× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 38d28ac5af94ff08fc9649174d898a514d2030647b07da7fcfc3dd1e9385f258
File name: .
Detection ratio: 15 / 70
Analysis date: 2019-04-11 18:02:26 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190409
AhnLab-V3 Trojan/Win32.Swotter.R263633 20190411
CrowdStrike Falcon (ML) win/malicious_confidence_80% (D) 20190212
Cybereason malicious.e7c9f0 20190403
Cylance Unsafe 20190411
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win32/Injector.EELI 20190411
FireEye Generic.mg.e1706dfcf8fb5985 20190411
Ikarus Trojan-Spy.FormBook 20190411
Sophos ML heuristic 20190313
Kaspersky Trojan-Spy.Win32.Noon.addm 20190411
McAfee-GW-Edition BehavesLike.Win32.Fareit.gh 20190411
SentinelOne (Static ML) DFI - Malicious PE 20190407
Trapmine malicious.high.ml.score 20190325
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.addm 20190411
Ad-Aware 20190411
AegisLab 20190411
Alibaba 20190402
ALYac 20190411
Antiy-AVL 20190411
Arcabit 20190411
Avast 20190411
Avast-Mobile 20190411
AVG 20190411
Avira (no cloud) 20190411
Babable 20180918
Baidu 20190318
BitDefender 20190411
Bkav 20190410
CAT-QuickHeal 20190411
ClamAV 20190411
CMC 20190321
Comodo 20190411
Cyren 20190411
DrWeb 20190411
eGambit 20190411
Emsisoft 20190411
F-Prot 20190411
F-Secure 20190411
Fortinet 20190411
GData 20190411
Jiangmin 20190411
K7AntiVirus 20190411
K7GW 20190411
Kingsoft 20190411
Malwarebytes 20190411
MAX 20190411
McAfee 20190411
Microsoft 20190411
eScan 20190411
NANO-Antivirus 20190411
Palo Alto Networks (Known Signatures) 20190411
Panda 20190411
Qihoo-360 20190411
Rising 20190411
Sophos AV 20190411
SUPERAntiSpyware 20190410
Symantec Mobile Insight 20190410
TACHYON 20190411
Tencent 20190411
TheHacker 20190411
TotalDefense 20190411
TrendMicro 20190411
TrendMicro-HouseCall 20190411
Trustlook 20190411
VBA32 20190411
VIPRE 20190411
ViRobot 20190411
Yandex 20190411
Zillya 20190410
Zoner 20190411
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
fuk

Product dec
Original name pal.exe
Internal name pal
File version 1.00
Description arb
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-04-10 22:21:40
Entry Point 0x00001374
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaStrCmp
Ord(607)
__vbaVarDup
Ord(516)
_adj_fdivr_m64
_adj_fprem
Ord(572)
EVENT_SINK_AddRef
Ord(710)
__vbaObjSetAddref
Ord(525)
_adj_fpatan
Ord(663)
__vbaFreeObjList
__vbaStrToUnicode
_adj_fdivr_m16i
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
__vbaRecDestruct
__vbaStrMove
_adj_fdiv_r
Ord(100)
__vbaFreeObj
__vbaFreeVar
__vbaVarTstNe
__vbaInStrB
Ord(519)
__vbaStrVarVal
_CItan
_adj_fdiv_m64
Ord(651)
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(660)
_allmul
Ord(513)
_CIcos
Ord(616)
EVENT_SINK_QueryInterface
_adj_fptan
Ord(610)
Ord(628)
__vbaI4Var
Ord(538)
__vbaObjSet
__vbaVarLateMemSt
_CIatan
Ord(540)
__vbaNew2
__vbaErrorOverflow
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
__vbaStrI2
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaFreeStrList
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 10
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
ata

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
arb

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
36864

EntryPoint
0x1374

OriginalFileName
pal.exe

MIMEType
application/octet-stream

LegalCopyright
fuk

FileVersion
1.0

TimeStamp
2019:04:10 22:21:40+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
pal

ProductVersion
1.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
376832

ProductName
dec

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e1706dfcf8fb59854dcd11fa17ac9543
SHA1 023dcdbe7c9f0745d15acca8dfafa9b917ece0e2
SHA256 38d28ac5af94ff08fc9649174d898a514d2030647b07da7fcfc3dd1e9385f258
ssdeep
6144:8RAV7CJxfCIMf6hiHDc/IOmDnR255QlaulsGURh2VI:8RAEJI3fHDc/IOiojQlRUv2V

authentihash 788ce0975b53c0e3cbccf20c125bce6118682795075d0e83181bc0b104bf239c
imphash a29a5864a3a4f83eb422f06fc16e732b
File size 408.0 KB ( 417792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2019-04-11 18:02:26 UTC ( 1 month, 1 week ago )
Last submission 2019-04-11 18:02:26 UTC ( 1 month, 1 week ago )
File names pal
pal.exe
.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.