× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ae11bc0f2dafa92d99b096cbe90e32d71c5cb10f0a3e91075a889baadd08b1b
File name: zbetcheckin_tracker_r1.exe
Detection ratio: 8 / 69
Analysis date: 2018-11-22 22:08:56 UTC ( 6 months ago ) View latest
Antivirus Result Update
Cybereason malicious.6f719c 20180225
eGambit PE.Heur.InvalidSig 20181122
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181108
Kaspersky UDS:DangerousObject.Multi.Generic 20181122
Qihoo-360 HEUR/QVM03.0.6271.Malware.Gen 20181122
Trapmine malicious.high.ml.score 20180918
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181122
Ad-Aware 20181122
AegisLab 20181122
AhnLab-V3 20181122
Alibaba 20180921
ALYac 20181122
Antiy-AVL 20181122
Arcabit 20181122
Avast 20181122
Avast-Mobile 20181122
AVG 20181122
Avira (no cloud) 20181122
Babable 20180918
Baidu 20181122
BitDefender 20181122
Bkav 20181122
CAT-QuickHeal 20181122
ClamAV 20181122
CMC 20181122
Comodo 20181122
CrowdStrike Falcon (ML) 20181022
Cylance 20181122
Cyren 20181122
DrWeb 20181122
Emsisoft 20181122
ESET-NOD32 20181122
F-Prot 20181122
F-Secure 20181122
Fortinet 20181122
GData 20181122
Ikarus 20181122
Jiangmin 20181122
K7AntiVirus 20181122
K7GW 20181122
Kingsoft 20181122
Malwarebytes 20181122
MAX 20181122
McAfee 20181122
McAfee-GW-Edition 20181122
Microsoft 20181122
eScan 20181122
NANO-Antivirus 20181122
Palo Alto Networks (Known Signatures) 20181122
Panda 20181121
Rising 20181122
SentinelOne (Static ML) 20181011
Sophos AV 20181122
SUPERAntiSpyware 20181121
Symantec 20181122
Symantec Mobile Insight 20181121
TACHYON 20181122
Tencent 20181122
TheHacker 20181118
TotalDefense 20181122
TrendMicro 20181122
TrendMicro-HouseCall 20181122
Trustlook 20181122
VBA32 20181122
ViRobot 20181122
Webroot 20181122
Yandex 20181122
Zillya 20181122
Zoner 20181122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product olorin
Original name Trabaud5.exe
Internal name Trabaud5
File version 7.02
Comments INFLATILE
Signature verification The digital signature of the object did not verify.
Signing date 11:15 AM 2/25/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-03-30 09:59:28
Entry Point 0x00001450
Number of sections 3
PE sections
Overlays
MD5 5b98c102f83c69b6632a6d15afeb1fa6
File type data
Offset 581632
Size 14368
Entropy 7.25
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(645)
EVENT_SINK_Release
__vbaStrCmp
_allmul
_adj_fdivr_m64
_adj_fprem
__vbaLenBstr
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(650)
Ord(693)
__vbaStrToUnicode
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaLateMemCall
_adj_fdivr_m16i
Ord(618)
_adj_fdiv_r
_adj_fdiv_m64
_CItan
__vbaFreeVar
Ord(100)
__vbaObjSetAddref
__vbaAryConstruct2
Ord(517)
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
Ord(606)
__vbaInStrVar
__vbaStrVarVal
_CIcos
Ord(616)
__vbaVarTstEq
_adj_fptan
__vbaVarSub
Ord(571)
__vbaVarDup
__vbaI4Var
__vbaVarMove
Ord(646)
__vbaErrorOverflow
_CIatan
Ord(608)
__vbaNew2
__vbaR8IntI4
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaVarCopy
__vbaFreeStrList
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
INFLATILE

InitializedDataSize
16384

ImageVersion
7.2

FileSubtype
0

FileVersionNumber
7.2.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x1450

OriginalFileName
Trabaud5.exe

MIMEType
application/octet-stream

FileVersion
7.02

TimeStamp
2005:03:30 10:59:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Trabaud5

ProductVersion
7.02

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
561152

ProductName
olorin

ProductVersionNumber
7.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 6a061bb6f719cc7aab0b6f5cc75cf49d
SHA1 a0d011007566f6fa696fc0d4a9e131bd51bcfc3a
SHA256 2ae11bc0f2dafa92d99b096cbe90e32d71c5cb10f0a3e91075a889baadd08b1b
ssdeep
12288:jJF9Fyvud24ySv16ag0PEsng80NSbkcq69A+Ke8h62QYSxtemPvDfTYG7qPKNC0L:j18vW2/SSS2mtRSw

authentihash 3f732ed97ce0993fe80b2931bbd74c15af85e1be232a598a5786c7d71cbfc151
imphash 71dd6e67044864fd040f7f1989164892
File size 582.0 KB ( 596000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-11-22 22:08:56 UTC ( 6 months ago )
Last submission 2018-11-28 08:30:01 UTC ( 5 months, 4 weeks ago )
File names Trabaud5.exe
6a061bb6f719cc7aab0b6f5cc75cf49d
zbetcheckin_tracker_r1.exe
r1.exe
r1.exe
Trabaud5
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.