× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 34e6ca7fcd9b02405980bd6a92e20b8f972b0988e90576135c4ce12216f12f7e
File name: datet.exe
Detection ratio: 17 / 66
Analysis date: 2018-10-25 04:38:42 UTC ( 3 months, 4 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20181025
AVG FileRepMalware 20181025
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.c3c641 20180225
Cylance Unsafe 20181025
Endgame malicious (high confidence) 20180730
Ikarus Trojan-Banker.Ramnit 20181024
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20181024
McAfee Artemis!BC4D2FD23A3C 20181025
McAfee-GW-Edition BehavesLike.Win32.BadFile.cc 20181025
Palo Alto Networks (Known Signatures) generic.ml 20181025
Qihoo-360 Win32/Trojan.Ransom.bd1 20181025
TrendMicro Mal_HPGen-37b 20181025
TrendMicro-HouseCall Mal_HPGen-37b 20181025
Webroot W32.Trojan.Gen 20181025
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181025
Ad-Aware 20181024
AegisLab 20181025
AhnLab-V3 20181024
Alibaba 20180921
ALYac 20181025
Antiy-AVL 20181023
Arcabit 20181025
Avast-Mobile 20181024
Avira (no cloud) 20181024
Babable 20180918
Baidu 20181024
BitDefender 20181025
Bkav 20181024
CAT-QuickHeal 20181024
ClamAV 20181024
CMC 20181024
Cyren 20181025
DrWeb 20181025
eGambit 20181025
Emsisoft 20181025
ESET-NOD32 20181025
F-Prot 20181025
F-Secure 20181025
Fortinet 20181025
GData 20181025
Jiangmin 20181025
K7AntiVirus 20181024
K7GW 20181024
Kingsoft 20181025
Malwarebytes 20181025
MAX 20181025
Microsoft 20181024
eScan 20181025
NANO-Antivirus 20181025
Panda 20181024
Rising 20181025
SentinelOne (Static ML) 20181011
Sophos AV 20181024
SUPERAntiSpyware 20181022
Symantec 20181025
Symantec Mobile Insight 20181001
TACHYON 20181025
Tencent 20181025
TheHacker 20181024
Trustlook 20181025
VBA32 20181024
ViRobot 20181024
Yandex 20181024
Zillya 20181024
Zoner 20181024
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) 2015 Company

Product Attacker
Original name Attacker.exe
Internal name Attacker
File version 6.4.2.1
Description Blacklist Silvered School
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-23 21:51:55
Entry Point 0x0000A323
Number of sections 4
PE sections
PE imports
GetOpenFileNameA
ChooseFontA
GetObjectA
FillRgn
DeleteDC
SelectObject
GetStockObject
SetViewportOrgEx
SetWindowExtEx
CreateFontIndirectA
CreateSolidBrush
CombineRgn
CreateDIBSection
CreateCompatibleDC
DeleteObject
SelectClipRgn
SetTextColor
GetAdaptersAddresses
GetStdHandle
GetConsoleOutputCP
GetOverlappedResult
WaitForSingleObject
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
TlsGetValue
OutputDebugStringA
SetLastError
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
ExitThread
TerminateProcess
WriteConsoleA
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CloseHandle
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
OpenProcess
GetProcAddress
SetFileInformationByHandle
GetProcessHeap
FindNextFileW
lstrcpyA
CreateEventW
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
AllocateUserPhysicalPages
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
FindFirstFileA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
ICCompressorChoose
wglMakeCurrent
wglCreateContext
GetProcessMemoryInfo
UuidToStringA
UuidCreate
SetupDiGetClassDevsA
CommandLineToArgvW
phoneClose
lineUnhold
SetFocus
GetMessageA
TranslateAcceleratorA
GetParent
UpdateWindow
GetWindowTextA
EndDialog
BeginPaint
EnumWindows
SendInput
DefWindowProcA
GetClassInfoExA
PostQuitMessage
CreatePopupMenu
ShowWindow
SetScrollRange
GetWindowRect
DispatchMessageA
EnableWindow
SetMenu
PostMessageA
MessageBoxA
AppendMenuW
TranslateMessage
DialogBoxParamA
GetSysColor
GetDC
RegisterClassExA
GetCursorPos
ReleaseDC
SystemParametersInfoA
SetWindowTextA
LoadStringA
GetWindowTextLengthA
SendMessageA
DrawTextA
GetClientRect
CreateWindowExA
GetDlgItem
IsWindow
EnableMenuItem
TrackPopupMenuEx
LoadAcceleratorsA
GetWindowLongA
IsClipboardFormatAvailable
CreateMenu
LoadCursorA
LoadIconA
CountClipboardFormats
GetTopWindow
IsDlgButtonChecked
GetDesktopWindow
LoadImageA
GetFocus
EndPaint
SetForegroundWindow
DestroyWindow
GetFileVersionInfoW
timeGetTime
mmioSetInfo
mmioSeek
mmioGetInfo
mmioDescend
Number of PE resources by type
RT_BITMAP 12
RT_ICON 5
TYPELIB 2
TXT 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 27
PE resources
ExifTool file metadata
CodeSize
105472

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.4.2.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Blacklist Silvered School

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
729088

EntryPoint
0xa323

OriginalFileName
Attacker.exe

MIMEType
application/octet-stream

LegalCopyright
(c) 2015 Company

FileVersion
6.4.2.1

TimeStamp
2018:10:23 23:51:55+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Attacker

ProductVersion
6.4.2.1

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Meizu Technology

LegalTrademarks
(c) 2015 Company

ProductName
Attacker

ProductVersionNumber
6.4.2.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bc4d2fd23a3ca94216443cea23381b54
SHA1 7f3c793c3c6414d223f5ce7d5090bb9dc2dcd709
SHA256 34e6ca7fcd9b02405980bd6a92e20b8f972b0988e90576135c4ce12216f12f7e
ssdeep
12288:6crq243ICNz1TJ987E77JALCkUBmke6dfDKT2UD4w3E1/JoV0TCV+Z:6e4d1q7o7Bkz3NDSpyG6+Z

authentihash 7f664a4cf54dc7a50ccaa3355c86889ea8318e632bed0e0708e99bc913ee09c2
imphash 2d927d8b51f84d530daacef2b8d0c48b
File size 816.0 KB ( 835584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (35.5%)
Win32 Executable MS Visual C++ (generic) (25.7%)
Win64 Executable (generic) (22.8%)
Win32 Dynamic Link Library (generic) (5.4%)
Win32 Executable (generic) (3.7%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-25 01:46:27 UTC ( 3 months, 4 weeks ago )
Last submission 2018-11-07 04:12:35 UTC ( 3 months, 2 weeks ago )
File names datet.exe
calcs.exe
history_c.exe
calcs.exe
Attacker
datet.exe
datet.exe
Attacker.exe
bc4d2fd23a3ca94216443cea23381b54
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!