× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 470d4327e146877d61f60622994d01c12ff8f9b7a4b6e162d46f4d40dad8dda9
File name: udorm3.exe
Detection ratio: 7 / 66
Analysis date: 2019-03-23 15:56:51 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Kryptik.yyflb 20190323
ESET-NOD32 a variant of Win32/GenKryptik.DDIC 20190323
F-Secure Trojan.TR/Kryptik.yyflb 20190323
Kaspersky Trojan-Spy.Win32.Ursnif.agux 20190323
Malwarebytes Spyware.PasswordStealer 20190323
Rising Malware.Heuristic.MLite(81%) (AI-LITE:JVvSOz7FH3BElnuFdV3bOg) 20190323
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.agux 20190323
Acronis 20190322
Ad-Aware 20190323
AegisLab 20190323
AhnLab-V3 20190323
Alibaba 20190306
ALYac 20190323
Antiy-AVL 20190323
Arcabit 20190323
Avast 20190323
Avast-Mobile 20190323
AVG 20190323
Babable 20180918
Baidu 20190318
BitDefender 20190323
Bkav 20190320
CAT-QuickHeal 20190322
ClamAV 20190323
CMC 20190321
Comodo 20190323
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cyren 20190323
DrWeb 20190323
eGambit 20190323
Emsisoft 20190323
Endgame 20190322
F-Prot 20190323
Fortinet 20190323
GData 20190323
Ikarus 20190323
Sophos ML 20190313
Jiangmin 20190323
K7AntiVirus 20190323
K7GW 20190323
Kingsoft 20190323
MAX 20190323
McAfee 20190323
McAfee-GW-Edition 20190323
Microsoft 20190323
eScan 20190323
NANO-Antivirus 20190323
Palo Alto Networks (Known Signatures) 20190323
Panda 20190323
Qihoo-360 20190323
SentinelOne (Static ML) 20190317
Sophos AV 20190322
SUPERAntiSpyware 20190321
Symantec Mobile Insight 20190220
TACHYON 20190323
Tencent 20190323
TheHacker 20190322
TotalDefense 20190323
Trapmine 20190301
TrendMicro-HouseCall 20190323
Trustlook 20190323
VBA32 20190322
ViRobot 20190323
Yandex 20190321
Zillya 20190322
Zoner 20190323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Leaveprocess
Original name othercountry.exe
Internal name othercountry.exe
File version 5.1.86.22
Description Leaveprocess
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-22 10:11:38
Entry Point 0x00132FC4
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
GetTextMetricsW
SetMapMode
GetWindowOrgEx
GetPaletteEntries
CombineRgn
GetViewportOrgEx
GetObjectType
GetBoundsRect
SetLayout
SetPixel
SetPixelV
DeleteObject
IntersectClipRect
OffsetWindowOrgEx
CreateEllipticRgn
GetTextFaceW
CreatePalette
CreateDIBitmap
SetTextAlign
StretchBlt
ScaleViewportExtEx
SetWindowExtEx
SetBkColor
GetBkColor
SetRectRgn
GetTextCharsetInfo
TextOutW
CreateFontIndirectW
OffsetRgn
CreateRectRgnIndirect
LPtoDP
GetPixel
GetLayout
ExcludeClipRect
OffsetViewportOrgEx
SetBkMode
EnumFontFamiliesW
PtInRegion
BitBlt
FillRgn
FrameRgn
SelectPalette
PtVisible
ExtSelectClipRgn
ScaleWindowExtEx
SetROP2
GetNearestPaletteIndex
SetDIBColorTable
GetTextColor
Escape
SetViewportExtEx
GetWindowExtEx
PatBlt
CreatePen
GetClipBox
Rectangle
GetDeviceCaps
LineTo
DeleteDC
GetSystemPaletteEntries
GetObjectW
CreateDCW
RealizePalette
CreateHatchBrush
CreatePatternBrush
ExtTextOutW
SetPaletteEntries
CreateBitmap
RectVisible
GetStockObject
SelectClipRgn
RoundRect
SetWindowOrgEx
GetViewportExtEx
GetTextExtentPoint32W
CreatePolygonRgn
Polygon
GetRgnBox
SaveDC
RestoreDC
CreateDIBSection
SetTextColor
ExtFloodFill
MoveToEx
EnumFontFamiliesExW
SetViewportOrgEx
CreateRoundRectRgn
CreateCompatibleDC
CreateRectRgn
SelectObject
SetPolyFillMode
CopyMetaFileW
CreateCompatibleBitmap
CreateSolidBrush
Polyline
DPtoLP
Ellipse
ImmReleaseContext
ImmGetContext
ImmGetOpenStatus
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetFileAttributesW
lstrcmpW
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
GetVolumeInformationW
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
WideCharToMultiByte
WriteFile
FormatMessageW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
GetProfileIntW
ResumeThread
InitializeCriticalSection
OutputDebugStringW
GlobalHandle
FindClose
TlsGetValue
GetFullPathNameW
OutputDebugStringA
SetLastError
GetUserDefaultUILanguage
GlobalFindAtomW
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
lstrcmpiW
VerSetConditionMask
SetThreadPriority
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
SetFilePointerEx
GetModuleHandleA
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SearchPathW
GetVersion
GetModuleHandleExW
VirtualQuery
CreateEventW
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetLastError
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
CopyFileW
GlobalSize
UnlockFile
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
CreateDirectoryW
GlobalLock
GetProcessHeap
GetTempFileNameW
CompareStringW
lstrcpyW
GetFileSizeEx
GlobalReAlloc
lstrcmpA
HeapValidate
ResetEvent
FindFirstFileW
DuplicateHandle
GetProcAddress
GlobalAlloc
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GlobalGetAtomNameW
LocalReAlloc
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
HeapQueryInformation
GetCPInfo
HeapSize
RaiseException
SetSystemPowerState
ReadConsoleW
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
IsValidCodePage
FindResourceExW
VirtualFree
Sleep
VirtualAlloc
TransparentBlt
