× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c8a472d658ec51a4e81413b2fe81db614fc3676d69ad6eff621fa46ae4c0b07
File name: output.114530120.txt
Detection ratio: 8 / 68
Analysis date: 2018-11-24 14:48:29 UTC ( 5 months, 4 weeks ago ) View latest
Antivirus Result Update
Cylance Unsafe 20181124
eGambit PE.Heur.InvalidSig 20181124
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181108
Kaspersky UDS:DangerousObject.Multi.Generic 20181124
Qihoo-360 HEUR/QVM03.0.6C01.Malware.Gen 20181124
Trapmine malicious.high.ml.score 20180918
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181124
Ad-Aware 20181124
AegisLab 20181124
AhnLab-V3 20181124
Alibaba 20180921
Antiy-AVL 20181124
Arcabit 20181124
Avast 20181124
Avast-Mobile 20181124
AVG 20181124
Avira (no cloud) 20181124
Babable 20180918
Baidu 20181123
BitDefender 20181124
Bkav 20181123
CAT-QuickHeal 20181124
ClamAV 20181124
CMC 20181124
Comodo 20181124
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cyren 20181124
DrWeb 20181124
Emsisoft 20181124
ESET-NOD32 20181124
F-Prot 20181124
F-Secure 20181124
Fortinet 20181124
GData 20181124
Ikarus 20181124
Jiangmin 20181124
K7AntiVirus 20181124
K7GW 20181124
Kingsoft 20181124
Malwarebytes 20181124
MAX 20181124
McAfee 20181124
McAfee-GW-Edition 20181124
Microsoft 20181124
eScan 20181124
NANO-Antivirus 20181124
Palo Alto Networks (Known Signatures) 20181124
Panda 20181124
Rising 20181124
SentinelOne (Static ML) 20181011
Sophos AV 20181124
SUPERAntiSpyware 20181121
Symantec 20181123
Symantec Mobile Insight 20181121
TACHYON 20181124
Tencent 20181124
TheHacker 20181118
TotalDefense 20181124
TrendMicro 20181124
TrendMicro-HouseCall 20181124
Trustlook 20181124
VBA32 20181123
ViRobot 20181124
Webroot 20181124
Yandex 20181123
Zillya 20181123
Zoner 20181124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2018 Bater Batts LLOIP

Product Digital Factory for Process Databases
Original name clone1.exe
Internal name clone1
File version 15.02.0014
Description Digital Factory for Process Databases
Comments otehakeyeviqivopeker
Signature verification The digital signature of the object did not verify.
Signing date 7:43 AM 2/7/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-02-04 11:01:30
Entry Point 0x00001344
Number of sections 3
PE sections
Overlays
MD5 5b98c102f83c69b6632a6d15afeb1fa6
File type data
Offset 585728
Size 14368
Entropy 7.25
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
EVENT_SINK_QueryInterface
Ord(521)
_allmul
_CIsin
Ord(616)
_adj_fdivr_m64
_adj_fprem
Ord(617)
_adj_fpatan
EVENT_SINK_AddRef
Ord(693)
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaStrCopy
Ord(673)
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
__vbaLateMemCall
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
Ord(606)
__vbaFreeVar
__vbaVarTstNe
__vbaLateMemCallLd
Ord(619)
__vbaAryConstruct2
_adj_fdiv_m64
Ord(574)
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
__vbaVarSub
_CIlog
__vbaLenBstrB
__vbaInStrVar
_CIcos
Ord(595)
__vbaVarTstEq
_adj_fptan
_CItan
Ord(537)
__vbaI4Var
__vbaVarMove
Ord(646)
_CIatan
Ord(608)
__vbaNew2
__vbaR8IntI4
Ord(660)
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFPFix
__vbaVarCopy
__vbaVarDup
__vbaFreeStr
_adj_fdiv_m16i
__vbaExceptHandler
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
otehakeyeviqivopeker

LinkerVersion
6.0

ImageVersion
15.2

FileSubtype
0

FileVersionNumber
15.2.0.14

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Digital Factory for Process Databases

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x1344

OriginalFileName
clone1.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018 Bater Batts LLOIP

FileVersion
15.02.0014

TimeStamp
2006:02:04 12:01:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
clone1

ProductVersion
15.02.0014

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bater Batts LLOIP

CodeSize
565248

ProductName
Digital Factory for Process Databases

ProductVersionNumber
15.2.0.14

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 c50124240410641182ec735cc8ee9b9a
SHA1 17564c7bfad1d4066d3b07e686a2d4f9b9415f6a
SHA256 4c8a472d658ec51a4e81413b2fe81db614fc3676d69ad6eff621fa46ae4c0b07
ssdeep
12288:MEIRV1Vfq4TiofybZh+J4wK/IZOnSwbjvFNxhG9HJXDwybHxUvqSgfxvuDO71O6D:MEIRV1VPTioqbZh+OwK/IZOnSwbDFNxs

authentihash a5169ec0aefdaafdd61df7f84ad670db7336bd3c8d8438f6994bd212d81b1f35
imphash 1a2c66301c801248ae5faf3bb4ee9795
File size 586.0 KB ( 600096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-11-24 14:28:04 UTC ( 5 months, 4 weeks ago )
Last submission 2018-11-28 10:22:24 UTC ( 5 months, 3 weeks ago )
File names clone1.exe
c50124240410641182ec735cc8ee9b9a
output.114530120.txt
r1.exe
clone1
c50124240410641182ec735cc8ee9b9a
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.