× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 23f3af553ed69694de70a82ec31d2e95ed9cea106319781622c2c80196afba6b
File name: fredss.exe
Detection ratio: 4 / 56
Analysis date: 2016-08-19 10:02:06 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160819
McAfee-GW-Edition BehavesLike.Win32.Ransom.dc 20160819
Qihoo-360 QVM10.1.Malware.Gen 20160819
Rising Malware.Obscure!1.9C59 20160819
Ad-Aware 20160819
AegisLab 20160819
AhnLab-V3 20160819
Alibaba 20160819
ALYac 20160819
Antiy-AVL 20160819
Arcabit 20160819
Avast 20160819
AVG 20160819
Avira (no cloud) 20160819
AVware 20160819
BitDefender 20160819
Bkav 20160818
CAT-QuickHeal 20160818
ClamAV 20160819
CMC 20160818
Comodo 20160818
Cyren 20160819
DrWeb 20160819
Emsisoft 20160819
ESET-NOD32 20160819
F-Prot 20160819
F-Secure 20160819
Fortinet 20160819
GData 20160819
Ikarus 20160819
Jiangmin 20160819
K7AntiVirus 20160819
K7GW 20160819
Kaspersky 20160819
Kingsoft 20160819
Malwarebytes 20160819
McAfee 20160819
Microsoft 20160819
eScan 20160819
NANO-Antivirus 20160819
nProtect 20160817
Panda 20160818
Sophos AV 20160819
SUPERAntiSpyware 20160819
Symantec 20160819
Tencent 20160819
TheHacker 20160817
TotalDefense 20160819
TrendMicro 20160819
TrendMicro-HouseCall 20160819
VBA32 20160818
VIPRE 20160819
ViRobot 20160819
Yandex 20160818
Zillya 20160818
Zoner 20160819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2016

Product TODO: <Product name>
Original name pjuho.exe
Internal name pjuho.exe
File version 1.0.0.1
Description TODO: <File description>
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-19 07:30:02
Entry Point 0x000108AA
Number of sections 5
PE sections
Overlays
MD5 1e65e98993ebc38bc849613a5f90d370
File type data
Offset 110592
Size 151824
Entropy 8.00
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
BackupWrite
GetCommandLineA
GetProcAddress
HeapSize
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
ClearCommError
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
FreeUserPhysicalPages
IsValidCodePage
HeapCreate
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
FRENCH 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
French

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
29184

EntryPoint
0x108aa

OriginalFileName
pjuho.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2016

FileVersion
1.0.0.1

TimeStamp
2016:08:19 08:30:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
pjuho.exe

ProductVersion
1.0.0.1

FileDescription
TODO: <File description>

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TODO: <Company name>

CodeSize
84480

ProductName
TODO: <Product name>

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 a16e2076c1e4f2a6ad8d72c743a5b288
SHA1 67c7a863756e3a471f68a42dd521bf6d114c1b4c
SHA256 23f3af553ed69694de70a82ec31d2e95ed9cea106319781622c2c80196afba6b
ssdeep
6144:gjRL/BMMGzjxJNrNAn4j40d+4zn3aIv6vWp5dC:qL5MMmxvWn30dLzn3aXMbC

authentihash 6fe10ab1d439c291875a54abfb066279dbc669fa53a31e5b9fe4d1ce1465c0f2
imphash d3f953e226d00010f1181b3688df3fc5
File size 256.3 KB ( 262416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-08-19 10:02:06 UTC ( 1 year, 3 months ago )
Last submission 2016-12-08 17:30:20 UTC ( 1 year ago )
File names fredss.exe
fredss.exe
fredss.xxx
zepto.exe.dontrun
fredss.exe
FREDSS.EXE
pjuho.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications