× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 47c50fb5d82164876c79f21809a0c28092023446e2a278b35be678821663d065
File name: ff1588c29641215d1f53b4164dc3c35d
Detection ratio: 33 / 69
Analysis date: 2019-01-08 10:38:44 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40871997 20190108
ALYac Trojan.GenericKD.40871997 20190108
Antiy-AVL Trojan/Win32.Khalesi 20190108
Arcabit Trojan.Generic.D26FA83D 20190108
Avira (no cloud) TR/Khalesi.ahqwc 20190107
BitDefender Trojan.GenericKD.40871997 20190108
CAT-QuickHeal Trojan.Tiggre 20190107
Comodo Malware@#wkiw5n12712r 20190108
Cylance Unsafe 20190108
Cyren W32/GenBl.FF1588C2!Olympus 20190108
Emsisoft Trojan.GenericKD.40871997 (B) 20190108
F-Secure Trojan.GenericKD.40873129 20190108
Fortinet W32/Khalesi.MKD!tr 20190108
GData Trojan.GenericKD.40871997 20190108
Ikarus Trojan.Khalesi 20190108
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190108
K7GW Riskware ( 0040eff71 ) 20190108
Kaspersky Trojan.Win32.Khalesi.mkd 20190108
MAX malware (ai score=100) 20190108
McAfee Artemis!FF1588C29641 20190108
McAfee-GW-Edition Artemis!Trojan 20190108
eScan Trojan.GenericKD.40871997 20190108
Palo Alto Networks (Known Signatures) generic.ml 20190108
Panda Trj/CI.A 20190107
Rising Trojan.Khalesi!8.F103 (CLOUD) 20190108
Sophos AV Mal/Generic-S 20190108
Symantec ML.Attribute.HighConfidence 20190108
VBA32 Trojan.Khalesi 20190108
Webroot W32.Rogue.Gen 20190108
Yandex Trojan.Khalesi! 20181229
Zillya Trojan.Khalesi.Win32.6306 20190105
ZoneAlarm by Check Point Trojan.Win32.Khalesi.mkd 20190108
Acronis 20181227
AegisLab 20190108
AhnLab-V3 20190108
Alibaba 20180921
Avast 20190108
Avast-Mobile 20190107
AVG 20190108
Babable 20180918
Baidu 20190108
Bkav 20190108
ClamAV 20190107
CMC 20190107
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
DrWeb 20190108
eGambit 20190108
Endgame 20181108
ESET-NOD32 20190108
F-Prot 20190108
Jiangmin 20190108
Kingsoft 20190108
Malwarebytes 20190108
Microsoft 20190108
NANO-Antivirus 20190108
Qihoo-360 20190108
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190102
TACHYON 20190108
Tencent 20190108
TheHacker 20190106
Trapmine 20190103
TrendMicro 20190108
TrendMicro-HouseCall 20190108
Trustlook 20190108
ViRobot 20190108
Zoner 20190108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2018 风尚云起文化传媒(北京)有限公司

Product 6789压缩
File version 1.3.10.1
Description 6789压缩
Signature verification Signed file, verified signature
Signing date 3:59 AM 11/16/2018
Signers
[+] 风尚云起文化传媒(北京)有限公司
Status Valid
Issuer WoSign Code Signing CA
Valid from 11:30 AM 03/08/2018
Valid to 11:30 AM 03/08/2019
Valid usage Code Signing, 1.3.6.1.4.1.311.61.1.1
Algorithm sha256RSA
Thumbprint FFF43F9C88A869B7A1161117A2127713B5F44BA1
Serial number 4F 29 27 F8 68 20 C4 6E B0 09 87 7D A2 C1 E4 A7
[+] WoSign Code Signing CA
Status Valid
Issuer Certum Trusted Network CA
Valid from 08:45 AM 11/09/2016
Valid to 08:45 AM 11/09/2026
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 8EE115F1DBDF2F334F3917BBC09C684474A8A65D
Serial number 17 EF 72 B4 15 7D 6F 4B 68 E4 BD D5 75 E5 CC AE
[+] Certum Trusted Network CA
Status Valid
Issuer Certum Trusted Network CA
Valid from 12:07 PM 10/22/2008
Valid to 12:07 PM 12/31/2029
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 07E032E020B72C3F192F0628A2593A19A70F069E
Serial number 04 44 C0
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT NSIS, appended, UTF-8, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-01 00:33:55
Entry Point 0x0000330D
Number of sections 5
PE sections
Overlays
MD5 e9d62279bfebc9df877cb1396e65c14e
File type data
Offset 95232
Size 2770360
Entropy 8.00
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
ExpandEnvironmentStringsA
GetCommandLineA
GlobalLock
GetFullPathNameA
GetModuleHandleA
GetTempPathA
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
MoveFileExA
GetProcAddress
SetEnvironmentVariableA
SetFileAttributesA
FreeLibrary
MoveFileA
CreateProcessA
lstrcpyA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
ShellExecuteExA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
ReleaseDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetWindowTextA
EnableMenuItem
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DrawTextA
DestroyWindow
FillRect
RegisterClassA
CharNextA
CallWindowProcA
GetSystemMenu
EndPaint
CloseClipboard
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 8
RT_DIALOG 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 13
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
UninitializedDataSize
1024

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.3.10.1

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x0000

FileDescription
6789

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Chinese (Simplified)

InitializedDataSize
118784

EntryPoint
0x330d

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2018

FileVersion
1.3.10.1

TimeStamp
2017:08:01 01:33:55+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.3.10.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
25088

ProductName
6789

ProductVersionNumber
1.3.10.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ff1588c29641215d1f53b4164dc3c35d
SHA1 9a48d6fbb725dac4f069228be0e13e124475c7b8
SHA256 47c50fb5d82164876c79f21809a0c28092023446e2a278b35be678821663d065
ssdeep
49152:LwlXGmJI82TVhJbK4cITsH5M7uU/cQ9U7jU7xXIlZtYvFxsKygqQfA:S2Tb/cITcM1cfUe6FhjY

authentihash 628c7e167ec10e0ccda33154b3f2e6e8f236d2b622a2aaba6adf131385a23258
imphash 57e98d9a5a72c8d7ad8fb7a6a58b3daf
File size 2.7 MB ( 2865592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe signed upx overlay

VirusTotal metadata
First submission 2018-12-01 17:00:39 UTC ( 2 months, 2 weeks ago )
Last submission 2019-02-13 02:10:08 UTC ( 1 week ago )
File names output.115161081.txt
6789Zip_125.exe
6789Zip_121.exe
6789Zip_117.exe
6789Zip_126.exe
6789Zip_118.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications