× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3560fa684d586974a88729808ea9179e8be4b68a67f4df1145fa1c465d24c608
File name: 2fab636c97facb9f7685a1d1ee01af80
Detection ratio: 5 / 70
Analysis date: 2018-12-06 01:50:48 UTC ( 4 months, 2 weeks ago ) View latest
Antivirus Result Update
Endgame malicious (high confidence) 20181108
Rising Malware.Heuristic!ET#77% (RDM+:cmRtazqqAHMgIGC3jSqeOhxXHEx5) 20181205
Trapmine malicious.moderate.ml.score 20181205
Webroot W32.Trojan.Gen 20181206
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.afjq 20181206
Ad-Aware 20181206
AegisLab 20181206
AhnLab-V3 20181205
Alibaba 20180921
ALYac 20181206
Antiy-AVL 20181205
Arcabit 20181205
Avast 20181205
Avast-Mobile 20181205
AVG 20181205
Avira (no cloud) 20181205
Babable 20180918
Baidu 20181205
BitDefender 20181205
Bkav 20181205
CAT-QuickHeal 20181205
ClamAV 20181205
CMC 20181205
Comodo 20181205
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181206
Cyren 20181205
DrWeb 20181205
eGambit 20181206
Emsisoft 20181205
ESET-NOD32 20181205
F-Prot 20181205
F-Secure 20181205
Fortinet 20181205
GData 20181205
Ikarus 20181205
Sophos ML 20181128
Jiangmin 20181205
K7AntiVirus 20181205
K7GW 20181205
Kaspersky 20181205
Kingsoft 20181206
Malwarebytes 20181205
MAX 20181206
McAfee 20181205
McAfee-GW-Edition 20181205
Microsoft 20181205
eScan 20181205
NANO-Antivirus 20181205
Palo Alto Networks (Known Signatures) 20181206
Panda 20181205
Qihoo-360 20181206
SentinelOne (Static ML) 20181011
Sophos AV 20181205
SUPERAntiSpyware 20181205
Symantec 20181205
Symantec Mobile Insight 20181204
TACHYON 20181205
Tencent 20181206
TheHacker 20181202
TotalDefense 20181206
TrendMicro 20181206
TrendMicro-HouseCall 20181206
Trustlook 20181206
VBA32 20181205
VIPRE 20181205
ViRobot 20181206
Yandex 20181204
Zillya 20181206
Zoner 20181206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2008 Idera Found. All rights reserved.

Original name needwalk.exe
Internal name Systemmove
File version 3.3.39.78
Description Systemmove
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-05 13:18:24
Entry Point 0x00001797
Number of sections 6
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
OpenServiceA
RegQueryValueExA
ControlService
RegCreateKeyExA
SetSecurityDescriptorDacl
OpenProcessToken
QueryServiceStatus
SystemFunction036
RegOpenKeyExA
CreateServiceW
SetServiceStatus
OpenThreadToken
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetEntriesInAclA
OpenSCManagerA
CreatePropertySheetPageA
ImageList_LoadImageA
PropertySheetA
Ord(6)
OffsetViewportOrgEx
ScaleViewportExtEx
CreateRectRgn
GetPixel
CreateFontA
ScaleWindowExtEx
SelectClipRgn
CreateCompatibleDC
SetViewportExtEx
GetLastError
GetEnvironmentVariableA
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetACP
GetStdHandle
QueryPerformanceFrequency
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
GetStringTypeW
LocalAlloc
ReadConsoleW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
CompareStringW
RaiseException
GetFileAttributesExW
CreateThread
TlsFree
FindFirstFileExA
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
FindNextFileA
GetSystemDirectoryA
HeapReAlloc
DecodePointer
GetModuleHandleW
SetEnvironmentVariableA
FreeLibrary
LocalFree
TerminateProcess
GetTimeZoneInformation
WideCharToMultiByte
GetModuleHandleExW
IsValidCodePage
CreateFileW
VirtualProtect
FindClose
TlsGetValue
Sleep
SetLastError
SetEndOfFile
TlsSetValue
HeapAlloc
GetCurrentThreadId
SetFileAttributesW
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
GetCursorPos
SetFocus
GetWindowTextLengthA
CreateWindowExA
IsWindow
LoadIconA
AppendMenuA
InflateRect
SetParent
GetScrollInfo
SetMenuItemInfoA
IntersectRect
CallWindowProcA
GetClassInfoExA
GetFocus
SetWindowLongA
EndDeferWindowPos
ExitWindowsEx
SetScrollInfo
RegisterClassExA
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
0.0

FileVersionNumber
3.3.39.78

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Systemmove

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
275968

EntryPoint
0x1797

OriginalFileName
needwalk.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2008 Idera Found. All rights reserved.

FileVersion
3.3.39.78

TimeStamp
2017:12:05 05:18:24-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
Systemmove

ProductVersion
3.3.39.78

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Idera Found

CodeSize
249344

FileSubtype
0

ProductVersionNumber
3.3.39.78

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2fab636c97facb9f7685a1d1ee01af80
SHA1 fc9fe51bce2f43b10505eaeebf71bfd0934beb66
SHA256 3560fa684d586974a88729808ea9179e8be4b68a67f4df1145fa1c465d24c608
ssdeep
12288:mD9UDevpMtdoe83GWLh6iVMGPNtYLwqYZy4e:hiq/H8hh6O9NtqHYZS

authentihash 489d1a854b00e294b555d38a6e38adce464605a95f6b8b2bed9eb6e43fa01b3f
imphash 3d0d968829e97a969e3897cb10291d3d
File size 485.5 KB ( 497152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-06 01:50:48 UTC ( 4 months, 2 weeks ago )
Last submission 2018-12-19 03:13:30 UTC ( 4 months ago )
File names 2fab636c97facb9f7685a1d1ee01af80
Systemmove
2fab636c97facb9f7685a1d1ee01af80.virobj
needwalk.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!