× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2d6c54514316e121bda92ea7dd0b268c5550c9d9af3056f8fa10ca608951f630
File name: TECHSVC.EXE
Detection ratio: 42 / 68
Analysis date: 2017-12-08 06:47:23 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12658587 20171208
AegisLab Uds.Dangerousobject.Multi!c 20171208
Antiy-AVL Trojan/Win32.Inject 20171208
Arcabit Trojan.Generic.DC1279B 20171208
Avast Win32:Malware-gen 20171208
AVG Win32:Malware-gen 20171208
Avira (no cloud) TR/Dropper.VB.frngq 20171208
AVware Trojan.Win32.Generic!BT 20171208
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171208
BitDefender Trojan.GenericKD.12658587 20171208
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1d1463 20171103
Cylance Unsafe 20171208
Cyren W32/VBTrojan.Dropper.4!Maximus 20171208
DrWeb Trojan.Inject2.65394 20171208
Emsisoft Trojan.GenericKD.12658587 (B) 20171208
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/TrickBot.AC 20171208
F-Prot W32/VBTrojan.Dropper.4!Maximus 20171208
F-Secure Trojan.GenericKD.12658587 20171208
Fortinet W32/TrickBot.AC!tr 20171208
GData Trojan.GenericKD.12658587 20171208
Ikarus Trojan.Win32.Trickbot 20171207
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 0051fd3c1 ) 20171208
K7GW Trojan ( 0051fd3c1 ) 20171208
Kaspersky Trojan.Win32.Inject.ahtcj 20171208
MAX malware (ai score=99) 20171208
McAfee Artemis!777014EC4F6C 20171208
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20171208
eScan Trojan.GenericKD.12658587 20171208
Palo Alto Networks (Known Signatures) generic.ml 20171208
Panda Trj/RnkBend.A 20171207
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/Generic-S 20171208
Symantec Trojan.Gen 20171208
Tencent Win32.Trojan.Inject.Auto 20171208
TrendMicro TROJ_TRICKBOT.ASVC 20171208
TrendMicro-HouseCall TROJ_TRICKBOT.ASVC 20171208
VIPRE Trojan.Win32.Generic!BT 20171208
Webroot W32.Adware.Gen 20171208
ZoneAlarm by Check Point Trojan.Win32.Inject.ahtcj 20171208
AhnLab-V3 20171208
Alibaba 20171208
ALYac 20171208
Avast-Mobile 20171207
Bkav 20171207
CAT-QuickHeal 20171206
ClamAV 20171208
CMC 20171208
Comodo 20171208
eGambit 20171208
Jiangmin 20171208
Kingsoft 20171208
Malwarebytes 20171208
Microsoft 20171208
NANO-Antivirus 20171208
nProtect 20171208
Qihoo-360 20171208
Rising 20171208
SUPERAntiSpyware 20171208
Symantec Mobile Insight 20171207
TheHacker 20171205
TotalDefense 20171208
Trustlook 20171208
VBA32 20171207
ViRobot 20171208
WhiteArmor 20171204
Yandex 20171207
Zillya 20171207
Zoner 20171208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2016 VB6boost Dance

Product WizAppFinder
Original name VB6boost.exe
Internal name VB6boost
File version 6.00
Description ioplu is one of millions playing, creating and exploring the endless possibilities of Roblox
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-06 08:44:00
Entry Point 0x00001400
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(712)
Ord(546)
_CIatan
__vbaGenerateBoundsError
_allmul
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
Ord(661)
__vbaLenBstr
__vbaAryMove
_adj_fpatan
__vbaRedimPreserve
Ord(543)
__vbaDateVar
__vbaVarForInit
__vbaUI1Str
_adj_fdiv_m32i
__vbaStrCopy
__vbaVarAnd
__vbaSetSystemError
__vbaFreeVarList
__vbaRedim
DllFunctionCall
__vbaFPException
_CIexp
__vbaVarMod
_adj_fdivr_m16i
__vbaUbound
__vbaVarAdd
__vbaVarCmpGt
_adj_fdiv_r
Ord(100)
__vbaAryLock
__vbaUI1I2
__vbaFreeVar
Ord(544)
__vbaUI1Var
Ord(547)
__vbaAryConstruct2
__vbaPowerR8
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
__vbaLenBstrB
__vbaVarMul
__vbaStrVarVal
_CIcos
_adj_fptan
__vbaI2Var
_CItan
__vbaR8Var
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
Ord(540)
__vbaNew2
__vbaVarForNext
Ord(644)
__vbaOnError
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
Ord(541)
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaVar2Vec
__vbaFreeStrList
__vbaFpI4
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
__vbaExceptHandler
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
STCCLICOSPAD 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL DEFAULT 3
FINNISH DEFAULT 1
ENGLISH US 1
GERMAN LUXEMBOURG 1
PE resources
ExifTool file metadata
CodeSize
57344

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
6.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
ioplu is one of millions playing, creating and exploring the endless possibilities of Roblox

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
299008

EntryPoint
0x1400

OriginalFileName
VB6boost.exe

MIMEType
application/octet-stream

LegalCopyright
2016 VB6boost Dance

FileVersion
6.0

TimeStamp
2017:12:06 09:44:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VB6boost

ProductVersion
6.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
WizAppFinder

LegalTrademarks
stunning athleticism of ballet

ProductName
WizAppFinder

ProductVersionNumber
6.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 777014ec4f6ce295c0615524bdbd2368
SHA1 09e9b6d1d14635b0a1c9afc174fba8b9af1daf66
SHA256 2d6c54514316e121bda92ea7dd0b268c5550c9d9af3056f8fa10ca608951f630
ssdeep
6144:U3ry0MPHRwgcV65J9R+ykNErP9CB3F5dtpdb2qkSu65mA+l9o07X7ssnDcz79XEy:kry0MPHRwgcV65Jb4Kradtnb1kSuG0hE

authentihash fe540d5066303c3a1d8437650197ff7765642450be2c54f2c3aaf68c25278080
imphash 38575524479dc1f6d206199e20a3553f
File size 352.0 KB ( 360448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-06 15:16:10 UTC ( 1 year, 2 months ago )
Last submission 2018-05-26 18:02:23 UTC ( 8 months, 3 weeks ago )
File names VB6boost.exe
VB6boost
TECHSVC.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.