× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2553c941ec1fa9a1eac4a5825e95d09b8c35999a3b511e7f6ffac1a53cceb275
File name: fixea.exe
Detection ratio: 39 / 62
Analysis date: 2017-06-13 03:02:47 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.109970 20170613
ALYac Gen:Variant.Razy.109970 20170613
Arcabit Trojan.Razy.D1AD92 20170613
Avast Win32:Malware-gen 20170613
AVG Win32:Malware-gen 20170613
Avira (no cloud) TR/Derbit.fwdmm 20170612
AVware Trojan.Win32.Generic!BT 20170613
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170608
BitDefender Gen:Variant.Razy.109970 20170613
CAT-QuickHeal Trojan.Derbit 20170612
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
Cyren W32/Trojan.HMBU-8668 20170613
DrWeb Trojan.PWS.Siggen1.59649 20170613
Emsisoft Gen:Variant.Razy.109970 (B) 20170613
Endgame malicious (high confidence) 20170612
ESET-NOD32 a variant of Win32/Kryptik.FKEB 20170613
F-Secure Gen:Variant.Razy.109970 20170613
Fortinet W32/Inject.ACEVC!tr 20170613
GData Gen:Variant.Razy.109970 20170613
Sophos ML heuristic 20170607
K7AntiVirus Trojan ( 004fec561 ) 20170613
K7GW Trojan ( 004fec561 ) 20170613
Kaspersky Trojan.Win32.Inject.acevc 20170613
McAfee Artemis!80F6EC6F3139 20170613
McAfee-GW-Edition BehavesLike.Win32.Downloader.cm 20170612
eScan Gen:Variant.Razy.109970 20170613
Palo Alto Networks (Known Signatures) generic.ml 20170613
Panda Trj/GdSda.A 20170612
Qihoo-360 HEUR/QVM20.1.621C.Malware.Gen 20170613
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Mal/Generic-S 20170613
Symantec Trojan.Gen 20170613
Tencent Win32.Trojan.Inject.Ebgw 20170613
TrendMicro TROJ_GEN.R00JC0DKP16 20170613
TrendMicro-HouseCall TROJ_GEN.R00JC0DKP16 20170613
VIPRE Trojan.Win32.Generic!BT 20170613
Webroot W32.Trojan.Gen 20170613
Yandex Trojan.Inject!dkxnSmg37Aw 20170608
ZoneAlarm by Check Point Trojan.Win32.Inject.acevc 20170613
AegisLab 20170613
AhnLab-V3 20170612
Alibaba 20170613
Antiy-AVL 20170613
Bkav 20170613
ClamAV 20170613
CMC 20170612
Comodo 20170613
F-Prot 20170613
Ikarus 20170612
Jiangmin 20170613
Kingsoft 20170613
Malwarebytes 20170613
Microsoft 20170613
NANO-Antivirus 20170613
nProtect 20170613
Rising 20170612
SUPERAntiSpyware 20170613
Symantec Mobile Insight 20170613
TheHacker 20170612
TotalDefense 20170612
Trustlook 20170613
VBA32 20170612
ViRobot 20170613
WhiteArmor 20170608
Zillya 20170612
Zoner 20170613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Wistly

Product weli notelessly hoy
Original name weli.exe
Internal name weli
File version 6.6
Description weli xvi vfw
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2000-06-11 20:16:50
Entry Point 0x0000BBF0
Number of sections 4
PE sections
PE imports
GetMapMode
STROBJ_bGetAdvanceWidths
GetSystemTime
HeapFree
LCMapStringW
SetHandleCount
GetSystemInfo
GetModuleFileNameW
GetOEMCP
LCMapStringA
HeapAlloc
GetEnvironmentStringsW
lstrcmpiW
GetModuleFileNameA
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
GetCurrentDirectoryW
GetFileSize
FreeEnvironmentStringsW
DeleteFileW
GetProcessHeap
GetTempPathA
GetStringTypeA
GetSystemDefaultUILanguage
MulDiv
GetStringTypeW
GetModuleHandleW
GetFullPathNameA
GetWindowsDirectoryW
HeapCreate
VirtualAlloc
GetEnvironmentVariableW
strtol
??_Fbad_typeid@@QAEXXZ
_atoi64
_errno
ComPs_NdrDllUnregisterProxy
ReadStringStream
FmtIdToPropStgName
PropSysFreeString
HMETAFILE_UserMarshal
CoCreateInstanceEx
CoGetClassVersion
WriteFmtUserTypeStg
NdrConformantVaryingArrayBufferSize
NdrVaryingArrayUnmarshall
GetWindowThreadProcessId
GetSysColorBrush
wvsprintfW
ShowCaret
UpdateWindow
GetWindowTextW
GetDesktopWindow
DialogBoxParamA
GetFocus
SetWindowLongA
FindWindowA
SetForegroundWindow
ShowWindow
PeekMessageW
mciFreeCommandResource
waveOutGetErrorTextW
waveOutOpen
midiInGetDevCapsW
midiDisconnect
mmioGetInfo
mciLoadCommandResource
mciGetCreatorTask
mciGetDeviceIDA
mciSendCommandW
waveOutGetDevCapsW
mmioStringToFOURCCW
WSALookupServiceBeginA
WSAAsyncGetServByName
WSAGetServiceClassNameByClassIdW
getprotobyname
ioctlsocket
Number of PE resources by type
RT_ICON 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
UninitializedDataSize
4096

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.6.0.247

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
weli xvi vfw

ImageFileCharacteristics
No relocs, Executable, No symbols, Bytes reversed lo, 32-bit

CharacterSet
Unicode

InitializedDataSize
160256

EntryPoint
0xbbf0

OriginalFileName
weli.exe

MIMEType
application/octet-stream

LegalCopyright
Wistly

FileVersion
6.6

TimeStamp
2000:06:11 22:16:50+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
weli

ProductVersion
6.6

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Wistly

CodeSize
49152

ProductName
weli notelessly hoy

ProductVersionNumber
6.6.0.247

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 80f6ec6f31393834f97b98063378d35b
SHA1 13f20c16a96c2ade79bd914a92038b1d1ac79eb1
SHA256 2553c941ec1fa9a1eac4a5825e95d09b8c35999a3b511e7f6ffac1a53cceb275
ssdeep
3072:5eRm4wF3JSJfNPSpX9Bfcjb7TgZQCLIHccZ1yYHYZPPWY415d0jusbMaAaDS0aNw:2sFQlPENBQhCHSHAPWpd0juW6LKy

authentihash db8267be5cf3ca578595d2dec93ba989defef8ea3919d59a416cd66d8c40d29a
imphash 3fe2e36bdce8f7bb0cabd5722e5ed2ba
File size 197.5 KB ( 202240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (43.3%)
Win32 Dynamic Link Library (generic) (21.7%)
Win32 Executable (generic) (14.9%)
OS/2 Executable (generic) (6.7%)
Generic Win/DOS Executable (6.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-06-13 03:02:47 UTC ( 1 year, 9 months ago )
Last submission 2018-05-10 00:12:10 UTC ( 10 months, 2 weeks ago )
File names weli
weli.exe
fixea.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
UDP communications