× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 226599a963bbc78fef7c3435d16bf87ebe1858bda143c84c9cd326627920d114
File name: out
Detection ratio: 45 / 65
Analysis date: 2018-04-30 06:03:21 UTC ( 9 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.77256 20180430
AegisLab Troj.Proxy.W32.Glupteba!c 20180430
AhnLab-V3 Trojan/Win32.Cryptos.C2084972 20180429
ALYac Gen:Variant.Symmi.77256 20180430
Arcabit Trojan.Symmi.D12DC8 20180430
Avast FileRepMalware 20180430
AVG FileRepMalware 20180430
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180428
BitDefender Gen:Variant.Symmi.77256 20180430
Bkav W32.CloundnetPS.Trojan 20180426
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180418
Cylance Unsafe 20180430
Cyren W32/S-7cb6aed1!Eldorado 20180430
DrWeb Trojan.Proxy2.1312 20180430
Emsisoft Gen:Variant.Symmi.77256 (B) 20180430
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Glupteba.AY 20180430
F-Prot W32/S-7cb6aed1!Eldorado 20180430
F-Secure Gen:Variant.Symmi.77256 20180430
Fortinet W32/Generic.AP.128842!tr 20180430
GData Gen:Variant.Symmi.77256 20180430
Ikarus Trojan.Win32.Glupteba 20180429
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 005115a11 ) 20180430
K7GW Trojan ( 005115a11 ) 20180430
Kaspersky HEUR:Trojan-Proxy.Win32.Glupteba.gen 20180430
MAX malware (ai score=85) 20180430
McAfee GenericRXCI-JU!1D25F6660B71 20180430
McAfee-GW-Edition BehavesLike.Win32.Generic.jc 20180425
Microsoft Trojan:Win32/Tiggre!rfn 20180430
eScan Gen:Variant.Symmi.77256 20180430
NANO-Antivirus Trojan.Win32.Glupteba.faxblh 20180430
Palo Alto Networks (Known Signatures) generic.ml 20180430
Panda Trj/CI.A 20180429
Qihoo-360 Win32/Trojan.Proxy.6bb 20180430
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/Glupteba-M 20180430
SUPERAntiSpyware Hack.Tool/Gen-BitCoinMiner 20180430
Symantec Trojan.Gen.2 20180429
Tencent Win32.Trojan-proxy.Glupteba.Dyqn 20180430
TrendMicro TROJ_GEN.R002C0DDU18 20180430
TrendMicro-HouseCall TROJ_GEN.R002C0DDU18 20180430
VBA32 Trojan.SmearPasse 20180428
Webroot W32.Trojan.Gen 20180430
ZoneAlarm by Check Point HEUR:Trojan-Proxy.Win32.Glupteba.gen 20180430
Alibaba 20180428
Antiy-AVL 20180430
Avast-Mobile 20180429
Avira (no cloud) 20180429
AVware 20180428
Babable 20180406
CAT-QuickHeal 20180429
ClamAV 20180430
CMC 20180429
Comodo 20180430
Cybereason None
eGambit 20180430
Jiangmin 20180430
Kingsoft 20180430
nProtect 20180430
Rising 20180430
Symantec Mobile Insight 20180429
TheHacker 20180430
TotalDefense 20180429
Trustlook 20180430
VIPRE 20180430
ViRobot 20180430
Zillya 20180427
Zoner 20180429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product EpicNet Cloud Office
Original name cloudnet.exe
Internal name cloudnet.exe
File version 7.2.1.1
Description Cloud Net
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-30 00:00:47
Entry Point 0x000250D0
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
GetTokenInformation
RegDeleteValueW
CryptReleaseContext
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteTreeW
CryptGenRandom
RegOpenKeyExW
CryptAcquireContextW
RegQueryValueExW
GetStdHandle
InterlockedPopEntrySList
WaitForSingleObject
EncodePointer
CreateTimerQueue
QueueUserAPC
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
SetThreadAffinityMask
GetThreadTimes
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
GetThreadPriority
FreeLibraryAndExitThread
CreateEventW
FindClose
TlsGetValue
FormatMessageA
SignalObjectAndWait
GetEnvironmentVariableW
SetLastError
DeviceIoControl
InitializeCriticalSection
CopyFileW
RemoveDirectoryW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
ReadConsoleInputW
GetFileAttributesW
VerSetConditionMask
SetThreadPriority
AllocConsole
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
SetFilePointerEx
DeleteTimerQueueTimer
CreateMutexA
RegisterWaitForSingleObject
CreateThread
MoveFileExW
InterlockedFlushSList
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
ChangeTimerQueueTimer
ReadConsoleW
SetWaitableTimer
GetProcAddress
SleepEx
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
SetConsoleTextAttribute
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
FreeLibrary
GetWindowsDirectoryW
GetDateFormatW
CreateTimerQueueTimer
GetStartupInfoW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
GetTempFileNameW
QueryDepthSList
GetTimeFormatW
GetModuleFileNameW
FindNextFileW
GetCurrentThreadId
ResetEvent
FreeConsole
IsValidLocale
DuplicateHandle
FindFirstFileExW
GetUserDefaultLCID
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
lstrcmp
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
InterlockedPushEntrySList
LCMapStringW
GetConsoleCP
UnregisterWaitEx
CompareStringW
GetEnvironmentStringsW
WaitForSingleObjectEx
lstrlenW
VirtualFree
GetQueuedCompletionStatus
SwitchToThread
UnregisterWait
GetCurrentProcessId
CreateIoCompletionPort
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
GetTickCount64
RaiseException
ReleaseSemaphore
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLogicalProcessorInformation
GetNumaHighestNodeNumber
IsValidCodePage
OpenEventW
PostQueuedCompletionStatus
CreateProcessW
Sleep
VirtualAlloc
NetWkstaGetInfo
NetApiBufferFree
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathAndSubDirW
StrCpyNW
InternetCheckConnectionW
getaddrinfo
htonl
WSARecv
WSACreateEvent
WSAStartup
freeaddrinfo
connect
shutdown
htons
select
getsockopt
WSACloseEvent
ntohl
WSASend
ioctlsocket
WSAGetLastError
WSAEventSelect
WSASetLastError
WSACleanup
closesocket
setsockopt
WSASocketW
CoInitializeEx
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
StringFromGUID2
Number of PE resources by type
RT_ICON 4
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 7
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.2.1.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Cloud Net

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
172032

EntryPoint
0x250d0

OriginalFileName
cloudnet.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
7.2.1.1

TimeStamp
2018:04:30 02:00:47+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
cloudnet.exe

ProductVersion
7.2.1.1

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
EpicNet Inc.

CodeSize
515584

ProductName
EpicNet Cloud Office

ProductVersionNumber
7.2.1.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1d25f6660b7151a2dda47ff17a639325
SHA1 62350d80aed19ca501a55c96cbff88111b2ea826
SHA256 226599a963bbc78fef7c3435d16bf87ebe1858bda143c84c9cd326627920d114
ssdeep
12288:sqljKhUJxfsNIxGA7oX1fdFftngQKax8ysReA9vdZaOX1cj1G2PjZJAdX:s+jgUJxfsN7A7oX1VhlpxYRJdoOlcRGz

authentihash 0fe0fee534ff72fb6ff2543c3d3fd0373f53649e2f06c1859626000680eacb02
imphash 054c63bf911413ee56613b2c4ef635b3
File size 665.0 KB ( 680960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-30 00:04:10 UTC ( 9 months, 4 weeks ago )
Last submission 2018-05-19 06:19:41 UTC ( 9 months, 1 week ago )
File names cloudnet.exe
cloudnet.exe
1f1bde679d06b2713c878459eb547186a48d4454
out
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!