× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2267c37e5e2c19ab08f4bc545e3d6b8eed663d0894f2f9ecf61562f325695c54
File name: Fluffees TriBot Account Adder.exe
Detection ratio: 0 / 57
Analysis date: 2015-06-11 04:01:23 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150611
AegisLab 20150611
Yandex 20150609
AhnLab-V3 20150610
Alibaba 20150610
ALYac 20150611
Antiy-AVL 20150611
Arcabit 20150611
Avast 20150611
AVG 20150611
Avira (no cloud) 20150611
AVware 20150611
Baidu-International 20150610
BitDefender 20150610
Bkav 20150610
ByteHero 20150611
CAT-QuickHeal 20150610
ClamAV 20150610
CMC 20150610
Comodo 20150611
Cyren 20150611
DrWeb 20150611
Emsisoft 20150611
ESET-NOD32 20150611
F-Prot 20150611
F-Secure 20150611
Fortinet 20150611
GData 20150611
Ikarus 20150611
Jiangmin 20150610
K7AntiVirus 20150610
K7GW 20150611
Kaspersky 20150610
Kingsoft 20150611
Malwarebytes 20150611
McAfee 20150611
McAfee-GW-Edition 20150610
Microsoft 20150611
eScan 20150610
NANO-Antivirus 20150611
nProtect 20150610
Panda 20150610
Qihoo-360 20150611
Rising 20150610
Sophos AV 20150611
SUPERAntiSpyware 20150611
Symantec 20150611
Tencent 20150611
TheHacker 20150609
TotalDefense 20150610
TrendMicro 20150611
TrendMicro-HouseCall 20150611
VBA32 20150610
VIPRE 20150611
ViRobot 20150611
Zillya 20150611
Zoner 20150609
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.1.19.02
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-24 23:46:45
Entry Point 0x0008648A
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
CloseServiceHandle
LookupPrivilegeValueA
RegEnumKeyExA
GetUserNameA
RegDeleteValueA
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueExA
LockServiceDatabase
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
UnlockServiceDatabase
RegQueryInfoKeyA
RegConnectRegistryA
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIconSize
Ord(6)
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
CreatePolygonRgn
GetSystemPaletteEntries
GetTextMetricsA
GetClipBox
GetPixel
GetObjectA
ExcludeClipRect
EnumFontFamiliesExA
DeleteDC
SetBkMode
BitBlt
CreateDIBSection
SetTextColor
GetDeviceCaps
FillRgn
CreateEllipticRgn
CreateDCA
CreateFontA
GetStockObject
GetDIBits
GdiFlush
CreateRoundRectRgn
CreateCompatibleDC
GetTextFaceA
CreateRectRgn
SelectObject
CreateSolidBrush
GetClipRgn
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetPrivateProfileSectionNamesA
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
SetErrorMode
FreeEnvironmentStringsW
SetFileAttributesA
GetTempPathA
WideCharToMultiByte
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
QueryDosDeviceA
MoveFileA
GetEnvironmentVariableA
LoadResource
FindClose
InterlockedDecrement
FormatMessageA
OutputDebugStringA
SetLastError
GetSystemTime
DeviceIoControl
InitializeCriticalSection
WriteProcessMemory
GetModuleFileNameW
Beep
CopyFileA
ExitProcess
FlushFileBuffers
RemoveDirectoryA
HeapSetInformation
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointerEx
WritePrivateProfileSectionA
CreateMutexA
SetFilePointer
CreateThread
TlsSetValue
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GlobalSize
GetDateFormatA
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetStartupInfoW
ReadProcessMemory
GlobalLock
GetProcessHeap
GetFileSizeEx
FindFirstFileA
GetDiskFreeSpaceA
EnumResourceNamesA
CompareStringA
GetComputerNameA
FindNextFileA
GetProcAddress
CreateFileW
IsDebuggerPresent
GetFileType
SetVolumeLabelA
GetPrivateProfileSectionA
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
VirtualAllocEx
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
GetModuleFileNameA
GetShortPathNameA
FileTimeToLocalFileTime
SizeofResource
VirtualFreeEx
GetCurrentProcessId
LockResource
SetFileTime
HeapQueryInformation
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetStdHandle
CreateProcessA
IsValidCodePage
HeapCreate
Sleep
WritePrivateProfileStringA
FindResourceA
GetTimeFormatA
SafeArrayDestroy
VariantChangeType
SafeArrayAccessData
SafeArrayGetLBound
SysFreeString
SafeArrayPtrOfIndex
SafeArrayCreate
SafeArrayUnaccessData
VariantCopyInd
VariantClear
SysAllocString
GetActiveObject
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayLock
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCopy
OleLoadPicture
SysStringLen
GetModuleBaseNameA
GetModuleFileNameExA
ExtractIconA
ShellExecuteExA
DragFinish
SHGetFolderPathA
DragQueryPoint
SHBrowseForFolderA
SHGetDesktopFolder
DragQueryFileA
SHGetPathFromIDListA
Shell_NotifyIconA
SHGetMalloc
SHFileOperationA
RedrawWindow
GetMessagePos
SetWindowRgn
UnregisterHotKey
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
DispatchMessageA
ScreenToClient
SetMenuItemInfoA
WindowFromPoint
SetActiveWindow
GetDC
GetCursorPos
DrawTextA
GetDlgCtrlID
GetKeyState
GetMenu
CreateWindowExA
IsClipboardFormatAvailable
SendMessageA
GetClientRect
SetMenuDefaultItem
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
CountClipboardFormats
GetTopWindow
RegisterHotKey
EnumClipboardFormats
LoadImageA
GetMenuItemCount
GetWindowTextA
CopyImage
DestroyWindow
GetMessageA
GetParent
UpdateWindow
RegisterWindowMessageA
EnumWindows
CheckRadioButton
GetClassInfoExA
ShowWindow
SetMenuInfo
GetDesktopWindow
GetClipboardFormatNameA
EnableWindow
PeekMessageA
IsCharAlphaA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
SystemParametersInfoA
GetIconInfo
SetParent
SetClipboardData
IsCharLowerA
CharLowerA
IsZoomed
EnableMenuItem
TrackPopupMenuEx
GetSubMenu
CreateMenu
GetKeyboardLayout
FlashWindow
GetSysColorBrush
CreateAcceleratorTableA
IsDialogMessageA
MapWindowPoints
MapVirtualKeyA
EmptyClipboard
SetFocus
keybd_event
KillTimer
VkKeyScanExA
DefWindowProcA
ToAsciiEx
GetClipboardData
GetClassNameA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
EnumChildWindows
SetClipboardViewer
SetWindowLongA
SetKeyboardState
CreatePopupMenu
CheckMenuItem
GetWindowLongA
PtInRect
DrawIconEx
SetTimer
GetDlgItem
BringWindowToTop
CreateIconIndirect
ClientToScreen
PostMessageW
GetClassLongA
LoadCursorA
GetKeyboardState
SetWindowsHookExA
GetMenuStringA
AttachThreadInput
DestroyAcceleratorTable
CreateIconFromResourceEx
GetMenuItemID
FillRect
SetForegroundWindow
ExitWindowsEx
PostThreadMessageA
OpenClipboard
GetAsyncKeyState
ReleaseDC
IntersectRect
SetLayeredWindowAttributes
EndDialog
SendInput
FindWindowA
SetWindowTextA
MessageBeep
GetCaretPos
RemoveMenu
GetWindowThreadProcessId
GetQueueStatus
GetLastInputInfo
AppendMenuA
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
MessageBoxA
GetCursor
ChangeClipboardChain
AdjustWindowRectEx
mouse_event
DialogBoxParamA
GetSysColor
RegisterClassExA
IsCharAlphaNumericA
DestroyIcon
IsWindowVisible
SetRect
InvalidateRect
SendMessageTimeoutA
IsCharUpperA
TranslateAcceleratorA
DefDlgProcA
CallWindowProcA
IsMenu
GetFocus
CloseClipboard
SetMenu
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
waveOutSetVolume
mixerGetDevCapsA
joyGetDevCapsA
mixerOpen
mixerGetLineInfoA
mixerSetControlDetails
mixerClose
mixerGetControlDetailsA
waveOutGetVolume
mixerGetLineControlsA
mciSendStringA
joyGetPosEx
WSAStartup
gethostbyname
gethostname
inet_addr
WSACleanup
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance
CoGetObject
CLSIDFromString
StringFromGUID2
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 5
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_RCDATA 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 18
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
123392

ImageVersion
0.0

FileVersionNumber
1.1.19.2

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
1.1.19.02

TimeStamp
2015:01:24 23:46:45+00:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.1.19.02

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
601600

FileSubtype
0

ProductVersionNumber
1.1.19.2

EntryPoint
0x8648a

ObjectFileType
Executable application

File identification
MD5 dce463413c9c3c7ea7ff66dfbeb9d1da
SHA1 8f6a7c7ffb1c90f46989b80bb93acce0bd176ffa
SHA256 2267c37e5e2c19ab08f4bc545e3d6b8eed663d0894f2f9ecf61562f325695c54
ssdeep
12288:F0hymkSHJ8BWa91/3ubG/ffpvubFv6m7Fuub9uUFWPfjq6KptcIFlZ6D3QaY/C50:F0hymheBWaCbEMFWzq6K/cIbxv/C5ilb

authentihash 3f3e12692f4f1c76dc01c45c461e9a089eb17ee2a673c4061872d3d03001a8fa
imphash 7fdce7b799d2735d660d158fbd0ae440
File size 709.0 KB ( 726016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-11 04:01:23 UTC ( 3 years, 4 months ago )
Last submission 2018-05-02 18:20:17 UTC ( 5 months, 3 weeks ago )
File names Fluffees TriBot Account Adder.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.