× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3750f74bffd73c4cc5f0a526eed87a844ad727203cbdca3088daa2389c6a6d70
File name: 3750f74bffd73c4cc5f0a526eed87a844ad727203cbdca3088daa2389c6a6d70
Detection ratio: 38 / 67
Analysis date: 2018-10-31 20:52:44 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40662263 20181031
AhnLab-V3 Trojan/Win32.Injector.R241849 20181031
ALYac Trojan.GenericKD.40662263 20181031
Antiy-AVL Trojan/Win32.Fuerboos 20181031
Arcabit Trojan.Generic.D26C74F7 20181031
Avast Win32:Malware-gen 20181031
AVG Win32:Malware-gen 20181031
BitDefender Trojan.GenericKD.40662263 20181031
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20181022
Cylance Unsafe 20181031
Cyren W32/Trojan.JDQX-7931 20181031
DrWeb Trojan.PWS.Stealer.25048 20181031
Emsisoft Trojan.GenericKD.40662263 (B) 20181031
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.EBIA 20181031
F-Prot W32/VBKrypt.GH.gen!Eldorado 20181031
F-Secure Trojan.GenericKD.40662263 20181031
Fortinet W32/Injector.EBIA!tr 20181031
GData Trojan.GenericKD.40662263 20181031
Ikarus Trojan.VB.Crypt 20181031
Sophos ML heuristic 20180717
K7AntiVirus Riskware ( 0040eff71 ) 20181031
K7GW Riskware ( 0040eff71 ) 20181031
Kaspersky Trojan.Win32.VBKryjetor.bczh 20181031
McAfee RDN/Generic.dx 20181031
McAfee-GW-Edition RDN/Generic.dx 20181031
Microsoft Trojan:Win32/Casdet!rfn 20181031
eScan Trojan.GenericKD.40662263 20181031
Palo Alto Networks (Known Signatures) generic.ml 20181031
Panda Trj/GdSda.A 20181031
Qihoo-360 Win32/Trojan.630 20181031
Sophos AV Troj/Zbot-MQZ 20181031
Symantec Packed.Generic.535 20181031
Tencent Win32.Trojan.Vbkryjetor.Ajky 20181031
TrendMicro TSPY_LOKI.THAOCAAH 20181031
TrendMicro-HouseCall TSPY_LOKI.THAOCAAH 20181031
ViRobot Trojan.Win32.S.Agent.581704 20181031
ZoneAlarm by Check Point Trojan.Win32.VBKryjetor.bczh 20181031
AegisLab 20181031
Alibaba 20180921
Avast-Mobile 20181031
Avira (no cloud) 20181031
Babable 20180918
Baidu 20181031
Bkav 20181031
CAT-QuickHeal 20181031
ClamAV 20181031
CMC 20181031
Cybereason 20180225
eGambit 20181031
Jiangmin 20181031
Kingsoft 20181031
Malwarebytes 20181031
MAX 20181031
NANO-Antivirus 20181031
Rising 20181031
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181030
TACHYON 20181031
TheHacker 20181031
Trustlook 20181031
VBA32 20181031
VIPRE 20181031
Webroot 20181031
Yandex 20181030
Zillya 20181030
Zoner 20181031
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
FLANKARD

Product ISOCAPROIC0
Original name jewelly9.exe
Internal name jewelly9
File version 8.07
Comments Zerozero
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 2:16 PM 2/28/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-08-16 17:10:30
Entry Point 0x0000137C
Number of sections 3
PE sections
Overlays
MD5 877c59b83d154af7733809aaac66e11d
File type data
Offset 573440
Size 8264
Entropy 7.54
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(546)
EVENT_SINK_Release
__vbaStrCmp
Ord(521)
_allmul
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
Ord(661)
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(650)
__vbaStrToUnicode
Ord(714)
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaRedim
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
Ord(618)
_adj_fdiv_r
Ord(100)
__vbaDerefAry1
__vbaVarSetObjAddref
_CItan
__vbaFreeVar
__vbaAryConstruct2
_adj_fdiv_m64
Ord(542)
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(660)
__vbaVarIdiv
__vbaStrVarVal
_CIcos
__vbaVarTstEq
_adj_fptan
Ord(685)
Ord(610)
Ord(628)
__vbaObjSet
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
Ord(540)
__vbaNew2
__vbaR8IntI4
__vbaVarCat
__vbaOnError
_adj_fdivr_m32i
__vbaAryLock
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFPFix
__vbaFreeStrList
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
552960

SubsystemVersion
4.0

Comments
Zerozero

InitializedDataSize
16384

ImageVersion
8.7

FileSubtype
0

FileVersionNumber
8.7.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x137c

OriginalFileName
jewelly9.exe

MIMEType
application/octet-stream

LegalCopyright
FLANKARD

FileVersion
8.07

TimeStamp
2006:08:16 10:10:30-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
jewelly9

ProductVersion
8.07

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

LegalTrademarks
Garotting4

ProductName
ISOCAPROIC0

ProductVersionNumber
8.7.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e470a859f6ab6f93997ede44cefa7903
SHA1 928ceecb74f3a60ad2461a88f06b2ae8af47ad23
SHA256 3750f74bffd73c4cc5f0a526eed87a844ad727203cbdca3088daa2389c6a6d70
ssdeep
6144:IPV+tScDtCz4cmSJ0Ic6+iSaMcyP3y4rz6yP+rAe4k34C1:Focc1mCxgc0hzW

authentihash aab1aa14cd22b184afc423b1207f049cd4d2aaac5e631384b20e1e1659f35e24
imphash 663dfe500d28372c07254ba131be5dbd
File size 568.1 KB ( 581704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-10-30 04:24:20 UTC ( 4 months, 3 weeks ago )
Last submission 2018-11-13 07:13:17 UTC ( 4 months, 1 week ago )
File names jewelly9
e470a859f6ab6f93997ede44cefa7903
jewelly9.exe
e470a859f6ab6f93997ede44cefa7903
order.exe
order.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.