× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f54ee64a29d1a46cbc85ec65395efe1e279924a60a4260b955f02034915901a
File name: softwares.exe
Detection ratio: 15 / 67
Analysis date: 2018-08-27 01:34:50 UTC ( 8 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180827
AVG FileRepMalware 20180827
ClamAV Win.Dropper.Noon-6652644-0 20180826
Cylance Unsafe 20180827
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20180827
Malwarebytes Trojan.MalPack.VB 20180827
McAfee Packed-FJD!21E6182EF3EC 20180826
McAfee-GW-Edition BehavesLike.Win32.Fareit.gc 20180826
Microsoft Trojan:Win32/Fuerboos.C!cl 20180827
Palo Alto Networks (Known Signatures) generic.ml 20180827
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20180826
Symantec Downloader.Ponik 20180826
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180827
Ad-Aware 20180827
AegisLab 20180827
AhnLab-V3 20180826
Alibaba 20180713
ALYac 20180827
Antiy-AVL 20180827
Arcabit 20180827
Avast-Mobile 20180826
Avira (no cloud) 20180826
AVware 20180823
Babable 20180822
Baidu 20180820
BitDefender 20180827
Bkav 20180824
CAT-QuickHeal 20180826
CMC 20180826
Comodo 20180826
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cyren 20180827
DrWeb 20180827
eGambit 20180827
Emsisoft 20180826
ESET-NOD32 20180826
F-Prot 20180826
F-Secure 20180827
Fortinet 20180826
GData 20180827
Ikarus 20180826
Jiangmin 20180826
K7AntiVirus 20180826
K7GW 20180827
Kingsoft 20180827
MAX 20180827
eScan 20180826
NANO-Antivirus 20180826
Panda 20180826
Qihoo-360 20180827
SentinelOne (Static ML) 20180701
Sophos AV 20180827
SUPERAntiSpyware 20180826
Symantec Mobile Insight 20180822
TACHYON 20180826
Tencent 20180827
TheHacker 20180824
TrendMicro 20180826
TrendMicro-HouseCall 20180826
Trustlook 20180827
VBA32 20180824
VIPRE 20180826
ViRobot 20180826
Webroot 20180827
Yandex 20180824
Zillya 20180824
Zoner 20180827
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
tEXAS INSTRUments INCORPorated

Product
Original name Idylls.exe
Internal name Idylls
File version 2.03
Description SUPERANTISPYware
Comments lsofT TECHNOLOgies ENC.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-01-06 14:36:00
Entry Point 0x000014BC
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(610)
Ord(546)
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaI4Cy
Ord(616)
_adj_fdivr_m64
Ord(531)
_adj_fprem
Ord(661)
Ord(678)
Ord(525)
_adj_fpatan
EVENT_SINK_AddRef
Ord(526)
Ord(540)
Ord(693)
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaStrCopy
__vbaR8Sgn
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaVarAdd
__vbaRecDestruct
_adj_fdiv_r
_adj_fdiv_m64
Ord(606)
__vbaFreeVar
__vbaVarTstNe
Ord(618)
Ord(100)
_CItan
Ord(517)
Ord(542)
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
Ord(711)
Ord(660)
_allmul
__vbaStrVarVal
_CIcos
Ord(713)
__vbaVarTstEq
_adj_fptan
__vbaFreeStrList
Ord(537)
__vbaObjSet
__vbaI4Var
__vbaFpI4
__vbaVarMove
_CIlog
_CIatan
Ord(608)
__vbaNew2
__vbaLateIdCallLd
__vbaOnError
_adj_fdivr_m32i
__vbaRedim
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaFPFix
__vbaFpR8
__vbaVarCat
__vbaFreeStr
_adj_fdiv_m16i
Ord(575)
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
454656

SubsystemVersion
4.0

Comments
lsofT TECHNOLOgies ENC.

LinkerVersion
6.0

ImageVersion
2.3

FileVersionNumber
2.3.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
SUPERANTISPYware

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x14bc

OriginalFileName
Idylls.exe

MIMEType
application/octet-stream

LegalCopyright
tEXAS INSTRUments INCORPorated

FileVersion
2.03

TimeStamp
2007:01:06 15:36:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Idylls

ProductVersion
2.03

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
FILEzilla PROJECT

LegalTrademarks
NORMAN SAFEGRound AS

FileSubtype
0

ProductVersionNumber
2.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 21e6182ef3ec3f8bb806cecc945d0fc4
SHA1 8306bb97d221b4f8edf74b17f1946140f37b5d1f
SHA256 1f54ee64a29d1a46cbc85ec65395efe1e279924a60a4260b955f02034915901a
ssdeep
6144:vX2a6yewtBXETb2FOD3Qd5Efx9pwwuEAuVqYqtiEkWTl3FbyMN6xBwnytO:vGaz/TXEH2M8DEfxTAuV7sxVrqrt

authentihash 8619b77bcd5d0c59d4e314b871261e48eba858942c735dae6807e8e803817b2d
imphash b0a52268db6522e5a270e4d35f844bd4
File size 464.0 KB ( 475136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-26 22:54:13 UTC ( 8 months, 3 weeks ago )
Last submission 2018-08-26 22:54:13 UTC ( 8 months, 3 weeks ago )
File names Idylls
Idylls.exe
softwares.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.