× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4086327e09ad06f660ef050290b4df8af14e607d4b3f97f78b0cd8a333abce49
Detection ratio: 26 / 64
Analysis date: 2018-04-12 10:47:15 UTC ( 10 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.483441 20180412
Arcabit Trojan.Graftor.D76071 20180412
Avast Win32:Malware-gen 20180412
AVG Win32:Malware-gen 20180412
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9992 20180411
BitDefender Gen:Variant.Graftor.483441 20180412
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20170201
Cylance Unsafe 20180412
DrWeb Trojan.MulDrop7.53707 20180412
Emsisoft Gen:Variant.Graftor.483441 (B) 20180412
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Kryptik.GFMT 20180412
F-Secure Gen:Variant.Graftor.483441 20180412
Fortinet W32/Kryptik.GFHY!tr 20180412
GData Gen:Variant.Graftor.483441 20180412
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180412
MAX malware (ai score=94) 20180412
McAfee Artemis!6C3995C3D102 20180412
McAfee-GW-Edition Artemis!Trojan 20180411
eScan Gen:Variant.Graftor.483441 20180412
Palo Alto Networks (Known Signatures) generic.ml 20180412
Rising Trojan.Kryptik!8.8 (TFE:5:fWhioXVTrmB) 20180412
Symantec Trojan.Gen.2 20180412
TrendMicro-HouseCall Suspicious_GEN.F47V0412 20180412
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180412
AegisLab 20180412
AhnLab-V3 20180411
Alibaba 20180412
ALYac 20180412
Antiy-AVL 20180412
Avast-Mobile 20180412
Avira (no cloud) 20180411
AVware 20180412
Bkav 20180410
CAT-QuickHeal 20180411
ClamAV 20180412
CMC 20180411
Comodo 20180412
Cybereason None
Cyren 20180412
eGambit 20180412
F-Prot 20180412
Ikarus 20180411
Jiangmin 20180412
K7AntiVirus 20180412
K7GW 20180412
Kingsoft 20180412
Malwarebytes 20180412
Microsoft 20180412
NANO-Antivirus 20180412
nProtect 20180412
Panda 20180411
Qihoo-360 20180412
SentinelOne (Static ML) 20180225
Sophos AV 20180412
SUPERAntiSpyware 20180412
Symantec Mobile Insight 20180412
Tencent 20180412
TheHacker 20180410
Trustlook 20180412
VBA32 20180411
VIPRE 20180412
ViRobot 20180412
Webroot 20180412
WhiteArmor 20180408
Yandex 20180412
Zoner 20180412
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2017, fockertoub

Internal name toofartyless.exe
File version 5.0.0.0
Signature verification Signed file, verified signature
Signing date 6:43 PM 4/11/2018
Signers
[+] PREMIUM ENGINEERING LIMITED
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO RSA Code Signing CA
Valid from 12:00 AM 12/08/2017
Valid to 11:59 PM 12/08/2018
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 29E254977352BB56CE377153A5D5B5D1A3B614A0
Serial number 00 F3 BE 09 9A 6C CC D6 CE 7E 2E 88 28 EF B5 4E B9
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 11:00 PM 10/21/2014
Valid to 11:00 PM 10/21/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-11 17:26:16
Entry Point 0x00001C46
Number of sections 5
PE sections
Overlays
MD5 6612d9c188c5871e6eb1a4996c588a49
File type data
Offset 157696
Size 9008
Entropy 7.37
PE imports
ReportEventA
GetTextExtentPointA
GetPolyFillMode
GetTextMetricsA
CreateRectRgnIndirect
GetLogColorSpaceW
CheckColorsInGamut
LineDDA
Ellipse
GetDeviceGammaRamp
GetLastError
IsValidCodePage
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
LoadLibraryW
GetTapeStatus
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetSystemWindowsDirectoryW
SetTapePosition
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
lstrlenW
WinExec
GetStdHandle
HeapAlloc
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetDriveTypeA
DecodePointer
GetCurrentProcessId
lstrcatA
SetVolumeMountPointA
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
LoadModule
GetFileInformationByHandle
InitializeCriticalSectionAndSpinCount
WriteProfileSectionW
GlobalLock
GetModuleHandleW
EncodePointer
WritePrivateProfileStringW
ExitProcess
WideCharToMultiByte
GetModuleFileNameW
TlsFree
FreeEnvironmentStringsW
DeleteCriticalSection
SetUnhandledExceptionFilter
lstrcpyA
DeleteAtom
GetSystemTimeAsFileTime
PeekConsoleInputA
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
SetEvent
GetSystemTimeAdjustment
TerminateProcess
InitializeCriticalSection
HeapCreate
WriteFile
CreateFileW
GlobalAlloc
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
LoadCursorA
AppendMenuA
CreateMDIWindowW
SetPropA
GetQueueStatus
SetClassLongW
GrayStringA
CloseWindow
GetWindowTextLengthW
SwitchDesktop
GetWindowTextA
GetCaretPos
InsertMenuItemA
SetWindowsHookA
ReplyMessage
GetDC
DrawCaption
OleMetafilePictFromIconAndLabel
CoUnmarshalHresult
OleSetMenuDescriptor
CoInitialize
CoMarshalHresult
Number of PE resources by type
RT_STRING 12
RT_BITMAP 3
PUDE 1
BGS 1
RT_ICON 1
CANOCIREZOTEXAHUWEHEWOYEZODO 1
PIGOTALAGOVEPAXEXUPURUJO 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 22
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
1.3.0.6

LanguageCode
English (British)

FileFlagsMask
0x001f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1617408

EntryPoint
0x1c46

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.0.0.0

TimeStamp
2018:04:11 19:26:16+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
toofartyless.exe

ProductVersion
5.0.0.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2017, fockertoub

MachineType
Intel 386 or later, and compatibles

CodeSize
18944

FileSubtype
0

ProductVersionNumber
1.3.0.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6c3995c3d102d5820f5edb1a36e85497
SHA1 478ac0e183ed669ab7c75dbb3076b374fad385f4
SHA256 4086327e09ad06f660ef050290b4df8af14e607d4b3f97f78b0cd8a333abce49
ssdeep
3072:AaPw2+0SxuYhDXiKCJciSh5oqcW4k/aaPbi+:AaU/xzDXFeciwoqrbX

authentihash 36a71ee141d77e849765ec0490123cd8519af074263d01f3e037171d6e73880e
imphash d18033035bcf4c93b44d25aae6a4aecf
File size 162.8 KB ( 166704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-04-12 05:57:40 UTC ( 10 months, 2 weeks ago )
Last submission 2018-05-25 18:10:21 UTC ( 9 months ago )
File names 88da1f2477bba308e23f99c8291cfb03750cf82c
6c3995c3d102d5820f5edb1a36e85497.exe.@
toofartyless.exe
flashplayer-04_2018.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs