× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1fa09af2d9f50bb174ae568a26e6e648a21b248ec57d5b10fd82ac0d27a58682
File name: ernest.exe
Detection ratio: 22 / 68
Analysis date: 2018-11-15 10:04:45 UTC ( 4 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Agent.C1938231 20181114
Avira (no cloud) HEUR/AGEN.1036166 20181115
Bkav W32.HfsAutoB. 20181114
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.54a9de 20180225
Cylance Unsafe 20181115
Cyren W32/GenBl.6C8D390F!Olympus 20181115
Endgame malicious (high confidence) 20181108
Ikarus Trojan.Injector 20181115
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 0040f4ef1 ) 20181113
K7GW Trojan ( 0040f4ef1 ) 20181115
Kaspersky UDS:DangerousObject.Multi.Generic 20181115
McAfee Artemis!6C8D390F2DAD 20181115
McAfee-GW-Edition BehavesLike.Win32.Generic.tc 20181115
Microsoft PWS:Win32/Primarypass.A 20181115
Palo Alto Networks (Known Signatures) generic.ml 20181115
Rising Malware.Primarypass!8.E940 (CLOUD) 20181115
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181115
VBA32 TScope.Malware-Cryptor.SB 20181115
ZoneAlarm by Check Point Trojan.Win32.Delf.tfyy 20181115
Ad-Aware 20181115
AegisLab 20181115
Alibaba 20180921
ALYac 20181115
Antiy-AVL 20181115
Arcabit 20181115
Avast 20181115
Avast-Mobile 20181115
AVG 20181115
Babable 20180918
Baidu 20181115
BitDefender 20181115
CAT-QuickHeal 20181115
ClamAV 20181115
CMC 20181115
DrWeb 20181115
eGambit 20181115
Emsisoft 20181115
ESET-NOD32 20181115
F-Prot 20181115
F-Secure 20181115
Fortinet 20181115
GData 20181115
Jiangmin 20181115
Kingsoft 20181115
Malwarebytes 20181115
MAX 20181115
eScan 20181115
NANO-Antivirus 20181115
Panda 20181114
Qihoo-360 20181115
Sophos AV 20181115
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
TACHYON 20181115
Tencent 20181115
TheHacker 20181113
TotalDefense 20181115
TrendMicro 20181115
TrendMicro-HouseCall 20181115
Trustlook 20181115
VIPRE 20181115
ViRobot 20181115
Webroot 20181115
Yandex 20181115
Zillya 20181114
Zoner 20181115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x004BE000
Number of sections 6
PE sections
PE imports
Number of PE resources by type
RT_BITMAP 40
RT_RCDATA 26
RT_STRING 17
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_ICON 2
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 77
RUSSIAN 24
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
475136

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x4be000

InitializedDataSize
339456

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
File identification
MD5 6c8d390f2dad161290967cb7bc125b2b
SHA1 6215d9c54a9def48771e6b7c9185baf5a878e154
SHA256 1fa09af2d9f50bb174ae568a26e6e648a21b248ec57d5b10fd82ac0d27a58682
ssdeep
49152:ljnubBR8KxC07f7BD4nJ3RkgerFMfZUZT5OO:FnubBR8Kzf7BDcGgemZq

authentihash 92c953b85285a4fa7b550ce0333a7607e81dca0e92162e3dabaf357aecc43dd1
imphash 2eabe9054cad5152567f0699947a2c5b
File size 1.9 MB ( 1973760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-15 02:28:53 UTC ( 4 months ago )
Last submission 2018-11-21 09:49:06 UTC ( 4 months ago )
File names 19948191
stikynot.exe
ernest.exe
6c8d390f2dad161290967cb7bc125b2b
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs