× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2719dc81d9bfd37d1fa7d4e9f4147171cb987a64d3a5f2ba2e170a0c7261b020
File name: v2file7.exe
Detection ratio: 5 / 65
Analysis date: 2018-09-13 08:46:15 UTC ( 7 months, 2 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20180723
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
Microsoft Trojan:Win32/Fuerboos.E!cl 20180913
Rising Malware.Heuristic!ET#87% (RDM+:cmRtazo5PUEhxt7Q5AUJfmttVfZB) 20180913
Ad-Aware 20180913
AegisLab 20180913
AhnLab-V3 20180913
Alibaba 20180713
ALYac 20180913
Antiy-AVL 20180913
Arcabit 20180913
Avast 20180913
Avast-Mobile 20180913
AVG 20180913
Avira (no cloud) 20180913
AVware 20180913
Baidu 20180912
BitDefender 20180913
Bkav 20180912
CAT-QuickHeal 20180912
ClamAV 20180913
CMC 20180913
Comodo 20180913
Cybereason 20180225
Cyren 20180913
DrWeb 20180913
eGambit 20180913
Emsisoft 20180913
ESET-NOD32 20180913
F-Prot 20180913
F-Secure 20180913
Fortinet 20180913
GData 20180913
Ikarus 20180912
Jiangmin 20180912
K7AntiVirus 20180913
K7GW 20180913
Kaspersky 20180913
Kingsoft 20180913
Malwarebytes 20180913
MAX 20180913
McAfee 20180913
McAfee-GW-Edition 20180913
eScan 20180913
NANO-Antivirus 20180913
Palo Alto Networks (Known Signatures) 20180913
Panda 20180912
Qihoo-360 20180913
SentinelOne (Static ML) 20180830
Sophos AV 20180913
SUPERAntiSpyware 20180907
Symantec 20180912
Symantec Mobile Insight 20180911
TACHYON 20180913
Tencent 20180913
TheHacker 20180913
TotalDefense 20180913
TrendMicro 20180913
TrendMicro-HouseCall 20180913
Trustlook 20180913
VBA32 20180912
VIPRE 20180913
ViRobot 20180913
Webroot 20180913
Yandex 20180912
Zillya 20180912
ZoneAlarm by Check Point 20180913
Zoner 20180913
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Whichboy
Original name tradesurface.exe
File version 3, 3, 9213, 5388
Description Whichboy
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-09-12 15:08:42
Entry Point 0x000161E6
Number of sections 5
PE sections
PE imports
AVIFileInit
AVIStreamSetFormat
AVIFileExit
AVIStreamRelease
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetUserDefaultLCID
GetConsoleCP
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetEnvironmentStrings
GetFileType
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
IsValidCodePage
GetWindowsDirectoryA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
InterlockedCompareExchange
GetStringTypeA
GetLocaleInfoW
SetStdHandle
GetModuleHandleA
RaiseException
WideCharToMultiByte
TlsFree
SetFilePointer
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
Sleep
SetLastError
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
WriteConsoleW
InterlockedIncrement
CreateDialogIndirectParamA
GetForegroundWindow
GetWindowRect
GetScrollRange
SetDlgItemInt
DispatchMessageA
GetClientRect
CreatePopupMenu
GetDlgItemInt
DialogBoxIndirectParamA
InsertMenuItemA
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
OleSetContainedObject
CoCreateInstance
CLSIDFromString
Number of PE resources by type
RT_ICON 7
RT_STRING 2
RT_VERSION 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
CodeSize
148992

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.3.9213.5388

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Whichboy

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
556032

EntryPoint
0x161e6

OriginalFileName
tradesurface.exe

MIMEType
application/octet-stream

FileVersion
3, 3, 9213, 5388

TimeStamp
2010:09:12 16:08:42+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3, 3, 9213, 5388

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Instrument Large

LegalTrademarks
Whichboy

ProductName
Whichboy

ProductVersionNumber
3.3.9213.5388

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d60020d50ead2b23c3d283776dda32a4
SHA1 942ae482266c190a653d61f04733377d9571a887
SHA256 2719dc81d9bfd37d1fa7d4e9f4147171cb987a64d3a5f2ba2e170a0c7261b020
ssdeep
12288:Ibs1/VpW33S18lb+iK4dO/SZ0SkkkkkkUtMkkrVC:gw9Mrb3O/SZ06

authentihash c839084c02c11d5f7972b6e54fd380ef9dcd29140c099b46bc860b121fa26766
imphash f0aa13c5bacb58b7c1e144b03f870a2b
File size 476.5 KB ( 487936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-13 08:46:15 UTC ( 7 months, 2 weeks ago )
Last submission 2018-10-01 21:25:31 UTC ( 6 months, 3 weeks ago )
File names tradesurface.exe
v2file7.exe
2719dc81d9bfd37d1fa7d4e9f4147171cb987a64d3a5f2ba2e170a0c7261b020_v2file7.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs