192841677c
SHA256 1e01aedd33aad7032de936b1ad2ce23097593dddcd2f7ddcee9eeb350c889749
ssdeep
12288:yG1+UNe5daeU6mG7LAP+nPvO35Uhrj5noDdacFKLUaD6:y25NQRUbGX+35sXcFK

authentihash d11e53a439d051113ef33f2898aaf314bc787a482ad3d93e158b3611a1b71cfc
imphash e71faa0b29f792dc96f9538822ab4b6b
File size 670.0 KB ( 686080 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (35.5%)
Windows screen saver (32.8%)
Win32 Executable (generic) (11.2%)
Win16/32 Executable Delphi generic (5.1%)
OS/2 Executable (generic) (5.0%)
Tags
bobsoft peexe overlay

VirusTotal metadata
First submission 2018-12-17 19:10:34 UTC ( 5 months, 1 week ago )
Last submission 2018-12-22 09:58:10 UTC ( 5 months ago )
File names zbetcheckin_tracker_Festus.exe
Festus.exe
29d191585653550588f18d8e93633178
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!