× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 28e0fbce1710c5a61a12499b489cb0ee5cc541127d9954635fcc541d56c90f79
File name: printing_s
Detection ratio: 7 / 66
Analysis date: 2018-06-04 10:42:03 UTC ( 11 months, 3 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9843 20180603
Bkav W32.eHeur.Malware14 20180603
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180530
Endgame malicious (high confidence) 20180507
Sophos ML heuristic 20180601
SentinelOne (Static ML) static engine - malicious 20180225
VBA32 BScope.Trojan.Yakes 20180601
Ad-Aware 20180604
AegisLab 20180603
AhnLab-V3 20180603
Alibaba 20180604
ALYac 20180604
Antiy-AVL 20180604
Arcabit 20180604
Avast 20180604
Avast-Mobile 20180603
AVG 20180604
Avira (no cloud) 20180603
AVware 20180604
Babable 20180406
BitDefender 20180604
CAT-QuickHeal 20180603
ClamAV 20180604
CMC 20180603
Comodo 20180604
Cybereason None
Cylance 20180604
Cyren 20180604
DrWeb 20180604
eGambit 20180604
Emsisoft 20180604
ESET-NOD32 20180604
F-Prot 20180604
F-Secure 20180604
Fortinet 20180604
GData 20180604
Ikarus 20180604
Jiangmin 20180603
K7AntiVirus 20180603
K7GW 20180603
Kaspersky 20180604
Kingsoft 20180604
Malwarebytes 20180604
MAX 20180604
McAfee 20180604
McAfee-GW-Edition 20180603
Microsoft 20180604
eScan 20180604
NANO-Antivirus 20180604
nProtect 20180604
Palo Alto Networks (Known Signatures) 20180604
Panda 20180603
Qihoo-360 20180604
Rising 20180604
Sophos AV 20180604
SUPERAntiSpyware 20180604
Symantec 20180604
Symantec Mobile Insight 20180531
Tencent 20180604
TheHacker 20180530
TrendMicro 20180604
TrendMicro-HouseCall 20180604
Trustlook 20180604
VIPRE 20180604
ViRobot 20180603
Webroot 20180604
Yandex 20180529
Zillya 20180601
ZoneAlarm by Check Point 20180604
Zoner 20180604
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
MaxLim 2006-2014 (c)

Product DocumentsmydocsAbstracts
Original name DocumentsmydocsAbstracts.exe
Internal name DocumentsmydocsAbstracts
Description Alliances Ainslie Oughts Boxes
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-04 03:35:59
Entry Point 0x00027E85
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
ImpersonateLoggedOnUser
RegCreateKeyExA
RegOpenKeyExA
GetSecurityInfo
ConvertSidToStringSidA
AuthzInitializeResourceManager
AVIStreamStart
CryptUIWizImport
GetWindowExtEx
SetMapMode
CreateMetaFileA
GetRgnBox
SaveDC
TextOutA
SetTextAlign
CreateRectRgnIndirect
GetClipBox
GetObjectA
PolyDraw
CreateDCA
OffsetViewportOrgEx
CreateEllipticRgn
DeleteDC
RestoreDC
GetMapMode
DeleteObject
GetCharWidthA
CreateHatchBrush
GetDeviceCaps
CreateFontA
SetAbortProc
PolyBezier
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
ExtSelectClipRgn
PolyBezierTo
GetBkColor
ScaleViewportExtEx
SelectObject
GetTextExtentPoint32A
SetWindowExtEx
SetTextJustification
GetTextColor
CreateSolidBrush
SetTextColor
Escape
GetViewportExtEx
SetViewportExtEx
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
lstrcmpW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
SetConsoleCP
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
SetConsoleOutputCP
GetVolumeInformationA
CreateEventA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GetProcAddress
GetConsoleScreenBufferInfo
GetProcessHeap
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
CompareStringA
DuplicateHandle
GlobalLock
GlobalAlloc
GetTimeZoneInformation
CreateFileW
AllocateUserPhysicalPages
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetPriorityClass
GetACP
GetVersion
FreeResource
FindResourceA
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
OpenEventA
VirtualAlloc
acmStreamConvert
ICCompressorChoose
Ord(41)
OleCreateFontIndirect
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
VariantChangeType
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
SysAllocStringByteLen
VariantInit
PathFindFileNameA
PathFindExtensionA
PathAppendA
PathIsUNCA
PathStripToRootA
SetFocus
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
WindowFromPoint
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
CopyAcceleratorTableA
GetActiveWindow
GetTopWindow
GetWindowTextA
InvalidateRgn
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
GetClassInfoExA
ShowWindow
GetPropA
GetNextDlgGroupItem
GetMenuState
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
EnumDisplayDevicesA
GetWindowPlacement
DrawMenuBar
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetSubMenu
CreateWindowExA
SetWindowContextHelpId
GetSysColorBrush
GetDialogBaseUnits
DialogBoxIndirectParamA
DestroyWindow
IsChild
IsDialogMessageA
MapWindowPoints
SetCapture
BeginPaint
OffsetRect
DrawIcon
CharNextA
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
PostMessageA
ReleaseCapture
SetWindowLongA
IsRectEmpty
RemovePropA
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
SendInput
ClientToScreen
GetClassLongA
GetCapture
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemCount
GetDesktopWindow
GetSystemMenu
GetMenuItemID
SetForegroundWindow
PostThreadMessageA
MapDialogRect
IntersectRect
EndDialog
CopyRect
CreateDialogIndirectParamA
MessageBeep
DrawTextExA
GetWindowThreadProcessId
AppendMenuA
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
IsWindowVisible
WinHelpA
SetRect
InvalidateRect
wsprintfA
DrawTextA
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetMenu
SetCursor
GetFileVersionInfoW
waveOutMessage
mmioAscend
mmioDescend
mmioClose
OpenPrinterA
DocumentPropertiesA
ClosePrinter
WSAStartup
WlanScan
WlanOpenHandle
GetFileTitleA
CreateStreamOnHGlobal
OleUninitialize
CLSIDFromString
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoLockObjectExternal
CoRegisterMessageFilter
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
OleFlushClipboard
RevokeDragDrop
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
OleInitialize
CoTaskMemFree
CreateILockBytesOnHGlobal
CoGetClassObject
PdhCollectQueryData
Number of PE resources by type
RT_ICON 6
BINARY 3
RCDATA 3
RT_DIALOG 1
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_CURSOR 1
RT_VERSION 1
PNG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
PE resources
ExifTool file metadata
LegalTrademarks
MaxLim 2006-2014 (c)

SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.3.2.271

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Alliances Ainslie Oughts Boxes

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
196608

EntryPoint
0x27e85

OriginalFileName
DocumentsmydocsAbstracts.exe

MIMEType
application/octet-stream

LegalCopyright
MaxLim 2006-2014 (c)

TimeStamp
2018:06:04 04:35:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DocumentsmydocsAbstracts

ProductVersion
7.3.2.271

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MaxLim

CodeSize
262144

ProductName
DocumentsmydocsAbstracts

ProductVersionNumber
7.3.2.271

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f964622a7286d459aee3bea376b09d81
SHA1 6917c38b9ed064f77d4eae47536d2eaf8cb70e27
SHA256 28e0fbce1710c5a61a12499b489cb0ee5cc541127d9954635fcc541d56c90f79
ssdeep
12288:AmziBOJUPLvYEvLlfIjn1PtMpkwwkO/yc1qIWjoJS5tRNpz:AmziBOJUPLvYEvLlfIjn1PjwwkO/Nwfl

authentihash 285af7b1f87b9685645b1dea6f00921baa704ca2cc22dee89e58a905ec7ac73e
imphash a07bd7907d8da79e31a7acbe598c577f
File size 452.0 KB ( 462848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-04 10:42:03 UTC ( 11 months, 3 weeks ago )
Last submission 2018-06-04 10:42:03 UTC ( 11 months, 3 weeks ago )
File names DocumentsmydocsAbstracts.exe
DocumentsmydocsAbstracts.exe
printing_s
DocumentsmydocsAbstracts
DocumentsmydocsAbstracts.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.