× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 300a38d4eef07c481c0c3c5f116145f615daf4b959cf8e4805a9a1ca10685c0f
File name: topic4428[1].tmp
Detection ratio: 6 / 57
Analysis date: 2016-11-17 03:19:10 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9986 20161116
Bkav W32.eHeur.Malware03 20161116
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Sophos ML virus.win32.sality.m 20161018
Qihoo-360 HEUR/QVM19.1.0000.Malware.Gen 20161117
Rising Malware.Heuristic!ET#88% (rdm+) 20161117
Ad-Aware 20161117
AegisLab 20161117
AhnLab-V3 20161116
Alibaba 20161117
ALYac 20161117
Antiy-AVL 20161117
Arcabit 20161117
Avast 20161117
AVG 20161117
Avira (no cloud) 20161116
AVware 20161117
BitDefender 20161117
CAT-QuickHeal 20161116
ClamAV 20161117
CMC 20161116
Comodo 20161117
Cyren 20161117
DrWeb 20161117
Emsisoft 20161117
ESET-NOD32 20161117
F-Prot 20161117
F-Secure 20161117
Fortinet 20161117
GData 20161117
Ikarus 20161116
Jiangmin 20161116
K7AntiVirus 20161116
K7GW 20161117
Kaspersky 20161117
Kingsoft 20161117
Malwarebytes 20161116
McAfee 20161117
McAfee-GW-Edition 20161116
Microsoft 20161116
eScan 20161117
NANO-Antivirus 20161116
nProtect 20161117
Panda 20161115
Sophos AV 20161117
SUPERAntiSpyware 20161117
Symantec 20161117
Tencent 20161117
TheHacker 20161115
TotalDefense 20161116
TrendMicro 20161117
TrendMicro-HouseCall 20161117
VBA32 20161115
VIPRE 20161117
ViRobot 20161117
Yandex 20161116
Zillya 20161116
Zoner 20161117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Reeving

Product riveter vese
Original name riveter.exe
Internal name riveter
File version 5.0
Description riveter wig trm
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-09-30 03:48:47
Entry Point 0x00016E6A
Number of sections 4
PE sections
PE imports
SaferiIsExecutableFileType
ConvertStringSidToSidA
RegOpenKeyA
SetTokenInformation
LsaAddPrivilegesToAccount
HeapFree
FileTimeToSystemTime
lstrlenA
GetModuleFileNameW
HeapAlloc
GetModuleFileNameA
GetFileSize
Process32NextW
GetCurrentDirectoryW
GetCurrentProcessId
GetCurrentDirectoryA
GetFileAttributesA
Process32FirstW
GetHandleContext
GetFileTime
GetCPInfo
lstrcmpiA
ReadFile
MulDiv
lstrcmpW
GetModuleHandleW
GetFullPathNameA
GetWindowsDirectoryW
QueueUserWorkItem
GetTickCount
GetProcessHeap
VirtualAlloc
lstrcpyn
GetCursorPos
GetSystemMetrics
GetWindowRect
GetFocus
SetWindowPos
TranslateMessage
IsWindowEnabled
GetDlgItem
GetDC
Number of PE resources by type
RT_ICON 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
UninitializedDataSize
49152

InitializedDataSize
95744

ImageVersion
0.0

ProductName
riveter vese

FileVersionNumber
5.0.0.17040

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
riveter wig trm

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
riveter.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.0

TimeStamp
2001:09:30 04:48:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
riveter

ProductVersion
5.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright Reeving

MachineType
Intel 386 or later, and compatibles

CompanyName
Reeving

CodeSize
84480

FileSubtype
0

ProductVersionNumber
5.0.0.17040

EntryPoint
0x16e6a

ObjectFileType
Executable application

File identification
MD5 2a044abcfc33d490a4e738b569813af7
SHA1 e283438485a6ef48be101f16ab84a5358f998472
SHA256 300a38d4eef07c481c0c3c5f116145f615daf4b959cf8e4805a9a1ca10685c0f
ssdeep
1536:mvyvF5F62hGAi81c6iXetF7DcA49fSuSx8qjOn3:5F5FjpCitF7DcpFSuiOn3

authentihash e5e71e711f6c17060da85683f573078a36725c53a4d51274df321b3e6d129e4b
imphash e060ff9761e395f3ec632754c6b57150
File size 65.0 KB ( 66560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-11-17 03:19:10 UTC ( 2 years, 4 months ago )
Last submission 2017-11-19 12:53:53 UTC ( 1 year, 4 months ago )
File names riveter.exe
topic4428[1].tmp
riveter
efdyz.exe
300a38d4eef07c481c0c3c5f116145f615daf4b959cf8e4805a9a1ca10685c0f
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs
UDP communications