× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 244690f195b6fcd12d57f1b6d1a0114619d4e8e6f06df2de28e055be74c2252b
File name: 11f9f591882593c74ff3f17a0882b19f0fadd61b
Detection ratio: 44 / 65
Analysis date: 2017-10-02 04:14:26 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6044828 20171002
AegisLab Tspy.Hpfareit.Gen!c 20171002
AhnLab-V3 Trojan/Win32.VBKrypt.R209721 20171001
ALYac Trojan.GenericKD.6044828 20171002
Arcabit Trojan.Generic.D5C3C9C 20171002
Avast Win32:Malware-gen 20171002
AVG Win32:Malware-gen 20171002
Avira (no cloud) TR/Dropper.VB.rhaik 20171001
AVware Trojan.Win32.Generic!BT 20171002
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20170930
BitDefender Trojan.GenericKD.6044828 20171002
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20171002
Cyren W32/Trojan.IYQP-9195 20171002
DrWeb Trojan.DownLoader25.39369 20171002
Emsisoft Trojan.GenericKD.6044828 (B) 20171002
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/GenKryptik.AXWD 20171002
F-Secure Trojan.GenericKD.6044828 20171002
Fortinet W32/GenKryptik.AXWD!tr 20170929
GData Trojan.GenericKD.6044828 20171002
Ikarus Trojan.Win32.Krypt 20171001
Sophos ML heuristic 20170914
K7GW Trojan ( 0051818e1 ) 20171002
Kaspersky Trojan.Win32.VBKrypt.ycpb 20171002
Malwarebytes Spyware.Pony 20171001
MAX malware (ai score=100) 20171002
McAfee RDN/Generic PWS.y 20171002
McAfee-GW-Edition BehavesLike.Win32.Fareit.dm 20171002
Microsoft Trojan:Win32/Dynamer!rfn 20171002
eScan Trojan.GenericKD.6044828 20171002
NANO-Antivirus Trojan.Win32.VBKrypt.etatla 20171002
Palo Alto Networks (Known Signatures) generic.ml 20171002
Panda Trj/GdSda.A 20171001
Rising Trojan.Dynamer!8.3A0 (CLOUD) 20171002
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/FareitVB-M 20171002
Symantec Downloader.Ponik 20171001
Tencent Win32.Trojan.Generic.Fsd 20171002
TrendMicro TSPY_HPFAREIT.SM 20171002
TrendMicro-HouseCall TSPY_HPFAREIT.SM 20171002
VIPRE Trojan.Win32.Generic!BT 20171002
ViRobot Backdoor.Win32.Agent.212992.X 20171002
ZoneAlarm by Check Point Trojan.Win32.VBKrypt.ycpb 20171002
Alibaba 20170911
Antiy-AVL 20171002
Avast-Mobile 20171001
CAT-QuickHeal 20170930
ClamAV 20171001
CMC 20170928
Comodo 20171001
F-Prot 20171002
Jiangmin 20171002
K7AntiVirus 20170928
Kingsoft 20171002
nProtect 20171002
Qihoo-360 20171002
SUPERAntiSpyware 20171001
Symantec Mobile Insight 20170928
TheHacker 20170928
TotalDefense 20171001
Trustlook 20171002
VBA32 20170929
Webroot 20171002
WhiteArmor 20170927
Yandex 20170908
Zillya 20170929
Zoner 20171002
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
yeasefz

Product yiz nasir giojact
Original name Gores.exe
Internal name Gores
File version 3.07
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-28 11:50:39
Entry Point 0x00001240
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(712)
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaI4Cy
_adj_fdivr_m64
_adj_fprem
__vbaRedimPreserve
_adj_fpatan
EVENT_SINK_AddRef
__vbaDateVar
__vbaCyStr
__vbaInStr
_adj_fdiv_m32i
Ord(591)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaFreeVar
__vbaObjSetAddref
Ord(547)
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
__vbaLenBstrB
Ord(612)
_allmul
_CIcos
_adj_fptan
Ord(538)
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
Ord(585)
_adj_fdivr_m32i
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
_CItan
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
CodeSize
196608

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
3.7

FileSubtype
0

FileVersionNumber
3.7.0.0

LanguageCode
Unknown (03FC)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x1240

OriginalFileName
Gores.exe

MIMEType
application/octet-stream

LegalCopyright
yeasefz

FileVersion
3.07

TimeStamp
2017:09:28 12:50:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Gores

ProductVersion
3.07

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
yadz

LegalTrademarks
HTTP:\\www.nogyzancay.yz

ProductName
yiz nasir giojact

ProductVersionNumber
3.7.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 00fb1c49d5453086360f4a5575e6d170
SHA1 e2e2078eb8ddcb649b6d5e031789c81366a463e8
SHA256 244690f195b6fcd12d57f1b6d1a0114619d4e8e6f06df2de28e055be74c2252b
ssdeep
1536:j2Gz1dDPdY/reR+nFTL+Pg8zVYOHT7uFLc9ejT/kcW4zPAptVFXaDls4bv4yDXcE:BdDqrnL+r5lnIVRGxa3bvhbOUqs

authentihash e8c2e48b33ccc891dc7302fa8441e158689121287f3fc747f9fc2ff53066531b
imphash 2ab0f772cd4cd60892ad0f16656a6980
File size 208.0 KB ( 212992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-28 18:11:04 UTC ( 1 year, 5 months ago )
Last submission 2018-05-09 23:57:06 UTC ( 10 months, 2 weeks ago )
File names fxplugin_install.exe
Gores.exe
fxplugin_install.exe
Gores
11f9f591882593c74ff3f17a0882b19f0fadd61b
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
DNS requests
UDP communications