× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 413783b701e5b2f47875c93e02f41dba03594b5bbf67a871bc78b4a59d5806f1
File name: output.112961835.txt
Detection ratio: 48 / 68
Analysis date: 2018-03-12 15:27:44 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.CVTB 20180312
AegisLab Troj.W32.Vbkrypt!c 20180312
ALYac Trojan.Agent.CVTB 20180312
Antiy-AVL Trojan/Win32.VBKrypt 20180312
Arcabit Trojan.Agent.CVTB 20180312
Avast Win32:Malware-gen 20180312
AVG Win32:Malware-gen 20180312
Avira (no cloud) TR/Dropper.VB.szlnp 20180312
AVware Trojan.Win32.Generic!BT 20180312
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20180312
BitDefender Trojan.Agent.CVTB 20180312
CAT-QuickHeal Trojan.VBKrypt 20180312
Comodo UnclassifiedMalware 20180312
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180312
Cyren W32/VBInject.OR.gen!Eldorado 20180312
eGambit Unsafe.AI_Score_76% 20180312
Emsisoft Trojan.Agent.CVTB (B) 20180312
Endgame malicious (high confidence) 20180308
ESET-NOD32 a variant of Win32/Injector.DWIS 20180312
F-Prot W32/VBInject.OR.gen!Eldorado 20180312
F-Secure Trojan.Agent.CVTB 20180312
Fortinet Malicious_Behavior.SB 20180312
GData Win32.Trojan.Kryptik.JY 20180312
Ikarus Trojan.VB.Crypt 20180312
Sophos ML heuristic 20180120
Jiangmin Trojan.VBKrypt.ckbg 20180312
K7AntiVirus Trojan ( 005298541 ) 20180312
K7GW Trojan ( 005298541 ) 20180312
Kaspersky Trojan.Win32.VBKrypt.zdij 20180312
Malwarebytes Trojan.PasswordStealer 20180312
McAfee Artemis!5919DC241400 20180312
McAfee-GW-Edition BehavesLike.Win32.VBObfus.tm 20180312
Microsoft Trojan:Win32/Dynamer!rfn 20180312
eScan Trojan.Agent.CVTB 20180312
NANO-Antivirus Trojan.Win32.Mlw.eyqvzd 20180312
nProtect Trojan/W32.VBKrypt.1085440.E 20180312
Palo Alto Networks (Known Signatures) generic.ml 20180312
Panda Trj/GdSda.A 20180311
Qihoo-360 Win32/Trojan.5a2 20180312
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180312
Symantec Trojan.Gen.2 20180312
Tencent Win32.Trojan.Vbkrypt.Sunx 20180312
TrendMicro-HouseCall TSPY_DYNAMER.TBC 20180312
VIPRE Trojan.Win32.Generic!BT 20180312
ViRobot Trojan.Win32.Z.Agent.1085440.FO 20180312
ZoneAlarm by Check Point Trojan.Win32.VBKrypt.zdij 20180312
AhnLab-V3 20180312
Alibaba 20180312
Avast-Mobile 20180312
Bkav 20180312
ClamAV 20180312
CMC 20180312
Cybereason 20180225
DrWeb 20180312
Kingsoft 20180312
MAX 20180312
Rising 20180312
SUPERAntiSpyware 20180312
Symantec Mobile Insight 20180311
TheHacker 20180311
TotalDefense 20180312
Trustlook 20180312
VBA32 20180312
Webroot 20180312
WhiteArmor 20180223
Yandex 20180308
Zillya 20180309
Zoner 20180312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product gINstella, gla
Original name Planes0.exe
Internal name Planes0
File version 1.00
Description TaSHisAkE SaiEH
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-05 23:36:25
Entry Point 0x0000126C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(546)
_adj_fpatan
EVENT_SINK_QueryInterface
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(712)
__vbaObjVar
EVENT_SINK_AddRef
__vbaFpCDblR8
__vbaInStr
_adj_fdiv_m32i
Ord(591)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaFPException
__vbaFileSeek
_adj_fdivr_m16i
EVENT_SINK_Release
Ord(618)
_adj_fdiv_r
Ord(100)
__vbaFreeVar
__vbaObjSetAddref
Ord(536)
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaStrCopy
__vbaStrVarVal
_CIcos
Ord(616)
_adj_fptan
Ord(628)
Ord(716)
__vbaVarMove
Ord(646)
_CIatan
Ord(669)
__vbaNew2
__vbaR8IntI4
_adj_fdivr_m32i
Ord(631)
__vbaStrComp
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
_CItan
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
BREEkpAinO GiFtqEtO

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
TaSHisAkE SaiEH

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
77824

EntryPoint
0x126c

OriginalFileName
Planes0.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2018:03:05 23:36:25+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Planes0

ProductVersion
1.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
1007616

ProductName
gINstella, gla

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5919dc24140083247566bfe563f43c17
SHA1 d549a942428cea31972e73cc5e6660d43ac266e4
SHA256 413783b701e5b2f47875c93e02f41dba03594b5bbf67a871bc78b4a59d5806f1
ssdeep
12288:d8EPLI4nGDBPEyLEJsFQrw6HZH/WaKmbXilV6dQAIlUWRq:d8EPLsEyLUsycSdKmkpL

authentihash cd9b1a8bef594f34a58ab166aaab333810c87479c9dd9bfcb4113de75d862eb8
imphash 7239320b4532bfc1baf046ea1cb861bd
File size 1.0 MB ( 1085440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-06 20:23:38 UTC ( 1 year, 1 month ago )
Last submission 2018-03-20 10:00:59 UTC ( 1 year, 1 month ago )
File names Planes0
1edc0e4bad51d4b5d411feb776345f575a27efd8
VirusShare_5919dc24140083247566bfe563f43c17
output.112961835.txt
Planes0.exe
setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!