× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2664a7830d09fc788d409840a93810487a3fb7fafb1f47db4be5414adab376fe
File name: _output7EB6E50.exe
Detection ratio: 24 / 68
Analysis date: 2018-10-05 10:00:32 UTC ( 7 months, 2 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20181005
AVG FileRepMalware 20181005
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20180723
Cylance Unsafe 20181005
Cyren W32/VBKrypt.EU.gen!Eldorado 20181005
Emsisoft Trojan.Injector (A) 20181005
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.EATQ 20181005
F-Prot W32/VBKrypt.EU.gen!Eldorado 20181005
Fortinet W32/Injector.EATY!tr 20181005
Ikarus Trojan.VB.Crypt 20181005
Sophos ML heuristic 20180717
Malwarebytes Trojan.MalPack.VB 20181005
McAfee Packed-FMF!2D619A5F0CDC 20181005
McAfee-GW-Edition Fareit-FLZ!2D619A5F0CDC 20181005
Microsoft Trojan:Win32/Fuerboos.C!cl 20181005
Qihoo-360 HEUR/QVM03.0.51B9.Malware.Gen 20181005
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Mal/FareitVB-N 20181005
Symantec ML.Attribute.HighConfidence 20181005
Tencent Win32.Trojan.Inject.Auto 20181005
TrendMicro TrojanSpy.Win32.FAREIT.SMA.hp 20181005
TrendMicro-HouseCall TrojanSpy.Win32.FAREIT.SMA.hp 20181005
VBA32 BScope.Trojan.Azden 20181004
Ad-Aware 20181005
AegisLab 20181005
AhnLab-V3 20181005
Alibaba 20180921
ALYac 20181005
Antiy-AVL 20181005
Arcabit 20181005
Avast-Mobile 20181005
Avira (no cloud) 20181005
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20181005
Bkav 20181003
CAT-QuickHeal 20181004
ClamAV 20181005
CMC 20181005
Comodo 20181005
Cybereason 20180225
DrWeb 20181005
eGambit 20181005
F-Secure 20181005
GData 20181005
Jiangmin 20181005
K7AntiVirus 20181005
K7GW 20181003
Kaspersky 20181005
Kingsoft 20181005
MAX 20181005
eScan 20181005
NANO-Antivirus 20181005
Palo Alto Networks (Known Signatures) 20181005
Panda 20181004
Rising 20181005
SUPERAntiSpyware 20181005
Symantec Mobile Insight 20181001
TACHYON 20181005
TheHacker 20181001
Trustlook 20181005
VIPRE 20181005
ViRobot 20181005
Webroot 20181005
Yandex 20181005
Zillya 20181003
ZoneAlarm by Check Point 20181005
Zoner 20181004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product CSuh
Original name Seidl4.exe
Internal name Seidl4
File version 4.03
Description ALLOyManyCuts ALLOyManyCuts
Comments Gtellao STo
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 4:27 AM 3/1/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-13 12:19:00
Entry Point 0x000013BC
Number of sections 3
PE sections
Overlays
MD5 5129d398d68996c2ce0c96690f82083d
File type data
Offset 532480
Size 4488
Entropy 7.58
PE imports
_adj_fdivr_m64
Ord(546)
_allmul
Ord(527)
_adj_fprem
Ord(678)
__vbaVarMod
Ord(714)
__vbaRedim
_adj_fdiv_r
__vbaObjSetAddref
Ord(547)
Ord(536)
Ord(100)
__vbaHresultCheckObj
__vbaI2Var
_CIlog
_adj_fptan
__vbaI4Var
__vbaFreeStr
Ord(631)
__vbaFreeStrList
Ord(609)
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
Ord(540)
__vbaDerefAry1
__vbaFreeVar
__vbaDateStr
Ord(711)
Ord(606)
EVENT_SINK_Release
__vbaVarTstEq
Ord(610)
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaFreeObjList
Ord(650)
__vbaFreeVarList
__vbaStrVarMove
__vbaR4Sgn
Ord(542)
__vbaVarTstNe
__vbaVarXor
__vbaFreeObj
_adj_fdivr_m32
__vbaVarSub
_CIcos
Ord(713)
__vbaFpCSngR4
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
Ord(562)
Ord(553)
__vbaStrMove
_adj_fprem1
Ord(543)
_adj_fdiv_m32
Ord(521)
Ord(685)
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrCopy
Ord(645)
__vbaFPException
_adj_fdivr_m16i
Ord(552)
__vbaVarAdd
_adj_fdiv_m64
Ord(519)
_CIsin
_CIsqrt
_CIatan
__vbaObjSet
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI4
Ord(545)
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
507904

SubsystemVersion
4.0

Comments
Gtellao STo

LinkerVersion
6.0

ImageVersion
4.3

FileSubtype
0

FileVersionNumber
4.3.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
ALLOyManyCuts ALLOyManyCuts

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x13bc

OriginalFileName
Seidl4.exe

MIMEType
application/octet-stream

FileVersion
4.03

TimeStamp
2014:02:13 13:19:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Seidl4

ProductVersion
4.03

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
HHe pidgiN COMmunity

LegalTrademarks
SYstemS CNe.

ProductName
CSuh

ProductVersionNumber
4.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2d619a5f0cdc07b74253c5813c941a2e
SHA1 1e4e90912140778be446f9d2980d982141a23783
SHA256 2664a7830d09fc788d409840a93810487a3fb7fafb1f47db4be5414adab376fe
ssdeep
12288:I98n8NF0Z7A4MR2gs2UUf7SXU+aXhiIHM9X2xvzX1/aLytuYz5HDSdOj+tJHu+mq:aWD7iR2wLLR4dth

authentihash 6f320ebde45d4c1bc5327bc3783bfad16bfad717d832ba74804388d6380ef993
imphash 9e8d48d735b60b5120136001a32967f7
File size 524.4 KB ( 536968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-10-05 10:00:32 UTC ( 7 months, 2 weeks ago )
Last submission 2018-10-06 06:24:53 UTC ( 7 months, 2 weeks ago )
File names _output7EB6E50.exe
_output7EB6E50.exe
_output7EB6E50.exe
Seidl4
Seidl4.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.