× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c30d7e53a23a84b0d3e41a2e05d95b1c4f119dfd12c357caf2647ea0506ace1
File name: ITbbHZs0X.exe
Detection ratio: 42 / 67
Analysis date: 2019-03-18 15:49:25 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190318
Ad-Aware Trojan.Autoruns.GenericKDS.41120750 20190318
AhnLab-V3 Malware/Win32.Trojanspy.C3104510 20190318
ALYac Trojan.Autoruns.GenericKDS.41120750 20190318
Arcabit Trojan.Autoruns.GenericS.D27373EE 20190318
Avast Win32:BankerX-gen [Trj] 20190318
AVG Win32:BankerX-gen [Trj] 20190318
Avira (no cloud) TR/Kryptik.czoeq 20190318
BitDefender Trojan.Autoruns.GenericKDS.41120750 20190318
ClamAV Win.Malware.Emotet-6896879-0 20190318
Comodo Malware@#2yux9gpxl4m4 20190318
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cyren W32/Trojan.OQJI-7511 20190318
DrWeb Trojan.Emotet.652 20190318
Emsisoft Trojan.Autoruns.GenericKDS.41120750 (B) 20190318
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GQZI 20190318
Fortinet W32/Emotet.DCSB!tr 20190318
GData Trojan.Autoruns.GenericKDS.41120750 20190318
Ikarus Trojan.Win32.Krypt 20190318
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 00549ffd1 ) 20190318
Kaspersky Trojan-Banker.Win32.Emotet.couf 20190318
Malwarebytes Trojan.Emotet 20190318
MAX malware (ai score=81) 20190318
McAfee Emotet-FMI!8A5F1E3EAED5 20190318
McAfee-GW-Edition Emotet-FMI!8A5F1E3EAED5 20190318
Microsoft Trojan:Win32/Emotet.AC!bit 20190318
eScan Trojan.Autoruns.GenericKDS.41120750 20190318
NANO-Antivirus Trojan.Win32.Emotet.fochts 20190318
Palo Alto Networks (Known Signatures) generic.ml 20190318
Panda Trj/GdSda.A 20190318
Qihoo-360 HEUR/QVM20.1.E35B.Malware.Gen 20190318
Rising Trojan.Kryptik!8.8 (CLOUD) 20190318
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/Emotet-Q 20190318
Tencent Win32.Trojan.Falsesign.Ebhf 20190318
Trapmine malicious.moderate.ml.score 20190301
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SMF 20190318
VBA32 BScope.Malware-Cryptor.Emotet 20190318
VIPRE Trojan.Win32.Generic!BT 20190317
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.couf 20190318
AegisLab 20190318
Alibaba 20190306
Antiy-AVL 20190318
Avast-Mobile 20190317
Babable 20180918
Baidu 20190318
Bkav 20190318
CAT-QuickHeal 20190318
CMC 20190318
Cybereason 20190109
eGambit 20190318
F-Prot 20190318
F-Secure 20190318
Jiangmin 20190318
K7GW 20190315
Kingsoft 20190318
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190318
TheHacker 20190315
TotalDefense 20190318
Trustlook 20190318
ViRobot 20190318
Yandex 20190317
Zillya 20190315
Zoner 20190318
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) Copyright 2016 StationPlaylist.com

Product StationPlaylist Recorder
Original name SPLRecorder.exe
File version 5.2.0.4
Description StationPlaylist Recorder
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 12:17 AM 4/1/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-16 19:12:48
Entry Point 0x00001730
Number of sections 4
PE sections
Overlays
MD5 fd5e0f20670a559eebf5344befcb98e8
File type data
Offset 239104
Size 3336
Entropy 7.34
PE imports
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetStdHandle
FileTimeToSystemTime
GetOverlappedResult
SetEvent
HeapDestroy
EncodePointer
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
lstrcatW
InitializeSListHead
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ResumeThread
SetFileAttributesA
GetOEMCP
LocalFree
FormatMessageW
ConnectNamedPipe
InitializeCriticalSection
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
TlsGetValue
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
GetPrivateProfileStringA
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
DisconnectNamedPipe
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ClearCommError
ExitThread
DecodePointer
TerminateProcess
GetModuleHandleExW
GetCommState
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CallNamedPipeW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
WaitForMultipleObjects
GetCommProperties
CreateDirectoryA
GetDateFormatW
GetStartupInfoW
GetProcAddress
GetSystemInfo
GetProcessHeap
GetTimeFormatW
lstrcpyW
lstrcmpA
FindNextFileW
lstrcpyA
GetTimeFormatA
DuplicateHandle
FindFirstFileExW
GetUserDefaultLCID
SetCommTimeouts
CreateEventW
SetCommState
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LocalReAlloc
LCMapStringW
CreateNamedPipeW
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
VirtualQuery
lstrlenW
VirtualFree
SetupComm
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
SuspendThread
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
OpenEventW
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
ResetEvent
Shell_NotifyIconW
GetWindowThreadProcessId
SendMessageTimeoutA
LoadStringA
GetTopWindow
MessageBoxA
SetForegroundWindow
Number of PE resources by type
RT_STRING 20
RT_BITMAP 13
RT_GROUP_CURSOR 9
RT_CURSOR 9
RT_RCDATA 5
RT_DIALOG 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 56
ENGLISH NZ 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.2.0.4

LanguageCode
Unknown (1409)

FileFlagsMask
0x003f

FileDescription
StationPlaylist Recorder

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
115200

EntryPoint
0x1730

OriginalFileName
SPLRecorder.exe

MIMEType
application/octet-stream

LegalCopyright
(c) Copyright 2016 StationPlaylist.com

FileVersion
5.2.0.4

TimeStamp
2019:03:16 20:12:48+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5.2

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
StationPlaylist.com

CodeSize
122880

ProductName
StationPlaylist Recorder

ProductVersionNumber
5.2.0.4

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8a5f1e3eaed520e61cbbc7e86e8d0659
SHA1 d8f75fc83eeeaefbf88257648c6d503e2a978a62
SHA256 4c30d7e53a23a84b0d3e41a2e05d95b1c4f119dfd12c357caf2647ea0506ace1
ssdeep
3072:XOp/0A48k2GgrQCz+VGUbqPM902ypydViXIatI5fRSyHlVKC:OM9b29z+VGUQM9UpQDQySi

authentihash af400f9473f7802c54f0d2d36f39719b100addcff907ed93584e94ea5fa7d444
imphash c515b1046df6db9c24cef2264fc28ff6
File size 236.8 KB ( 242440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-16 19:22:27 UTC ( 2 months, 1 week ago )
Last submission 2019-03-22 03:18:07 UTC ( 2 months ago )
File names SPLRecorder.exe
ITbbHZs0X.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections