× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 43ade0732b103beef40c9c65dfe7854c5b29ff274fc8d5bfe954a2564f4d6396
File name: ASDlkoa.exe
Detection ratio: 18 / 67
Analysis date: 2017-11-10 05:09:16 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20171110
AVG Win32:Malware-gen 20171110
ClamAV Win.Packer.VbPack-0-6334882-0 20171109
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20171016
Cylance Unsafe 20171110
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/GenKryptik.BCXB 20171110
Fortinet W32/Injector.DSKB!tr 20171110
Sophos ML heuristic 20170914
McAfee Artemis!CFC5759EF1AF 20171110
McAfee-GW-Edition BehavesLike.Win32.BadFile.dh 20171110
Palo Alto Networks (Known Signatures) generic.ml 20171110
Qihoo-360 HEUR/QVM03.0.148C.Malware.Gen 20171110
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/FareitVB-M 20171110
TrendMicro TROJ_TERMINATE.F 20171110
TrendMicro-HouseCall TROJ_TERMINATE.F 20171110
Webroot W32.Trojan.Gen 20171110
Ad-Aware 20171110
AegisLab 20171110
AhnLab-V3 20171110
Alibaba 20170911
ALYac 20171110
Antiy-AVL 20171110
Arcabit 20171110
Avast-Mobile 20171109
Avira (no cloud) 20171110
AVware 20171110
Baidu 20171109
BitDefender 20171110
Bkav 20171109
CAT-QuickHeal 20171110
CMC 20171109
Comodo 20171110
Cybereason 20171030
Cyren 20171110
DrWeb 20171110
eGambit 20171110
Emsisoft 20171110
F-Prot 20171110
F-Secure 20171110
GData 20171110
Ikarus 20171109
Jiangmin 20171110
K7AntiVirus 20171109
K7GW 20171110
Kaspersky 20171110
Kingsoft 20171110
Malwarebytes 20171110
MAX 20171110
Microsoft 20171110
eScan 20171110
NANO-Antivirus 20171110
nProtect 20171110
Panda 20171109
Rising 20171110
SUPERAntiSpyware 20171110
Symantec 20171109
Symantec Mobile Insight 20171110
Tencent 20171110
TheHacker 20171102
Trustlook 20171110
VBA32 20171109
VIPRE 20171110
ViRobot 20171110
WhiteArmor 20171104
Yandex 20171109
Zillya 20171109
ZoneAlarm by Check Point 20171110
Zoner 20171110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
DVDVIdeoSoft LTd.

Product HP
Original name Prestigiate6.exe
Internal name Prestigiate6
File version 1.00
Description SPicevpn.com
Comments PrESOnus
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-09 17:25:02
Entry Point 0x000011D4
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(523)
Ord(546)
Ord(687)
Ord(695)
Ord(527)
Ord(584)
Ord(710)
Ord(525)
Ord(586)
EVENT_SINK_AddRef
Ord(650)
Ord(629)
Ord(714)
Ord(591)
Ord(583)
Ord(647)
__vbaExceptHandler
Ord(712)
Ord(632)
MethCallEngine
DllFunctionCall
Ord(540)
Ord(571)
Ord(544)
Ord(100)
Ord(517)
Ord(651)
Ord(614)
Ord(585)
Ord(717)
EVENT_SINK_Release
Ord(713)
Ord(666)
Ord(677)
Ord(610)
Ord(628)
Ord(539)
Ord(538)
Ord(613)
Ord(672)
Ord(646)
Ord(631)
Ord(588)
Ord(609)
Ord(698)
Number of PE resources by type
RT_ICON 8
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
TERaByte Unlimited

SubsystemVersion
4.0

Comments
PrESOnus

InitializedDataSize
77824

ImageVersion
1.0

ProductName
HP

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Prestigiate6.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0

TimeStamp
2017:11:09 18:25:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Prestigiate6

ProductVersion
1.0

FileDescription
SPicevpn.com

OSVersion
4.0

FileOS
Win32

LegalCopyright
DVDVIdeoSoft LTd.

MachineType
Intel 386 or later, and compatibles

CompanyName
LSOft TEchnologies Inc.

CodeSize
176128

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x11d4

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 cfc5759ef1af8bc3f7c3d2004fd0de58
SHA1 0378fef84e0494127bf60110ccc615a4cbf9fa86
SHA256 43ade0732b103beef40c9c65dfe7854c5b29ff274fc8d5bfe954a2564f4d6396
ssdeep
3072:oGd/bJ5GnnWxnQqc5eYHRMfP8yEbsc6qfPrjyUf16h8L:ou/NPxQquRMfkNbsc6qbjhf1UE

authentihash ce2286b2e901496af190d30bec3e094936cbd2332735ba5e390a93746a21adde
imphash ff1e6a8049e4c119aa16a4bb02a0115f
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-10 04:56:49 UTC ( 1 year, 4 months ago )
Last submission 2017-12-13 12:14:23 UTC ( 1 year, 3 months ago )
File names urlref_http89.248.169.136bigmac.jpg
Prestigiate6
ASDlkoa.exe
Prestigiate6.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications