× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 294279f9b222dfb98f10d814717ac2f3bf9f683290723f272c4cff984e79a7a3
File name: a5f5c5e2e94d3d80ca4e15d653db1a44.exe
Detection ratio: 13 / 67
Analysis date: 2017-12-06 11:12:04 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20171206
AVG FileRepMalware 20171206
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20171206
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171206
DrWeb BackDoor.Tdss.origin 20171206
Endgame malicious (high confidence) 20171130
Fortinet W32/GenKryptik.BCDU!tr 20171206
Sophos ML heuristic 20170914
Palo Alto Networks (Known Signatures) generic.ml 20171206
Qihoo-360 HEUR/QVM20.1.A9BF.Malware.Gen 20171206
SentinelOne (Static ML) static engine - malicious 20171113
Webroot W32.Trojan.Gen 20171206
Ad-Aware 20171206
AegisLab 20171206
AhnLab-V3 20171206
Alibaba 20171206
ALYac 20171205
Antiy-AVL 20171206
Arcabit 20171206
Avast-Mobile 20171205
Avira (no cloud) 20171206
AVware 20171206
BitDefender 20171206
Bkav 20171206
CAT-QuickHeal 20171205
ClamAV 20171206
CMC 20171206
Comodo 20171206
Cybereason 20171103
Cyren 20171206
eGambit 20171206
Emsisoft 20171206
ESET-NOD32 20171206
F-Prot 20171206
F-Secure 20171206
GData 20171206
Ikarus 20171206
Jiangmin 20171206
K7AntiVirus 20171205
K7GW 20171206
Kaspersky 20171206
Kingsoft 20171206
Malwarebytes 20171206
MAX 20171206
McAfee 20171206
McAfee-GW-Edition 20171206
Microsoft 20171206
eScan 20171206
NANO-Antivirus 20171206
nProtect 20171206
Panda 20171205
Rising 20171206
Sophos AV 20171206
SUPERAntiSpyware 20171206
Symantec 20171206
Symantec Mobile Insight 20171206
Tencent 20171206
TheHacker 20171205
TrendMicro 20171206
TrendMicro-HouseCall 20171206
Trustlook 20171206
VBA32 20171205
VIPRE 20171206
ViRobot 20171206
WhiteArmor 20171204
Yandex 20171205
Zillya 20171206
ZoneAlarm by Check Point 20171206
Zoner 20171206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-19 02:33:52
Entry Point 0x0001D120
Number of sections 3
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetLastError
GetStartupInfoA
GetTempPathA
ReadFile
GetFileSize
GetModuleHandleA
lstrcatA
CreateFileW
GetCurrentDirectoryA
lstrcpyA
Sleep
CloseHandle
CreateFileA
_except_handler3
__p__fmode
memset
_adjust_fdiv
__setusermatherr
__p__commode
_controlfp
__p__acmdln
exit
_XcptFilter
__getmainargs
_exit
_initterm
__set_app_type
SetFocus
GetMessageA
EndDialog
BeginPaint
GetScrollPos
PostQuitMessage
DefWindowProcA
LoadBitmapA
SetWindowPos
GetSystemMetrics
DispatchMessageA
EndPaint
EndDeferWindowPos
SetDlgItemTextA
MapWindowPoints
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetScrollInfo
RegisterClassExA
GetCursorPos
SetWindowTextA
LoadStringA
GetWindowPlacement
SendMessageA
GetClientRect
CreateWindowExA
InvalidateRect
GetWindowLongA
SetTimer
LoadIconA
ModifyMenuW
GetClassNameA
DestroyWindow
Number of PE resources by type
RT_BITMAP 3
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
FINNISH DEFAULT 8
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.12.4.2

LanguageCode
Unknown (204E)

FileFlagsMask
0x0000

FileDescription
HiCola Ltd. GuiStart application

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unknown (20C0)

InitializedDataSize
281088

EntryPoint
0x1d120

OriginalFileName
HiCola

MIMEType
application/octet-stream

LegalCopyright
HiCola. All rights reserved. 2017

FileVersion
2.12.4.2

TimeStamp
2015:11:19 03:33:52+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.12.4.2

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
HiCola Ltd.

CodeSize
174080

ProductName
HiCola GUISTART

ProductVersionNumber
2.12.4.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a5f5c5e2e94d3d80ca4e15d653db1a44
SHA1 703dfcd796ebdc38a0cd2325cf6cada9a3f3f075
SHA256 294279f9b222dfb98f10d814717ac2f3bf9f683290723f272c4cff984e79a7a3
ssdeep
6144:ZElp1H1AAEjivU/oRdfPnu5933Bu3EX4ieXNph98nkB67AeM045UTIbI:Kn1H1gjN/oTHnIRu34mN63M0SUTf

authentihash f5ad2c452e7d975b54763d59144ed05d24177060e26745118667a2a9039c700f
imphash 06cc959421aadefd4f00f8ec8c659d6c
File size 445.5 KB ( 456192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-06 11:04:30 UTC ( 1 year, 5 months ago )
Last submission 2018-02-05 15:52:38 UTC ( 1 year, 3 months ago )
File names Gkwkqoua.exe
VirusShare_a5f5c5e2e94d3d80ca4e15d653db1a44
output.112559656.txt
Wkob.exe
logo.png
(6).exe
a5f5c5e2e94d3d80ca4e15d653db1a44.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications