× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 36870d9d169d81e5df8ba46c90d5aee59bba22a4dd9bffce405566e58482637c
File name: 61.bin
Detection ratio: 15 / 66
Analysis date: 2018-11-06 16:02:58 UTC ( 4 months, 2 weeks ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20181106
Bkav W32.eHeur.Malware09 20181106
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181022
Cylance Unsafe 20181106
Endgame malicious (moderate confidence) 20180730
Kaspersky UDS:DangerousObject.Multi.Generic 20181106
Microsoft Trojan:Win32/Emotet.AC!bit 20181106
Palo Alto Networks (Known Signatures) generic.ml 20181106
Panda Trj/Emotet.C 20181106
Rising Malware.Heuristic!ET#84% (RDM+:cmRtazqDIy9wWehaFRkVmBRWxSuY) 20181106
SentinelOne (Static ML) static engine - malicious 20181011
TrendMicro TrojanSpy.Win32.URSNIF.SMKA0.hp 20181106
TrendMicro-HouseCall TrojanSpy.Win32.URSNIF.SMKA0.hp 20181106
Webroot W32.Trojan.Gen 20181106
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181106
Ad-Aware 20181106
AegisLab 20181106
AhnLab-V3 20181106
Alibaba 20180921
ALYac 20181106
Antiy-AVL 20181106
Arcabit 20181106
Avast 20181106
Avast-Mobile 20181106
Avira (no cloud) 20181106
Babable 20180918
Baidu 20181106
BitDefender 20181106
CAT-QuickHeal 20181105
ClamAV 20181106
CMC 20181106
Cybereason 20180225
Cyren 20181106
DrWeb 20181106
eGambit 20181106
Emsisoft 20181106
ESET-NOD32 20181106
F-Prot 20181106
F-Secure 20181106
Fortinet 20181106
GData 20181106
Ikarus 20181106
Sophos ML 20180717
Jiangmin 20181106
K7AntiVirus 20181106
K7GW 20181106
Kingsoft 20181106
Malwarebytes 20181106
MAX 20181106
McAfee 20181106
McAfee-GW-Edition 20181106
eScan 20181106
NANO-Antivirus 20181106
Qihoo-360 20181106
Sophos AV 20181106
SUPERAntiSpyware 20181031
Symantec 20181106
Symantec Mobile Insight 20181105
TACHYON 20181106
Tencent 20181106
TheHacker 20181104
TotalDefense 20181106
Trustlook 20181106
VBA32 20181106
ViRobot 20181106
Yandex 20181102
Zillya 20181106
Zoner 20181106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2007- 2014 The Nerdery Sail

Internal name Secondduck
File version 13.0.97.22
Description Secondduck
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-11-06 10:52:45
Entry Point 0x00018C0D
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
OpenServiceW
LookupPrivilegeValueW
RegEnumKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
RegOpenKeyW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenThreadToken
RegSetValueExW
FreeSid
OpenSCManagerW
AllocateAndInitializeSid
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
SetSecurityDescriptorGroup
SelectClipRgn
GetPixel
GetStockObject
CreateRectRgn
CreateFontW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
CopyFileW
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
WriteConsoleW
LoadLibraryExW
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
CreateDirectoryW
GetUserDefaultLCID
EncodePointer
GetLocaleInfoW
SetStdHandle
GetModuleFileNameW
RaiseException
InitializeCriticalSection
GetCPInfo
GetProcAddress
TlsFree
SetFilePointer
DeleteCriticalSection
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
ResetEvent
IsValidCodePage
HeapCreate
GetTempPathW
CreateFileW
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
StiCreateInstanceW
SetWindowLongW
GetIconInfo
TrackPopupMenu
IsDialogMessageW
GetActiveWindow
LoadBitmapW
SetWindowTextW
AppendMenuW
SendMessageTimeoutW
FillRect
PostMessageW
DrawFrameControl
CheckDlgButton
AddPrinterConnectionW
AddPrinterDriverExW
EnumFormsW
EnumPortsW
ReadPrinter
AddMonitorW
GetPrinterDataW
EnumPrintProcessorsW
WritePrinter
DeletePortW
SetFormW
AddJobW
ResetPrinterW
OpenPrinterW
DeletePrinter
GetPrinterDataExW
GetPrinterW
ConfigurePortW
EnumPrinterDataExW
EnumPrinterDriversW
DeleteMonitorW
AbortPrinter
EnumPrinterDataW
DeletePrintProcessorW
XcvDataW
ClosePrinter
DeletePrinterConnectionW
SetPortW
EndPagePrinter
SetPrinterDataExW
StartPagePrinter
EnumPrintersW
ScheduleJob
DeletePrinterDataW
SetJobW
EnumMonitorsW
GetJobW
DeletePrinterKeyW
AddPortW
DeletePrinterDriverW
GetFormW
AddPrinterDriverW
EnumJobsW
DeletePrintProvidorW
GetPrinterDriverW
DeletePrinterDataExW
AddPrintProvidorW
DeleteFormW
EnumPrinterKeyW
PrinterMessageBoxW
DeletePrinterDriverExW
WaitForPrinterChange
FlushPrinter
GetPrintProcessorDirectoryW
GetPrinterDriverDirectoryW
StartDocPrinterW
FindClosePrinterChangeNotification
AddPrintProcessorW
SetPrinterDataW
EnumPrintProcessorDatatypesW
EndDocPrinter
AddPrinterW
AddFormW
CoUninitialize
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
CoRevokeClassObject
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
CodeSize
166400

UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
13.0.97.22

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Secondduck

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
297984

EntryPoint
0x18c0d

MIMEType
application/octet-stream

LegalCopyright
Copyright 2007- 2014 The Nerdery Sail

FileVersion
13.0.97.22

TimeStamp
2011:11:06 11:52:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Secondduck

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
The Nerdery Sail

LegalTrademarks
Secondduck

FileSubtype
0

ProductVersionNumber
13.0.97.22

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 ac78c37daba627a275b8a46a291c59c1
SHA1 5d40ea315df5580160ab3c4e66bc3f20b5d019c8
SHA256 36870d9d169d81e5df8ba46c90d5aee59bba22a4dd9bffce405566e58482637c
ssdeep
6144:SuNrFGa2BRo5P9Tb5ZQj1b+In279V0w5RsfYKBTYkR:SuvG3BRKvZQBVq9V0w5qYK+

authentihash d35197a666ad861a60e3679b216573787c43d5ee19f59589757496722967cc92
imphash 3690739fc68fb27cae3f9531aaab3313
File size 413.0 KB ( 422912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-06 15:13:18 UTC ( 4 months, 2 weeks ago )
Last submission 2018-11-06 17:21:18 UTC ( 4 months, 2 weeks ago )
File names 5386.exe
12vRC
071653.exe
4.exe
21240.exe
908634.exe
52308.exe
382.exe
zbetcheckin_tracker_ac78c37daba627a275b8a46a291c59c1
61.exe
88611339.exe
0.exe
54824.exe
73398.exe
5481.exe
38.exe
12.exe
61.bin
Secondduck
007652.exe
8540.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs