× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4a8a88c8dbd44b43a94c0a6a6856d7530ac189ceb5c672dc92398785e8ef972f
File name: prince.exe
Detection ratio: 16 / 69
Analysis date: 2018-10-01 00:16:04 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
AVware VirTool.Win32.VBInject.acn (v) 20180925
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180723
Cylance Unsafe 20181001
Cyren W32/VBKrypt.EU.gen!Eldorado 20180930
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CMRH 20181001
F-Prot W32/VBKrypt.EU.gen!Eldorado 20180930
Sophos ML heuristic 20180717
McAfee Artemis!526590B40952 20180930
McAfee-GW-Edition Artemis!Trojan 20180930
Microsoft Trojan:Win32/Fuerboos.C!cl 20180930
Palo Alto Networks (Known Signatures) generic.ml 20181001
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181001
SentinelOne (Static ML) static engine - malicious 20180926
Symantec ML.Attribute.HighConfidence 20180930
VIPRE VirTool.Win32.VBInject.acn (v) 20180930
Ad-Aware 20180930
AegisLab 20180930
AhnLab-V3 20180930
Alibaba 20180921
ALYac 20181001
Antiy-AVL 20181001
Arcabit 20181001
Avast 20180930
Avast-Mobile 20180928
AVG 20180930
Avira (no cloud) 20180930
Babable 20180918
Baidu 20180930
BitDefender 20181001
Bkav 20180928
CAT-QuickHeal 20180930
ClamAV 20180930
CMC 20180930
Comodo 20180930
Cybereason 20180225
DrWeb 20180930
eGambit 20181001
Emsisoft 20180930
F-Secure 20181001
Fortinet 20180930
GData 20180930
Ikarus 20180930
Jiangmin 20180930
K7AntiVirus 20180930
K7GW 20180930
Kaspersky 20181001
Kingsoft 20181001
Malwarebytes 20180930
MAX 20181001
eScan 20180930
NANO-Antivirus 20181001
Panda 20180930
Qihoo-360 20181001
Sophos AV 20180930
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180930
Tencent 20181001
TheHacker 20180927
TotalDefense 20180930
TrendMicro 20181001
TrendMicro-HouseCall 20180930
Trustlook 20181001
VBA32 20180928
ViRobot 20180930
Webroot 20181001
Yandex 20180927
Zillya 20180928
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product CSUE
Original name Torrentless.exe
Internal name Torrentless
File version 3.08
Comments dtELLAR STa
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 4:29 PM 2/14/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-08 10:14:00
Entry Point 0x000013C4
Number of sections 3
PE sections
Overlays
MD5 1ac1430ea55dc2813f4d9ac36eb01a47
File type data
Offset 528384
Size 4408
Entropy 7.58
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(523)
Ord(645)
_CIcos
__vbaRedim
Ord(521)
__vbaI4Cy
__vbaStrMove
_adj_fdivr_m64
__vbaFpUI1
_adj_fprem
EVENT_SINK_AddRef
__vbaLenBstr
Ord(525)
Ord(545)
_adj_fpatan
__vbaFreeObjList
Ord(650)
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(546)
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaAryLock
EVENT_SINK_Release
Ord(581)
_adj_fdiv_r
Ord(100)
__vbaDerefAry1
__vbaFreeVar
Ord(544)
__vbaObjSetAddref
_CItan
__vbaDateVar
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
_allmul
__vbaStrVarVal
__vbaLsetFixstr
Ord(713)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI2Var
Ord(610)
Ord(537)
__vbaObjSet
__vbaFpI4
__vbaAryUnlock
__vbaVarMove
Ord(646)
__vbaErrorOverflow
_CIatan
Ord(540)
__vbaNew2
__vbaR8IntI4
__vbaFpCSngR4
__vbaOnError
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
Ord(685)
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFPFix
__vbaFreeStrList
Ord(609)
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
503808

SubsystemVersion
4.0

Comments
dtELLAR STa

InitializedDataSize
20480

ImageVersion
3.8

FileSubtype
0

FileVersionNumber
3.8.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x13c4

OriginalFileName
Torrentless.exe

MIMEType
application/octet-stream

FileVersion
3.08

TimeStamp
2014:02:08 11:14:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Torrentless

ProductVersion
3.08

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
HHE PIDGIn communITY

LegalTrademarks
sySTEMS FNE.

ProductName
CSUE

ProductVersionNumber
3.8.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 526590b40952669813167f1f0bfa6f28
SHA1 b354ac7d365c6e5c2233cb09b0b163cd06ad2905
SHA256 4a8a88c8dbd44b43a94c0a6a6856d7530ac189ceb5c672dc92398785e8ef972f
ssdeep
6144:CmHMaMSFkSKry5XuNcED9jtWYcifb9nWC7EEqiNVC8xHq/jsjjF+Stxt:hsrSGSKykWo9kYZJnWYbVfx/+St3

authentihash c8ebe963541182658f5e9989591d741914ed8567e815294d61df1b77641d64f7
imphash d80f80e391697e99ab9bce1ad7a036cc
File size 520.3 KB ( 532792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-09-30 21:57:00 UTC ( 6 months, 2 weeks ago )
Last submission 2018-09-30 21:57:00 UTC ( 6 months, 2 weeks ago )
File names Torrentless.exe
prince.exe
Torrentless
prince.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.