× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 451dd681e794e39d4897b560c6ba8dfc5216736bef8285771c1bc55c1467c836
File name: Quotation05.exe
Detection ratio: 33 / 67
Analysis date: 2017-11-09 05:27:07 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12544784 20171109
AhnLab-V3 Trojan/Win32.Androm.C2249050 20171109
Arcabit Trojan.Generic.DBF6B10 20171109
Avast Win32:Malware-gen 20171109
AVG Win32:Malware-gen 20171109
BitDefender Trojan.GenericKD.12544784 20171109
ClamAV Win.Packer.VbPack-0-6334882-0 20171109
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20171016
Cylance Unsafe 20171109
Cyren W32/Fareit.BL.gen!Eldorado 20171109
DrWeb Trojan.PWS.Siggen2.1886 20171109
Emsisoft Trojan.GenericKD.12544784 (B) 20171109
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Injector.DTGR 20171109
F-Prot W32/Fareit.BL.gen!Eldorado 20171109
F-Secure Trojan.GenericKD.12544784 20171109
Fortinet W32/GenKryptik.BANO!tr 20171109
GData Trojan.GenericKD.12544784 20171109
Ikarus Win32.Outbreak 20171109
Sophos ML heuristic 20170914
Kaspersky Trojan-PSW.Win32.Fareit.djbg 20171109
Malwarebytes Spyware.LokiBot 20171109
MAX malware (ai score=81) 20171109
McAfee Artemis!73A5E22C08A0 20171109
McAfee-GW-Edition BehavesLike.Win32.Fareit.cc 20171109
eScan Trojan.GenericKD.12544784 20171109
Qihoo-360 HEUR/QVM03.0.0AD4.Malware.Gen 20171109
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/FareitVB-M 20171109
Symantec Downloader.Ponik 20171108
TrendMicro TROJ_GEN.R020C0RK817 20171109
TrendMicro-HouseCall TROJ_GEN.R020C0RK817 20171109
ZoneAlarm by Check Point Trojan-PSW.Win32.Fareit.djbg 20171109
AegisLab 20171109
Alibaba 20170911
ALYac 20171109
Antiy-AVL 20171103
Avast-Mobile 20171108
Avira (no cloud) 20171109
AVware 20171109
Baidu 20171109
Bkav 20171108
CAT-QuickHeal 20171108
CMC 20171104
Comodo 20171109
Cybereason 20171030
eGambit 20171109
Jiangmin 20171109
K7AntiVirus 20171109
K7GW 20171109
Kingsoft 20171109
Microsoft 20171109
NANO-Antivirus 20171109
nProtect 20171109
Palo Alto Networks (Known Signatures) 20171109
Panda 20171108
Rising 20171109
SUPERAntiSpyware 20171109
Symantec Mobile Insight 20171107
Tencent 20171109
TheHacker 20171102
Trustlook 20171109
VBA32 20171108
VIPRE 20171109
ViRobot 20171109
Webroot 20171109
WhiteArmor 20171104
Yandex 20171108
Zillya 20171108
Zoner 20171109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Jollo_9

Product Jollo_9
Original name Behndig3.exe
Internal name Behndig3
File version 9.02.0002
Description Jollo_9
Comments Jollo_9
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-06 20:51:46
Entry Point 0x000011C0
Number of sections 3
PE sections
PE imports
[+] MSVBVM60.DLL
_adj_fdiv_m32
__vbaChkstk
__vbaCyI4
__vbaStrCmp
__vbaI4Cy
_adj_fdivr_m64
_adj_fprem
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
__vbaCyAdd
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaCySub
_adj_fdiv_m64
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
_allmul
EVENT_SINK_Release
EVENT_SINK_QueryInterface
_adj_fptan
_CItan
__vbaFpCmpCy
_CIcos
_CIatan
__vbaFreeStr
_adj_fdivr_m32i
_CIexp
_adj_fprem1
_adj_fdivr_m32
__vbaFreeStrList
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Jollo_9

SubsystemVersion
4.0

Comments
Jollo_9

LinkerVersion
6.0

ImageVersion
9.2

FileSubtype
0

FileVersionNumber
9.2.0.2

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Jollo_9

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x11c0

OriginalFileName
Behndig3.exe

MIMEType
application/octet-stream

LegalCopyright
Jollo_9

FileVersion
9.02.0002

TimeStamp
2017:11:06 21:51:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Behndig3

ProductVersion
9.02.0002

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
HecKIN

CodeSize
114688

ProductName
Jollo_9

ProductVersionNumber
9.2.0.2

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 73a5e22c08a08f7dc521b16d47cc289d
SHA1 6a67b5844f6fe389e86855f1c72a6a6867ac6720
SHA256 451dd681e794e39d4897b560c6ba8dfc5216736bef8285771c1bc55c1467c836
ssdeep
1536:aH8sagHaQ7izdo1C3gU4qSZx5G6+u5kjQs1BJ27kM+vriVNJnWWbO3cE/Tdbrega:KHaQmzm/Zi6+XK7lNJnxbP0xHegtDBK

authentihash 204a14179ce966b7b65e153732e0e1197cb2e007d5c265582d14520b97b527c6
imphash 0bf9b3ceb3d842c7986a6703b72ce0f9
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-09 05:16:19 UTC ( 1 year, 5 months ago )
Last submission 2017-11-09 05:27:07 UTC ( 1 year, 5 months ago )
File names Behndig3.exe
1000-6a67b5844f6fe389e86855f1c72a6a6867ac6720
Quotation05.exe
Quotation05.exe
Behndig3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | Contact us | ToS | Privacy policy