× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1fd3b22b3f2d4234ed33a0f6205ddbbc4e54d295017ee478b8a73a9051bd277b
File name: PAGEANT.EXE
Detection ratio: 33 / 67
Analysis date: 2018-04-13 00:35:10 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30601479 20180412
AegisLab Ml.Attribute.Gen!c 20180412
Arcabit Trojan.Generic.D1D2F107 20180412
Avira (no cloud) TR/AD.MalwareCrypter.gpoen 20180412
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9993 20180412
BitDefender Trojan.GenericKD.30601479 20180412
Comodo UnclassifiedMalware 20180413
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170201
Cyren W32/Trojan.BDOR-7154 20180412
DrWeb Trojan.PWS.Spy.20884 20180412
Emsisoft Trojan.GenericKD.30601479 (B) 20180412
Endgame malicious (high confidence) 20180403
ESET-NOD32 Win32/Agent.SVO 20180413
F-Secure Trojan.GenericKD.30601479 20180412
Fortinet W32/Malicious_Behavior.VEX 20180412
GData Trojan.GenericKD.30601479 20180412
Ikarus Trojan.Agent 20180412
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 0052d9a81 ) 20180412
Kaspersky Trojan.Win32.Dimnie.sl 20180413
Malwarebytes Trojan.MalPack 20180413
MAX malware (ai score=98) 20180413
McAfee Artemis!77FAC77FEFC0 20180413
McAfee-GW-Edition BehavesLike.Win32.BadFile.gh 20180413
eScan Trojan.GenericKD.30601479 20180413
Palo Alto Networks (Known Signatures) generic.ml 20180413
Sophos AV Troj/Fareit-ERC 20180413
Symantec Trojan Horse 20180412
Tencent Win32.Trojan.Raasj.Auto 20180413
TrendMicro TROJ_DIMNIE.THDOFAI 20180413
TrendMicro-HouseCall TROJ_DIMNIE.THDOFAI 20180413
Webroot W32.Malware.Gen 20180413
ZoneAlarm by Check Point Trojan.Win32.Dimnie.sl 20180412
AhnLab-V3 20180412
Alibaba 20180412
ALYac 20180412
Antiy-AVL 20180412
Avast 20180412
Avast-Mobile 20180412
AVG 20180412
AVware 20180412
Bkav 20180410
CAT-QuickHeal 20180412
ClamAV 20180412
CMC 20180412
Cybereason 20180225
Cylance 20180413
eGambit 20180413
F-Prot 20180412
Jiangmin 20180413
K7GW 20180412
Kingsoft 20180413
Microsoft 20180413
NANO-Antivirus 20180412
nProtect 20180412
Panda 20180412
Qihoo-360 20180413
Rising 20180413
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180413
Symantec Mobile Insight 20180412
TheHacker 20180410
Trustlook 20180413
VBA32 20180412
VIPRE 20180412
ViRobot 20180412
WhiteArmor 20180408
Yandex 20180412
Zillya 20180412
Zoner 20180412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Glorylogic Copyright ©. All rights reserved.

Product Anticipate
Original name Anticipate.exe
Internal name Anticipate
File version 6.7.8.4
Description Guis Cynthia Optomechanical Eschews Recovery Current
Comments Guis Cynthia Optomechanical Eschews Recovery Current
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-11 19:32:43
Entry Point 0x0001B6F0
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
ReadEventLogA
RegCloseKey
OpenProcessToken
RegSetValueExA
GetOldestEventLogRecord
RegDeleteValueA
RegCreateKeyExA
OpenEventLogW
RegOpenKeyExA
ImpersonateLoggedOnUser
RegEnumKeyExA
RegQueryInfoKeyA
AVIStreamRelease
AVIFileCreateStreamA
PropertySheetA
CreatePropertySheetPageA
Ord(17)
InitCommonControlsEx
DestroyPropertySheetPage
SetMapMode
SetAbortProc
DeleteObject
PatBlt
GetStockObject
SetWindowExtEx
CreateSolidBrush
SelectObject
CreateRoundRectRgn
GetPixel
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
InitializeCriticalSection
LoadResource
TlsGetValue
SetLastError
VerLanguageNameA
DeviceIoControl
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
EnumSystemLocalesA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GetProcAddress
GetProcessHeap
CompareStringW
lstrcpyA
CompareStringA
IsValidLocale
GetUserDefaultLCID
GetTimeZoneInformation
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
IsDBCSLeadByte
GlobalAlloc
lstrlenW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
SuspendThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetPriorityClass
GetACP
GetModuleHandleW
SizeofResource
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
NetShareGetInfo
Ord(12)
Ord(3)
Ord(43)
Ord(75)
Ord(1)
Ord(45)
Ord(24)
Ord(9)
Ord(31)
Ord(16)
Ord(7)
Ord(72)
Ord(15)
Ord(14)
Ord(26)
Ord(41)
Ord(19)
Ord(2)
Ord(13)
VarUI4FromStr
wglSwapMultipleBuffers
wglUseFontBitmapsA
SHGetPathFromIDListA
SHBrowseForFolderA
PathFindExtensionA
AcceptSecurityContext
MapWindowPoints
GetMessageA
SetDlgItemTextA
GetForegroundWindow
GetParent
ReleaseDC
UnregisterHotKey
EndDialog
BeginPaint
HideCaret
MoveWindow
SendInput
LoadImageA
GetIconInfo
PostQuitMessage
DefWindowProcA
ShowWindow
FillRect
GetPropA
SetWindowPos
SetFocus
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
MessageBoxW
GetWindowRect
DispatchMessageA
EnableWindow
CharNextA
UnregisterClassA
PostMessageA
GetDialogBaseUnits
SetPropA
PeekMessageA
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetWindow
GetDC
CopyImage
EndDeferWindowPos
InsertMenuA
RemovePropA
SetWindowTextA
LoadStringA
PtInRect
BeginDeferWindowPos
SendMessageA
GetScrollRange
GetCursorPos
GetDlgItem
CreateDialogParamA
InvalidateRgn
IsWindow
MonitorFromWindow
ScreenToClient
SetRect
InvalidateRect
LoadAcceleratorsA
GetWindowLongA
EnumPropsA
CreateWindowExA
GetWindowTextLengthA
GetActiveWindow
RegisterHotKey
IsDlgButtonChecked
GetClientRect
CallWindowProcA
wsprintfA
IsDialogMessageA
EndPaint
SetForegroundWindow
GetMonitorInfoA
GetKeyState
DialogBoxIndirectParamA
DestroyWindow
DrawThemeBackground
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
FindCloseUrlCache
FindFirstUrlCacheEntryA
DetectAutoProxyUrl
joyGetNumDevs
midiOutGetNumDevs
waveOutGetNumDevs
midiInGetNumDevs
auxGetNumDevs
waveInGetNumDevs
OpenPersonalTrustDBDialog
WSAStartup
GdipAddPathLine
GdipCreateStringFormat
GdipCreateSolidFill
GdipSetSmoothingMode
GdipDrawPath
GdipDeleteFontFamily
GdipCreatePath
GdiplusStartup
GdipDeleteGraphics
GdipFillPath
GdipGraphicsClear
GdipCreateFromHDC
GdipCreatePen1
GdipAlloc
GdipDeletePath
GdipDeletePen
GdipSetPathFillMode
GdipAddPathString
GdipCloneBrush
GdipAddPathArc
GdipClosePathFigure
GdipCreateFontFamilyFromName
GdipDeleteBrush
GdipDeleteStringFormat
GdipFree
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoLockObjectExternal
CLSIDFromString
CoTaskMemRealloc
CoCreateInstance
GetHGlobalFromStream
StringFromGUID2
RevokeDragDrop
CoTaskMemFree
RegisterDragDrop
PdhOpenQueryA
PdhCollectQueryData
Number of PE resources by type
RT_STRING 14
RT_BITMAP 12
RT_MENU 9
RT_CURSOR 9
RT_GROUP_CURSOR 6
BINARY 2
RCDATA 2
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 58
PE resources
ExifTool file metadata
CodeSize
193024

SubsystemVersion
5.0

Comments
Guis Cynthia Optomechanical Eschews Recovery Current

Languages
English

InitializedDataSize
224768

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.7.8.4

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Guis Cynthia Optomechanical Eschews Recovery Current

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

PrivateBuild
6.7.8.4

EntryPoint
0x1b6f0

OriginalFileName
Anticipate.exe

MIMEType
application/octet-stream

LegalCopyright
Glorylogic Copyright . All rights reserved.

FileVersion
6.7.8.4

TimeStamp
2018:04:11 19:32:43+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Anticipate

ProductVersion
6.7.8.4

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Glorylogic

LegalTrademarks
Glorylogic Copyright . All rights reserved.

ProductName
Anticipate

ProductVersionNumber
6.7.8.4

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
6.7.8.4

File identification
MD5 77fac77fefc05d824d150fc0997cd74e
SHA1 6e78df8a61ab48894842fcbda0c675f08c303df7
SHA256 1fd3b22b3f2d4234ed33a0f6205ddbbc4e54d295017ee478b8a73a9051bd277b
ssdeep
3072:cC38t8Sf2ud7SURaOQvA+AwoFq9XlC3YzTMDb7zmT4Lxqc5ZTQuBg2qWu5HfiuhD:cOKLTl+AFF/q8I8tfqW4rxdZT3mWg98

authentihash 158c9933d8ac5c4dad5e3add5e4b98618febce2dfbb6b471656aa1fd47ac838d
imphash 1745e9cb3da227cf789952c129cf03c6
File size 409.0 KB ( 418816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-12 06:14:19 UTC ( 1 year ago )
Last submission 2018-04-21 09:30:22 UTC ( 1 year ago )
File names PAGEANT[1].EXE
Anticipate
PAGEANT[1].EXE
PAGEANT[1].EXE
Anticipate.exe
PAGEANT.EXE
PAGEANT.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs