× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4d054b9bb238089b8cda1d9282b19d709096ded94688eabbbdf7afb77ca322c7
File name: Better.exe
Detection ratio: 51 / 66
Analysis date: 2018-03-30 11:53:04 UTC ( 5 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30460908 20180330
AegisLab Uds.Dangerousobject.Multi!c 20180330
AhnLab-V3 Trojan/Win32.Fareit.R223331 20180330
ALYac Trojan.GenericKD.30460908 20180330
Antiy-AVL Trojan[Spy]/Win32.Noon 20180330
Arcabit Trojan.Generic.D1D0CBEC 20180330
Avast Win32:Malware-gen 20180330
AVG Win32:Malware-gen 20180330
Avira (no cloud) TR/Dropper.VB.eipxq 20180330
AVware Trojan.Win32.Generic!BT 20180330
BitDefender Trojan.GenericKD.30460908 20180330
CAT-QuickHeal Trojan.IGENERIC 20180330
Comodo UnclassifiedMalware 20180330
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170201
Cybereason malicious.0a1d3d 20180225
Cylance Unsafe 20180330
Cyren W32/Trojan.BFQ.gen!Eldorado 20180330
DrWeb Trojan.MulDrop8.3138 20180330
Emsisoft Trojan.GenericKD.30460908 (B) 20180330
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win32/Injector.DWUF 20180330
F-Prot W32/Trojan.BFQ.gen!Eldorado 20180330
F-Secure Trojan.GenericKD.30460908 20180329
Fortinet W32/Injector.DWTL!tr 20180330
GData Trojan.GenericKD.30460908 20180330
Ikarus Trojan.Win32.Injector 20180330
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 0052b3de1 ) 20180330
K7GW Trojan ( 0052b3de1 ) 20180330
Kaspersky Trojan-Spy.Win32.Noon.jkl 20180330
Malwarebytes Spyware.LokiBot 20180330
MAX malware (ai score=96) 20180330
McAfee GenericRXEK-ZU!04F41C90A1D3 20180330
McAfee-GW-Edition BehavesLike.Win32.Fareit.gm 20180330
Microsoft Trojan:Win32/Vibem!rfn 20180330
eScan Trojan.GenericKD.30460908 20180330
NANO-Antivirus Trojan.Win32.Noon.ezdwtf 20180330
Palo Alto Networks (Known Signatures) generic.ml 20180330
Panda Trj/GdSda.A 20180330
Qihoo-360 Win32/Trojan.Spy.627 20180330
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/FareitVB-L 20180330
Symantec Packed.Generic.519 20180330
Tencent Win32.Trojan-spy.Noon.Hfg 20180330
TrendMicro TSPY_HPFAREIT.SMVB 20180330
TrendMicro-HouseCall TSPY_HPFAREIT.SMVB 20180330
VBA32 Trojan.MulDrop 20180330
VIPRE Trojan.Win32.Generic!BT 20180330
ViRobot Trojan.Win32.Z.Injector.487424.MP 20180330
Yandex TrojanSpy.Noon! 20180329
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.jkl 20180330
Alibaba 20180330
Avast-Mobile 20180330
Baidu 20180330
Bkav 20180330
ClamAV 20180330
CMC 20180330
eGambit 20180330
Jiangmin 20180330
Kingsoft 20180330
nProtect 20180330
Rising 20180330
SUPERAntiSpyware 20180330
Symantec Mobile Insight 20180311
TheHacker 20180327
Trustlook 20180330
WhiteArmor 20180324
Zillya 20180329
Zoner 20180329
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Hewlett-Packard Co.

Product Filseclab Corporation
Original name Koutrouvelis7.exe
Internal name Koutrouvelis7
File version 4.03
Description AVG Technologies
Comments Epson
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-23 08:01:42
Entry Point 0x000012B0
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaLenVar
EVENT_SINK_Release
__vbaStrCmp
_allmul
Ord(616)
_adj_fdivr_m64
Ord(527)
_adj_fprem
_adj_fpatan
EVENT_SINK_AddRef
Ord(518)
__vbaStrToUnicode
Ord(714)
_adj_fdiv_m32i
Ord(583)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_r
Ord(100)
__vbaVarSetObjAddref
__vbaFreeVar
Ord(562)
__vbaLbound
_adj_fdiv_m64
_CIsin
_CIsqrt
Ord(526)
_CIlog
__vbaVarIdiv
__vbaStrVarVal
_CIcos
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI2Var
__vbaVarDup
__vbaR8Var
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
Ord(608)
__vbaNew2
__vbaR8IntI4
_adj_fdivr_m32i
_CItan
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaVarCopy
__vbaFreeStrList
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Dropbox, Inc.

SubsystemVersion
4.0

Comments
Epson

LinkerVersion
6.0

ImageVersion
4.3

FileSubtype
0

FileVersionNumber
4.3.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
AVG Technologies

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x12b0

OriginalFileName
Koutrouvelis7.exe

MIMEType
application/octet-stream

LegalCopyright
Hewlett-Packard Co.

FileVersion
4.03

TimeStamp
2018:03:23 09:01:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Koutrouvelis7

ProductVersion
4.03

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Xamasoft

CodeSize
471040

ProductName
Filseclab Corporation

ProductVersionNumber
4.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 04f41c90a1d3dad1dda7074ec08ea275
SHA1 ffc6221bd6215be5c4527fad8a20a6434726f40b
SHA256 4d054b9bb238089b8cda1d9282b19d709096ded94688eabbbdf7afb77ca322c7
ssdeep
6144:9RIhTWPvMvdKQPzzAleQWgOxjTAKCKuzL4D8GCsvSm6yXGb5sF4pXZCY0rsUxyF:XIhC3MFKw/Al7WXxjkKMLS+n

authentihash e573e13d02bfa7b45e5786164e8df48629e2a9b3c82736352ea0df5ac47d8951
imphash 4e35e0346bd8fba8c4a1c6c741c39ab9
File size 476.0 KB ( 487424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-24 14:43:34 UTC ( 6 months ago )
Last submission 2018-03-30 11:53:04 UTC ( 5 months, 3 weeks ago )
File names Koutrouvelis7
Koutrouvelis7.exe
2f976b3d134c62fa00d97f326a0e0447d736a07a
Better.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.