× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3fdfe5a113309887262e7eb669d6ad1d97fc83f4e2942e1e36a2472ad7f216e3
Detection ratio: 14 / 64
Analysis date: 2017-09-20 10:29:34 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20170920
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9905 20170920
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20170804
Cylance Unsafe 20170920
Endgame malicious (high confidence) 20170821
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20170920
Palo Alto Networks (Known Signatures) generic.ml 20170920
Qihoo-360 HEUR/QVM10.1.F860.Malware.Gen 20170920
Rising Malware.Heuristic!ET#90% (RDM+:cmRtazo2KA1+ZChvwfhK1C4h/1ih) 20170920
Symantec ML.Attribute.HighConfidence 20170920
Tencent Trojan.Ransomware.Gen.b.0 20170920
WhiteArmor Malware.HighConfidence 20170829
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170920
Ad-Aware 20170920
AhnLab-V3 20170920
Alibaba 20170911
ALYac 20170920
Antiy-AVL 20170920
Arcabit 20170920
Avast 20170920
Avast-Mobile 20170829
AVG 20170920
Avira (no cloud) 20170920
AVware 20170919
BitDefender 20170920
CAT-QuickHeal 20170920
ClamAV 20170920
CMC 20170919
Comodo 20170920
Cyren 20170920
DrWeb 20170920
Emsisoft 20170920
ESET-NOD32 20170920
F-Prot 20170920
F-Secure 20170920
Fortinet 20170920
GData 20170920
Ikarus 20170920
Jiangmin 20170920
K7AntiVirus 20170920
K7GW 20170920
Kingsoft 20170920
Malwarebytes 20170920
MAX 20170920
McAfee 20170920
McAfee-GW-Edition 20170920
Microsoft 20170920
eScan 20170920
NANO-Antivirus 20170920
nProtect 20170920
Panda 20170919
SentinelOne (Static ML) 20170806
Sophos AV 20170920
SUPERAntiSpyware 20170920
Symantec Mobile Insight 20170920
TheHacker 20170916
TrendMicro 20170920
TrendMicro-HouseCall 20170920
Trustlook 20170920
VBA32 20170919
VIPRE 20170920
ViRobot 20170920
Webroot 20170920
Yandex 20170908
Zillya 20170919
Zoner 20170920
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©GraphicRegion.com 1995-Present

Product AskPerfecting
Original name AskPerfecting.exe
Internal name AskPerfecting
File version 7.7.36.818
Description Instartup Manifests Detectedexceptin
Comments Instartup Manifests Detectedexceptin
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-19 09:08:49
Entry Point 0x0000DA02
Number of sections 4
PE sections
PE imports
AVIStreamGetFrameClose
ImageList_Create
Ord(17)
CreateICA
Polygon
TextOutA
EnumFontsA
GetPixel
Rectangle
GetDeviceCaps
LineTo
DeleteDC
SetBkMode
SetPixel
SetTextColor
GetObjectA
MoveToEx
SelectPalette
RoundRect
SelectObject
Pie
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
Ellipse
CreateCompatibleDC
ImmReleaseContext
ImmSetOpenStatus
AreFileApisANSI
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
HeapCreate
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
GetCommandLineW
RtlUnwind
LoadLibraryA
RaiseException
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
HeapSize
GetCurrentProcessId
UnhandledExceptionFilter
DeleteFileA
WideCharToMultiByte
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
EncodePointer
GetLocaleInfoW
SetStdHandle
SetEndOfFile
GetCPInfo
GetProcAddress
TlsFree
GetModuleHandleA
GetSystemDirectoryW
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
FindResourceA
TerminateProcess
LoadLibraryW
GetSystemTimeAsFileTime
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
SetLastError
CreateFileW
GlobalAlloc
GetStringTypeW
TlsGetValue
Sleep
GetFileType
ReadConsoleW
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcessHeap
WriteConsoleW
LeaveCriticalSection
NetShareGetInfo
VarBoolFromUI1
VarBstrFromBool
VarFormatPercent
SHGetDesktopFolder
SHBrowseForFolderA
CommandLineToArgvW
SHParseDisplayName
SetFocus
GetParent
EndDialog
LoadMenuA
PostQuitMessage
DefMDIChildProcA
CreatePopupMenu
GetWindowThreadProcessId
FreeDDElParam
GetSystemMetrics
DestroyIcon
GetWindowRect
InflateRect
EndPaint
SetDlgItemTextA
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
SetWindowLongA
DialogBoxParamA
GetDlgItemInt
CheckDlgButton
GetMenuBarInfo
GetKeyState
DrawTextA
BeginPaint
GetIconInfo
CheckMenuItem
GetMenu
DlgDirSelectExA
GetClientRect
GetDlgItem
PackDDElParam
SetMenuDefaultItem
ClientToScreen
GetSubMenu
LoadCursorA
LoadIconA
DlgDirListA
GetMenuItemInfoA
IsDlgButtonChecked
SetDlgItemInt
LoadImageA
GetDC
InsertMenuItemA
DialogBoxIndirectParamA
DestroyWindow
WSAStartup
CreateStreamOnHGlobal
CoInitialize
Number of PE resources by type
RPDATA 5
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
LegalTrademarks
Copyright GraphicRegion.com 1995-Present

SubsystemVersion
5.1

Comments
Instartup Manifests Detectedexceptin

Languages
English

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.7.36.818

LanguageCode
Danish

FileFlagsMask
0x003f

FileDescription
Instartup Manifests Detectedexceptin

CharacterSet
Unicode

InitializedDataSize
240640

PrivateBuild
7.7.36.818

EntryPoint
0xda02

OriginalFileName
AskPerfecting.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright GraphicRegion.com 1995-Present

FileVersion
7.7.36.818

TimeStamp
2015:11:19 10:08:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AskPerfecting

ProductVersion
7.7.36.818

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
GraphicRegion.com

CodeSize
145408

ProductName
AskPerfecting

ProductVersionNumber
7.7.36.818

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 d9d2ba69be3e519a3fdf043b14ed6587
SHA1 764cd3ba90a97a1c3107121250e90afb107d1132
SHA256 3fdfe5a113309887262e7eb669d6ad1d97fc83f4e2942e1e36a2472ad7f216e3
ssdeep
6144:+FZ018/1HG22wzFLSG1uAYc0zJ/Z04GBvawWoVmBk74auLhO:AX1Hx2eSGyJBHGpawWooBk/T

authentihash 5d6aa2fa787a0546ec755a29c306c6705086bd75e75d7f460fc084efb0d3418b
imphash 89ad31fc669b67ae73c9accad2e3e293
File size 378.0 KB ( 387072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-20 09:28:23 UTC ( 1 year, 5 months ago )
Last submission 2018-05-23 10:29:18 UTC ( 9 months ago )
File names AskPerfecting.exe
d9d2ba69be3e519a3fdf043b14ed6587.vir
MALWARE SAMPLE 20_09_2017 (9)
alrZXcACjUk.exe
AskPerfecting
payload from italy
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications