× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 370b120e9e1100fbdfa6e2ebb198f570a98618c2fc0df4fac124a21c83fd8e2d
File name: http___185.165.29.36_poop.exe
Detection ratio: 11 / 61
Analysis date: 2017-06-24 20:13:41 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/VBKrypt.RP 20170624
Bkav HW32.Packed.8B02 20170624
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
Endgame malicious (high confidence) 20170615
ESET-NOD32 a variant of Win32/GenKryptik.ALYN 20170624
Sophos ML heuristic 20170607
Palo Alto Networks (Known Signatures) generic.ml 20170624
Qihoo-360 HEUR/QVM03.0.0AC7.Malware.Gen 20170624
SentinelOne (Static ML) static engine - malicious 20170516
Symantec ML.Attribute.HighConfidence 20170624
Webroot W32.Trojan.Gen 20170624
Ad-Aware 20170624
AegisLab 20170623
Alibaba 20170623
ALYac 20170624
Antiy-AVL 20170624
Arcabit 20170624
Avast 20170624
AVG 20170624
Avira (no cloud) 20170624
AVware 20170624
Baidu 20170623
BitDefender 20170624
CAT-QuickHeal 20170624
ClamAV 20170624
CMC 20170619
Comodo 20170624
Cyren 20170624
DrWeb 20170624
Emsisoft 20170624
F-Prot 20170624
F-Secure 20170624
Fortinet 20170624
GData 20170624
Ikarus 20170624
Jiangmin 20170624
K7AntiVirus 20170623
K7GW 20170624
Kaspersky 20170624
Kingsoft 20170624
Malwarebytes 20170624
McAfee 20170624
McAfee-GW-Edition 20170624
Microsoft 20170624
eScan 20170624
NANO-Antivirus 20170624
nProtect 20170624
Panda 20170624
Rising 20170624
Sophos AV 20170624
SUPERAntiSpyware 20170623
Symantec Mobile Insight 20170623
Tencent 20170624
TheHacker 20170623
TrendMicro 20170624
TrendMicro-HouseCall 20170624
Trustlook 20170624
VBA32 20170623
VIPRE 20170624
ViRobot 20170624
WhiteArmor 20170616
Yandex 20170623
Zillya 20170623
ZoneAlarm by Check Point 20170624
Zoner 20170624
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

Product Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus
Original name Fjorgammel7.exe
Internal name Fjorgammel7
File version 1.00
Description Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus
Comments Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-24 14:34:37
Entry Point 0x00001074
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
__vbaExceptHandler
Ord(100)
MethCallEngine
DllFunctionCall
Ord(527)
Ord(697)
EVENT_SINK_Release
EVENT_SINK_AddRef
Ord(598)
Ord(581)
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
CodeSize
4980736

SubsystemVersion
4.0

Comments
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x0000

FileDescription
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
28672

EntryPoint
0x1074

OriginalFileName
Fjorgammel7.exe

MIMEType
application/octet-stream

LegalCopyright
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

FileVersion
1.0

TimeStamp
2017:06:24 15:34:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Fjorgammel7

ProductVersion
1.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ulistar

LegalTrademarks
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

ProductName
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 109c9dcc0296fb5c205c277747bca090
SHA1 c1df7d34a784197a951a0ddbae89a235c6247235
SHA256 370b120e9e1100fbdfa6e2ebb198f570a98618c2fc0df4fac124a21c83fd8e2d
ssdeep
98304:pTgNQk1TTGClldvclM8JvatTqEGnItgA3AlXn3xRQEjLjfxsm4f7kzQy00L:1gN9ZTtlTvc28JCnG2fkXnnJum4TkVH

authentihash c1fa29b4b242932c4074b89561beb7a7d26e17bdf821ee9b9339ab7c59ca86db
imphash 2a916fc6160a33fac7b583689755558d
File size 4.8 MB ( 4988928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2017-06-24 20:11:19 UTC ( 1 year, 7 months ago )
Last submission 2017-07-31 01:57:21 UTC ( 1 year, 6 months ago )
File names Fjorgammel7.exe
http___185.165.29.36_poop.exe
http___185.165.29.36_poop.jpg
noname.ext
poop.jpg
42408.exe.3184.dr
25778.exe.3112.dr
Fjorgammel7
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications