× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3f54aaa6d2cb5c7ff3f6d41790b40de47e8f870fe96aaecec4342ab84f700def
File name: visco.exe
Detection ratio: 52 / 67
Analysis date: 2017-11-29 15:53:33 UTC ( 1 year ago )
Antivirus Result Update
Ad-Aware Generic.TreasureHunter.0A959F9F 20171129
AegisLab Dangerousobject.Multi.Generic!c 20171129
AhnLab-V3 Spyware/Win32.Huntpos.C1261817 20171129
ALYac Generic.TreasureHunter.0A959F9F 20171129
Antiy-AVL Trojan/Win32.AGeneric 20171129
Arcabit Generic.TreasureHunter.0A959F9F 20171129
Avast Win32:Malware-gen 20171129
AVG Win32:Malware-gen 20171129
Avira (no cloud) TR/Rogue.80896.21 20171129
AVware Trojan.Win32.Generic!BT 20171129
BitDefender Generic.TreasureHunter.0A959F9F 20171129
Bkav W32.GenericRogueO.Trojan 20171129
CAT-QuickHeal TrojanPOS.Huntpos.A5 20171129
ClamAV Win.Trojan.TreasureHunter-1 20171129
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171129
Cyren W32/Trojan.JNTP-2952 20171129
DrWeb Trojan.Fakealert.50992 20171129
Emsisoft Generic.TreasureHunter.0A959F9F (B) 20171129
Endgame malicious (high confidence) 20171024
ESET-NOD32 Win32/Agent.XAS 20171129
F-Prot W32/Trojan3.UZR 20171129
F-Secure Generic.TreasureHunter.0A959F9F 20171129
Fortinet W32/Kryptik.1600!tr 20171129
GData Generic.TreasureHunter.0A959F9F 20171129
Ikarus Trojan-Spy.POS.TreasureHunt 20171129
Jiangmin Trojan/Generic.bfrfz 20171129
K7AntiVirus Trojan ( 004bcf851 ) 20171129
K7GW Trojan ( 004bcf851 ) 20171129
Kaspersky HEUR:Trojan.Win32.Generic 20171129
Malwarebytes Trojan.Agent.ED 20171129
MAX malware (ai score=100) 20171129
McAfee Artemis!BD50B22D1CAE 20171129
McAfee-GW-Edition BehavesLike.Win32.Backdoor.lm 20171129
eScan Generic.TreasureHunter.0A959F9F 20171129
NANO-Antivirus Trojan.Win32.Fakealert.dwrjpj 20171129
Palo Alto Networks (Known Signatures) generic.ml 20171129
Panda Trj/CI.A 20171129
Qihoo-360 Win32/Trojan.7f8 20171129
Sophos AV Mal/Generic-S 20171129
SUPERAntiSpyware Trojan.Agent/Gen-Malagent 20171129
Symantec Trojan.Huntpos 20171129
Tencent Win32.Trojan.Generic.Phga 20171129
TheHacker Trojan/Agent.xas 20171126
TrendMicro TSPY_HUNTPOS.SMA 20171129
TrendMicro-HouseCall TSPY_HUNTPOS.SMA 20171129
VIPRE Trojan.Win32.Generic!BT 20171129
Webroot W32.Trojan.Gen 20171129
Yandex Trojan.Agent!IJIIwRC6f7E 20171120
Zillya Trojan.FakeAV.Win32.314786 20171129
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171129
Alibaba 20171129
Avast-Mobile 20171129
Baidu 20171129
CMC 20171126
Comodo 20171129
eGambit 20171129
Sophos ML 20170914
Kingsoft 20171129
Microsoft 20171129
nProtect 20171129
Rising 20171129
SentinelOne (Static ML) 20171113
Symantec Mobile Insight 20171129
Trustlook 20171129
VBA32 20171129
ViRobot 20171129
WhiteArmor 20171104
Zoner 20171129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-10-19 07:14:39
Entry Point 0x0000523B
Number of sections 5
PE sections
PE imports
RegCloseKey
OpenProcessToken
RegSetValueExA
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
CreateToolhelp32Snapshot
DeviceIoControl
InterlockedDecrement
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
ReleaseMutex
LoadLibraryW
GetLastError
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
EncodePointer
CopyFileA
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
Process32NextW
DeleteCriticalSection
GetCurrentProcess
Module32FirstW
GetStartupInfoW
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
OpenProcess
WriteConsoleW
CreateDirectoryA
DeleteFileA
IsValidCodePage
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
ReadProcessMemory
GetCPInfo
GetCommandLineA
GetProcAddress
Process32FirstW
GetProcessHeap
GetConsoleCP
SetStdHandle
CreateMutexA
InitializeCriticalSectionAndSpinCount
CreateThread
GetModuleFileNameW
TlsFree
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
CreateProcessA
TlsGetValue
GetModuleHandleExW
InitializeCriticalSection
OutputDebugStringW
CreateFileW
VirtualQueryEx
IsDebuggerPresent
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
SHGetFolderPathA
MessageBoxA
MessageBoxW
WinHttpConnect
WinHttpSendRequest
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:10:19 08:14:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
41472

LinkerVersion
11.0

EntryPoint
0x523b

InitializedDataSize
46080

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 bd50b22d1caee56b5d3fbd8e7816ab88
SHA1 55f39ca3b68b92e898f9f86f3de1b03d3b88f5d9
SHA256 3f54aaa6d2cb5c7ff3f6d41790b40de47e8f870fe96aaecec4342ab84f700def
ssdeep
1536:CtjtcydQPQpWARwR8xFMEcLssWjcd+Ceid3q1Hwa:CtjjuzACRaFMRz+Ceid3If

authentihash 6daf018136f8b78f1a426733b6122c244e73aab6a7205be4beac1d0ed94795ae
imphash 3e68822a115a7a54dd73bca4eb619c7d
File size 79.0 KB ( 80896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-05-19 08:13:08 UTC ( 2 years, 6 months ago )
Last submission 2017-11-29 15:53:33 UTC ( 1 year ago )
File names visco.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications