× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4d054b9bb238089b8cda1d9282b19d709096ded94688eabbbdf7afb77ca322c7
File name: 2f976b3d134c62fa00d97f326a0e0447d736a07a
Detection ratio: 25 / 67
Analysis date: 2018-03-24 14:43:34 UTC ( 11 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Fareit.R223331 20180324
Avira (no cloud) TR/Dropper.VB.eipxq 20180324
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170201
Cybereason malicious.0a1d3d 20180225
Cylance Unsafe 20180324
Cyren W32/Fareit.EM.gen!Eldorado 20180324
DrWeb Trojan.MulDrop8.3138 20180324
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win32/Injector.DWUF 20180324
F-Prot W32/Fareit.EM.gen!Eldorado 20180324
Fortinet W32/Injector.DWTL!tr 20180324
GData Win32.Trojan.Agent.03R5WF 20180324
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180324
Malwarebytes Spyware.LokiBot 20180324
McAfee Artemis!04F41C90A1D3 20180324
McAfee-GW-Edition BehavesLike.Win32.Fareit.gm 20180324
Palo Alto Networks (Known Signatures) generic.ml 20180324
Qihoo-360 HEUR/QVM03.0.0976.Malware.Gen 20180324
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/FareitVB-M 20180324
Symantec Trojan.Gen.2 20180323
TrendMicro TSPY_HPLOKI.SMVB 20180324
TrendMicro-HouseCall TSPY_HPFAREIT.SM1 20180324
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180324
Ad-Aware 20180324
AegisLab 20180324
Alibaba 20180323
ALYac 20180324
Antiy-AVL 20180324
Arcabit 20180324
Avast 20180324
Avast-Mobile 20180324
AVG 20180324
AVware 20180324
Baidu 20180323
BitDefender 20180324
Bkav 20180322
CAT-QuickHeal 20180323
ClamAV 20180324
CMC 20180324
Comodo 20180324
eGambit 20180324
Emsisoft 20180324
F-Secure 20180324
Ikarus 20180324
Jiangmin 20180324
K7AntiVirus 20180324
K7GW 20180324
Kingsoft 20180324
MAX 20180324
Microsoft 20180324
eScan 20180324
NANO-Antivirus 20180324
nProtect 20180324
Panda 20180324
Rising 20180324
SUPERAntiSpyware 20180324
Symantec Mobile Insight 20180311
Tencent 20180324
TheHacker 20180319
TotalDefense 20180324
Trustlook 20180324
VBA32 20180323
VIPRE 20180324
ViRobot 20180324
WhiteArmor 20180324
Yandex 20180324
Zillya 20180323
Zoner 20180324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Hewlett-Packard Co.

Product Filseclab Corporation
Original name Koutrouvelis7.exe
Internal name Koutrouvelis7
File version 4.03
Description AVG Technologies
Comments Epson
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-23 08:01:42
Entry Point 0x000012B0
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaLenVar
EVENT_SINK_Release
__vbaStrCmp
_allmul
Ord(616)
_adj_fdivr_m64
Ord(527)
_adj_fprem
_adj_fpatan
EVENT_SINK_AddRef
Ord(518)
__vbaStrToUnicode
Ord(714)
_adj_fdiv_m32i
Ord(583)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_r
Ord(100)
__vbaVarSetObjAddref
__vbaFreeVar
Ord(562)
__vbaLbound
_adj_fdiv_m64
_CIsin
_CIsqrt
Ord(526)
_CIlog
__vbaVarIdiv
__vbaStrVarVal
_CIcos
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI2Var
__vbaVarDup
__vbaR8Var
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
Ord(608)
__vbaNew2
__vbaR8IntI4
_adj_fdivr_m32i
_CItan
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaVarCopy
__vbaFreeStrList
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Dropbox, Inc.

SubsystemVersion
4.0

Comments
Epson

LinkerVersion
6.0

ImageVersion
4.3

FileSubtype
0

FileVersionNumber
4.3.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
AVG Technologies

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x12b0

OriginalFileName
Koutrouvelis7.exe

MIMEType
application/octet-stream

LegalCopyright
Hewlett-Packard Co.

FileVersion
4.03

TimeStamp
2018:03:23 09:01:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Koutrouvelis7

ProductVersion
4.03

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Xamasoft

CodeSize
471040

ProductName
Filseclab Corporation

ProductVersionNumber
4.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 04f41c90a1d3dad1dda7074ec08ea275
SHA1 ffc6221bd6215be5c4527fad8a20a6434726f40b
SHA256 4d054b9bb238089b8cda1d9282b19d709096ded94688eabbbdf7afb77ca322c7
ssdeep
6144:9RIhTWPvMvdKQPzzAleQWgOxjTAKCKuzL4D8GCsvSm6yXGb5sF4pXZCY0rsUxyF:XIhC3MFKw/Al7WXxjkKMLS+n

authentihash e573e13d02bfa7b45e5786164e8df48629e2a9b3c82736352ea0df5ac47d8951
imphash 4e35e0346bd8fba8c4a1c6c741c39ab9
File size 476.0 KB ( 487424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-24 14:43:34 UTC ( 11 months ago )
Last submission 2018-03-30 11:53:04 UTC ( 10 months, 4 weeks ago )
File names Koutrouvelis7
Koutrouvelis7.exe
2f976b3d134c62fa00d97f326a0e0447d736a07a
Better.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.