AlphaBlend
AccessibleObjectFromEvent
GetOleaccVersionInfo
CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
VarBstrFromDate
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
LoadTypeLib
SysFreeString
VariantInit
SetupBackupErrorW
SetupFindFirstLineW
SetupRemoveSectionFromDiskSpaceListW
SetupAddInstallSectionToDiskSpaceListW
SetupFindNextLine
SetupCopyErrorW
SetupRemoveInstallSectionFromDiskSpaceListW
SetupAddSectionToDiskSpaceListW
DragQueryFileW
DragFinish
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHAppBarMessage
SHGetFileInfoW
SHGetDesktopFolder
SHBrowseForFolderW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathFindExtensionW
StrFormatKBSizeW
PathStripToRootW
SetFocus
GetForegroundWindow
SetWindowRgn
RedrawWindow
SetMenuItemBitmaps
LoadBitmapW
SetRectEmpty
EnableScrollBar
DestroyMenu
PostQuitMessage
GetMessagePos
DrawStateW
SetWindowPos
GetNextDlgTabItem
IsWindow
GrayStringW
EndPaint
EndDialog
WindowFromPoint
IntersectRect
CharUpperBuffW
SetMenuItemInfoW
SendMessageW
SetActiveWindow
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
DefFrameProcW
GetMenuStringW
GetClientRect
CreateAcceleratorTableW
DefWindowProcW
DrawTextW
SetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
GetKeyboardState
ClientToScreen
GetTopWindow
OpenClipboard
GetWindowTextW
LockWindowUpdate
GetWindowTextLengthW
LoadAcceleratorsW
ScrollWindow
GetMenuItemID
DestroyWindow
DrawEdge
GetClassInfoExW
UpdateWindow
GetPropW
EqualRect
SetClassLongW
GetMenuState
MapVirtualKeyExW
GetMessageW
ShowWindow
DrawFrameControl
GetNextDlgGroupItem
SetPropW
ValidateRect
PeekMessageW
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
MapVirtualKeyW
CharUpperW
GetSystemMenu
CopyImage
TranslateMessage
IsWindowEnabled
GetWindow
GetMenuDefaultItem
SetMenuDefaultItem
GetIconInfo
SetParent
RegisterClassW
IsZoomed
GetWindowPlacement
DrawMenuBar
IsCharLowerW
EnableMenuItem
InvertRect
GetSubMenu
CreateMenu
UnhookWinEvent
GetActiveWindow
IsDialogMessageW
FillRect
MonitorFromPoint
CopyRect
DeferWindowPos
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetUpdateRect
PtInRect
IsChild
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
ReleaseCapture
IsIconic
BeginPaint
OffsetRect
DefMDIChildProcW
GetScrollPos
CopyIcon
KillTimer
TrackMouseEvent
GetComboBoxInfo
GetParent
ToUnicodeEx
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
SetCapture
DrawIcon
IsMenu
GetScrollRange
ShowOwnedPopups
PostMessageW
InvalidateRect
CheckDlgButton
WaitMessage
CreatePopupMenu
CheckMenuItem
DrawFocusRect
GetClassLongW
GetLastActivePopup
DrawIconEx
GetMessageTime
SetWindowTextW
SetTimer
GetDlgItem
RemovePropW
SetCursor
BringWindowToTop
ScreenToClient
GetAsyncKeyState
TrackPopupMenu
PostThreadMessageW
GetMenuItemCount
DestroyAcceleratorTable
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
LoadIconW
ReuseDDElParam
DispatchMessageW
InsertMenuW
SetForegroundWindow
NotifyWinEvent
GetMenuItemInfoW
EmptyClipboard
CreateDialogIndirectParamW
ReleaseDC
DrawTextExW
SetLayeredWindowAttributes
GetScrollInfo
HideCaret
GetKeyboardLayout
ModifyMenuW
GetCapture
MessageBeep
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
GetSysColorBrush
ShowScrollBar
MessageBoxW
GetMenu
SetMenu
MoveWindow
AppendMenuW
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
EndDeferWindowPos
GetWindowRgn
UpdateLayeredWindow
GetDoubleClickTime
SetClipboardData
DestroyIcon
EnumDisplayMonitors
BeginDeferWindowPos
WinHelpW
SubtractRect
UnpackDDElParam
SetCursorPos
SystemParametersInfoW
UnionRect
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
GetKeyNameTextW
CallWindowProcW
GetClassNameW
GetClassInfoW
IsRectEmpty
CopyAcceleratorTableW
GetFocus
InsertMenuItemW
CloseClipboard
IsWindowVisible
TranslateAcceleratorW
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
IsAppThemed
GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
DrawThemeText
OpenThemeData
DrawThemeParentBackground
CloseThemeData
DrawThemeBackground
GetThemeColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
PlaySoundW
timeBeginPeriod
GetPrinterW
ClosePrinter
DocumentPropertiesW
GetJobW
OpenPrinterW
GdipBitmapLockBits
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipGetImagePalette
GdipDisposeImage
GdipBitmapUnlockBits
GdiplusStartup
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipGetImageWidth
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipGetImagePaletteSize
GdipDrawImageI
GdipDrawImageRectI
GdipSetInterpolationMode
GdipFree
GdipGetImageHeight
GdipCloneImage
GdipGetImageGraphicsContext
CreateStreamOnHGlobal
OleLockRunning
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoLockObjectExternal
IsAccelerator
OleTranslateAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
ReleaseStgMedium
DoDragDrop
RevokeDragDrop
CoDisconnectObject
OleDuplicateData
OleGetClipboard
CoInitializeEx
CoCreateInstance
CoTaskMemFree
RegisterDragDrop
Number of PE resources by type
RT_ICON 9
RT_STRING 2
RT_VERSION 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 14
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.86.22

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Leaveprocess

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1032192

EntryPoint
0x132fc4

OriginalFileName
othercountry.exe

MIMEType
application/octet-stream

FileVersion
5.1.86.22

TimeStamp
2014:03:22 11:11:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
othercountry.exe

ProductVersion
5.1.86.22

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Pfizer

CodeSize
1406464

ProductName
Leaveprocess

ProductVersionNumber
5.1.86.22

FileTypeExtension
exe

ObjectFileType
Executable application

Anger
14

File identification
MD5 e9c2b6b04c426c655a08ad15dab8526e
SHA1 c4fd1eb61fd42df28c456990a921e5e1a9389a8c
SHA256 470d4327e146877d61f60622994d01c12ff8f9b7a4b6e162d46f4d40dad8dda9
ssdeep
49152:C9JbOq/wCTyA0x8gfxXuNfz3dps6rnAt4TeUgA0n9SxvIycIdYWxvd:ybOq/wrA07fQNfrdpspt4TeUgA0n9SxZ

authentihash e56ceaa587599dba24fd9b389847d3f63dfa6464c595df383c3176636b56c580
imphash 787a5a1ae189312e8053076b4d043ddf
File size 2.2 MB ( 2327552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-23 15:56:51 UTC ( 1 month, 3 weeks ago )
Last submission 2019-03-23 15:56:51 UTC ( 1 month, 3 weeks ago )
File names othercountry.exe
udorm3.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!