× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 272f089314c5733928626276678189d174474414ecf14dbd6c6449e22b0e10de
File name: Tipisal02
Detection ratio: 52 / 64
Analysis date: 2017-09-22 04:21:38 UTC ( 2 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.255544 20170922
AegisLab Uds.Dangerousobject.Multi!c 20170922
AhnLab-V3 Trojan/Win32.Fareit.R208314 20170922
ALYac Gen:Variant.Zusy.255544 20170922
Antiy-AVL Trojan/Win32.TSGeneric 20170922
Arcabit Trojan.Zusy.D3E638 20170922
Avast Win32:Malware-gen 20170922
AVG Win32:Malware-gen 20170922
Avira (no cloud) TR/Dropper.VB.xxlfx 20170921
AVware Trojan.Win32.Generic!BT 20170922
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9995 20170921
BitDefender Gen:Variant.Zusy.255544 20170922
CAT-QuickHeal Udsdangerousobject.Multi 20170921
ClamAV Win.Packer.VbPack-0-6334882-0 20170922
Comodo UnclassifiedMalware 20170922
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cyren W32/Trojan.AJQG-7014 20170922
DrWeb Trojan.PWS.Stealer.1932 20170922
Emsisoft Gen:Variant.Zusy.255544 (B) 20170922
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Injector.DRIS 20170922
F-Prot W32/Trojan2.PXDZ 20170922
F-Secure Gen:Variant.Zusy.255544 20170922
Fortinet W32/Injector.DQRQ!tr 20170922
GData Gen:Variant.Zusy.255544 20170922
Ikarus Trojan.VB.Crypt 20170921
Sophos ML heuristic 20170914
Jiangmin Trojan.PSW.Fareit.nhz 20170922
K7AntiVirus Riskware ( 0040eff71 ) 20170921
K7GW Riskware ( 0040eff71 ) 20170922
Kaspersky Trojan-PSW.Win32.Fareit.daof 20170921
Malwarebytes Spyware.Pony 20170922
MAX malware (ai score=80) 20170922
McAfee Fareit-FJN!5098E5F4EF3D 20170922
McAfee-GW-Edition BehavesLike.Win32.Fareit.cc 20170921
Microsoft PWS:Win32/Fareit 20170922
eScan Gen:Variant.Zusy.255544 20170921
NANO-Antivirus Trojan.Win32.Fareit.esnecy 20170922
Palo Alto Networks (Known Signatures) generic.ml 20170922
Panda Trj/GdSda.A 20170921
Rising Trojan.Dynamer!8.3A0 (CLOUD) 20170922
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/FareitVB-M 20170921
Symantec Downloader.Ponik 20170922
Tencent Win32.Trojan-qqpass.Qqrob.Suea 20170922
TrendMicro TSPY_VBFAREIT.SM1 20170922
TrendMicro-HouseCall TSPY_VBFAREIT.SM1 20170922
VBA32 TrojanPSW.Fareit 20170921
VIPRE Trojan.Win32.Generic!BT 20170922
Webroot W32.Trojan.Gen 20170922
Yandex Trojan.Injector!BYLJekYOrrI 20170908
ZoneAlarm by Check Point Trojan-PSW.Win32.Fareit.daof 20170922
Alibaba 20170911
Avast-Mobile 20170921
CMC 20170920
Kingsoft 20170922
nProtect 20170922
Qihoo-360 20170922
SUPERAntiSpyware 20170922
Symantec Mobile Insight 20170922
TheHacker 20170921
TotalDefense 20170921
Trustlook 20170922
ViRobot 20170922
WhiteArmor 20170829
Zillya 20170921
Zoner 20170922
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Trend Micro Inc.

Product Stellar Information Systems Ltd
Original name Tipisal02.exe
Internal name Tipisal02
File version 2.00.0008
Description Skype Technologies S.A.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-06 07:01:39
Entry Point 0x000011C0
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
_CIcos
EVENT_SINK_QueryInterface
_allmul
_adj_fdivr_m64
_adj_fprem
_adj_fpatan
EVENT_SINK_AddRef
Ord(629)
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaFreeVar
__vbaPowerR8
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
EVENT_SINK_Release
_adj_fptan
__vbaVarMove
_CIatan
__vbaNew2
_adj_fdivr_m32i
_CIexp
_adj_fprem1
_adj_fdivr_m32
_CItan
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Telegram Messenger LLP

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
2.0

FileSubtype
0

FileVersionNumber
2.0.0.8

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Skype Technologies S.A.

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x11c0

OriginalFileName
Tipisal02.exe

MIMEType
application/octet-stream

LegalCopyright
Trend Micro Inc.

FileVersion
2.00.0008

TimeStamp
2017:09:06 08:01:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Tipisal02

ProductVersion
2.00.0008

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ventis Media Inc.

CodeSize
126976

ProductName
Stellar Information Systems Ltd

ProductVersionNumber
2.0.0.8

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5098e5f4ef3d25e407b00b424a74b52a
SHA1 25148f5a767565b1baa07f40931248f97a0bc25c
SHA256 272f089314c5733928626276678189d174474414ecf14dbd6c6449e22b0e10de
ssdeep
1536:BK2tebdWmkknhE132dZ61ePKmvOa8ONQsuWvigJ2U4i9mFWBUwiUXWXLq0O4:HPXIvKmvwOGs7agcUX9mARGXLpb

authentihash b60087de175e6db98e50804f29e6a98ffcb6ee11584b82ea26bf3e04ce371b8d
imphash f11f48adf9418f3d87148539fee0f46f
File size 136.0 KB ( 139264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (54.9%)
Win32 Executable MS Visual C++ (generic) (20.8%)
Win64 Executable (generic) (18.4%)
Win32 Executable (generic) (3.0%)
Generic Win/DOS Executable (1.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-06 09:05:44 UTC ( 2 months, 2 weeks ago )
Last submission 2017-09-13 19:01:05 UTC ( 2 months, 1 week ago )
File names Tipisal02
Tipisal02.exe
272f089314c5733928626276678189d174474414ecf14dbd6c6449e22b0e10de.exe.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications