× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 37b41df9c811f1b10d518c004e5280d3b17e27ad58fcf24a59d5de50c8f6b4c8
File name: .
Detection ratio: 16 / 71
Analysis date: 2019-01-20 17:35:43 UTC ( 2 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Inject.C2899141 20190120
Avast Win32:Trojan-gen 20190120
AVG Win32:Trojan-gen 20190120
Cylance Unsafe 20190120
DrWeb Trojan.IcedID.15 20190120
ESET-NOD32 a variant of Win32/Kryptik.GOAA 20190120
Fortinet W32/Kryptik.GOAA!tr 20190120
Kaspersky HEUR:Trojan.Win32.Generic 20190120
McAfee Ursnif-FQLY!D9163F72634A 20190120
McAfee-GW-Edition Ursnif-FQLY!D9163F72634A 20190120
NANO-Antivirus Trojan.Win32.IcedID.flkmfn 20190120
Panda Trj/GdSda.A 20190120
Rising Trojan.GenKryptik!8.AA55/N3#93% (RDM+:cmRtazpHPFGCcNo2TppBqm4C8qgx) 20190120
Webroot W32.Adware.Gen 20190120
Yandex Trojan.PWS.IcedID! 20190118
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190120
Acronis 20190119
Ad-Aware 20190120
AegisLab 20190120
Alibaba 20180921
ALYac 20190120
Antiy-AVL 20190120
Arcabit 20190120
Avast-Mobile 20190118
Avira (no cloud) 20190120
AVware 20180925
Babable 20180918
Baidu 20190118
BitDefender 20190120
Bkav 20190119
CAT-QuickHeal 20190120
ClamAV 20190120
CMC 20190120
Comodo 20190120
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190120
eGambit 20190120
Emsisoft 20190120
Endgame 20181108
F-Prot 20190120
F-Secure 20190120
GData 20190120
Ikarus 20190120
Sophos ML 20181128
Jiangmin 20190120
K7AntiVirus 20190120
K7GW 20190120
Kingsoft 20190120
Malwarebytes 20190120
MAX 20190120
Microsoft 20190120
eScan 20190120
Palo Alto Networks (Known Signatures) 20190120
Qihoo-360 20190120
SentinelOne (Static ML) 20190118
Sophos AV 20190120
SUPERAntiSpyware 20190116
Symantec 20190119
TACHYON 20190120
Tencent 20190120
TheHacker 20190118
TotalDefense 20190120
Trapmine 20190103
TrendMicro 20190120
TrendMicro-HouseCall 20190120
Trustlook 20190120
VBA32 20190118
ViRobot 20190120
Zillya 20190118
Zoner 20190120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright© 2017-2014 Centare Talk, Inc.

Product Visitsoon
Original name allowtype.exe
Internal name allowtype.exe
File version 12.2.45.62
Description Visitsoon
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-13 13:08:13
Entry Point 0x0000777D
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
OpenServiceA
RegQueryValueExA
RegCreateKeyExA
DeleteService
RegOpenKeyA
OpenProcessToken
QueryServiceStatus
RegOpenKeyExA
GetTokenInformation
OpenThreadToken
RegEnumKeyA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
SetEntriesInAclA
OpenSCManagerA
EndPage
RestoreDC
StartDocA
CreateFontIndirectA
ExtTextOutA
Rectangle
GetLastError
IsValidCodePage
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
GetFileType
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetUserDefaultLCID
InterlockedCompareExchange
GetLocaleInfoW
SetStdHandle
GetModuleFileNameW
RaiseException
WideCharToMultiByte
GetProcAddress
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
InitializeCriticalSection
HeapCreate
CreateFileW
InterlockedDecrement
Sleep
SetLastError
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
ExitProcess
WriteConsoleW
InterlockedIncrement
GetMessageA
AppendMenuA
TrackPopupMenu
GetActiveWindow
EndDialog
PostMessageA
ReleaseCapture
OffsetRect
WindowFromPoint
FillRect
CloseClipboard
DrawFrameControl
IsDialogMessageA
LoadIconA
CoUninitialize
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
CoRevokeClassObject
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
89600

ImageVersion
0.0

ProductName
Visitsoon

FileVersionNumber
12.2.45.62

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
allowtype.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
12.2.45.62

TimeStamp
2012:12:13 14:08:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
allowtype.exe

ProductVersion
12.2.45.62

FileDescription
Visitsoon

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright 2017-2014 Centare Talk, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
Centare Talk

CodeSize
172032

FileSubtype
0

ProductVersionNumber
12.2.45.62

EntryPoint
0x777d

ObjectFileType
Executable application

File identification
MD5 d9163f72634aaf6aaa512eb0b73e02eb
SHA1 1f7095209dedc701b49f9e9e16e6b68e04c12670
SHA256 37b41df9c811f1b10d518c004e5280d3b17e27ad58fcf24a59d5de50c8f6b4c8
ssdeep
6144:BNkYKtZ1nGIRUxHRR9WUj1TtEEE/1HaRZd:PkHGIRUx4Ujpephs

authentihash 0eae70f0df22571435e068056475e0f45fbef554c3e3b695e6f4a0024a13db60
imphash 2487687d7a866b96653c2d830ae73127
File size 199.5 KB ( 204288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-20 17:35:43 UTC ( 2 months ago )
Last submission 2019-01-20 17:35:43 UTC ( 2 months ago )
File names allowtype.exe
.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.