× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4ef58904172d664a9cdc944db93c6db2f3e0db84bcf78a4e01458d3ae7e3d918
File name: 89h766b.exe
Detection ratio: 2 / 56
Analysis date: 2016-03-21 15:48:09 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160321
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160321
Ad-Aware 20160321
AegisLab 20160321
Yandex 20160316
AhnLab-V3 20160321
Alibaba 20160321
ALYac 20160321
Antiy-AVL 20160321
Arcabit 20160321
Avast 20160321
AVG 20160321
Avira (no cloud) 20160321
AVware 20160321
Baidu 20160318
Baidu-International 20160321
BitDefender 20160321
Bkav 20160321
ByteHero 20160321
CAT-QuickHeal 20160321
ClamAV 20160319
CMC 20160316
Comodo 20160321
Cyren 20160321
DrWeb 20160321
Emsisoft 20160321
ESET-NOD32 20160321
F-Prot 20160321
F-Secure 20160321
Fortinet 20160321
GData 20160321
Ikarus 20160321
Jiangmin 20160321
K7AntiVirus 20160321
K7GW 20160321
Kaspersky 20160321
Malwarebytes 20160321
McAfee 20160321
McAfee-GW-Edition 20160321
Microsoft 20160321
eScan 20160321
NANO-Antivirus 20160321
nProtect 20160321
Panda 20160321
Sophos AV 20160321
SUPERAntiSpyware 20160321
Symantec 20160321
Tencent 20160321
TheHacker 20160320
TrendMicro 20160321
TrendMicro-HouseCall 20160321
VBA32 20160321
VIPRE 20160321
ViRobot 20160321
Zillya 20160320
Zoner 20160321
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-04-23 12:32:28
Entry Point 0x0001FBFA
Number of sections 4
PE sections
PE imports
GetKernelObjectSecurity
RegEnumKeyW
RegisterServiceCtrlHandlerA
RegOpenKeyExW
GetAce
SetSecurityDescriptorSacl
GetTextCharsetInfo
Polygon
GetSystemPaletteEntries
GetWindowOrgEx
OffsetRgn
CreatePen
LPtoDP
CombineRgn
GetClipBox
GetEnhMetaFilePaletteEntries
GetObjectType
GetDeviceCaps
CreateDCA
CreateCompatibleDC
RestoreDC
SetBkMode
CreateFontIndirectW
GetGlyphOutlineW
SetPixel
SetWorldTransform
StartPage
OffsetClipRgn
IntersectClipRect
CreateDIBSection
EnumFontFamiliesA
SetTextColor
CreateDIBPatternBrushPt
GetObjectA
GetClipRgn
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
StrokePath
ExtCreateRegion
CreateRoundRectRgn
SelectClipRgn
PlayEnhMetaFile
CreateFontW
GetBkColor
SetViewportExtEx
GetTextExtentPoint32A
SetPolyFillMode
Pie
SetRectRgn
StartDocA
GetTextColor
PtVisible
Polyline
DPtoLP
ExtCreatePen
SetPixelV
SetTextCharacterExtra
BeginPath
GetTextExtentPoint32W
CreateCompatibleBitmap
CreatePenIndirect
EndPath
ImageEnumerateCertificates
ImmUnregisterWordW
ImmEscapeW
ImmGetGuideLineW
ImmGetConversionStatus
ImmSetCompositionWindow
ImmGetDefaultIMEWnd
ImmGetCandidateListW
ImmNotifyIME
ImmDestroyContext
ImmGetIMEFileNameA
ImmRegisterWordW
ImmGetCandidateWindow
ImmConfigureIMEW
ImmGetIMEFileNameW
ImmGetCandidateListA
ImmSimulateHotKey
DeleteCriticalSection
CopyFileW
MapViewOfFile
MoveFileW
GetComputerNameA
GetThreadTimes
GetPrivateProfileIntW
WNetCancelConnectionA
WNetAddConnection3W
WNetCancelConnection2W
WNetAddConnectionW
WNetOpenEnumA
WNetGetUniversalNameA
RasSetEntryPropertiesA
RasDeleteEntryW
RasGetEntryPropertiesA
RasEnumEntriesW
RasDialW
RasGetErrorStringA
RasSetEntryDialParamsW
RasEditPhonebookEntryW
RasRenameEntryA
RasEnumEntriesA
PathSkipRootA
PathFindExtensionA
PathIsPrefixA
PathCommonPrefixW
SHGetValueA
PathRemoveExtensionA
SHRegEnumUSValueW
StrPBrkA
PathIsDirectoryA
PathIsFileSpecA
SHEnumValueW
PathCommonPrefixA
PathIsSystemFolderW
SHEnumKeyExW
SHDeleteEmptyKeyA
SHRegDeleteEmptyUSKeyW
PathRemoveBackslashW
InternetCanonicalizeUrlW
FtpFindFirstFileA
HttpEndRequestW
HttpSendRequestExW
InternetUnlockRequestFile
RetrieveUrlCacheEntryFileA
InternetSetCookieW
InternetHangUp
FtpRemoveDirectoryA
InternetGetConnectedState
FtpFindFirstFileW
HttpOpenRequestW
CreateUrlCacheGroup
InternetGetCookieW
GopherOpenFileA
SetUrlCacheEntryInfoW
InternetCloseHandle
CommitUrlCacheEntryA
SetUrlCacheEntryInfoA
GetUrlCacheEntryInfoW
InternetCombineUrlW
InternetAutodial
GopherFindFirstFileA
FtpCreateDirectoryW
InternetLockRequestFile
HttpAddRequestHeadersA
FtpGetFileW
CommitUrlCacheEntryW
FindFirstUrlCacheEntryExA
InternetCheckConnectionW
InternetCreateUrlA
FtpGetFileA
FindCloseUrlCache
GopherGetAttributeW
FindNextUrlCacheEntryA
InternetSetDialState
InternetOpenUrlW
FtpRenameFileA
FindFirstUrlCacheEntryW
InternetOpenW
InternetCrackUrlA
mixerGetControlDetailsW
waveInMessage
waveInPrepareHeader
mmioRead
waveInGetErrorTextW
midiInOpen
mciSendCommandW
PlaySoundA
mixerGetDevCapsW
waveInStart
auxSetVolume
waveOutGetID
IsValidURL
CoGetClassObjectFromURL
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 5
RT_DIALOG 2
RT_VERSION 1
Number of PE resources by language
GREEK DEFAULT 5
ENGLISH US 5
PORTUGUESE BRAZILIAN 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
176128

ImageVersion
0.0

ProductName
Forgettable Croup

FileVersionNumber
0.237.128.16

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
12, 154, 34, 174

TimeStamp
2009:04:23 13:32:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Crumple

ProductVersion
32, 232, 218, 176

FileDescription
Egg

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2018

MachineType
Intel 386 or later, and compatibles

CompanyName
PS Soft Lab

CodeSize
126976

FileSubtype
0

ProductVersionNumber
0.168.131.56

EntryPoint
0x1fbfa

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 808a8eac400c6abf49d352ae1d944c2a
SHA1 42977ad07da3025d5befcf3c93c208ba5151db92
SHA256 4ef58904172d664a9cdc944db93c6db2f3e0db84bcf78a4e01458d3ae7e3d918
ssdeep
3072:XThnm6ALhnxnYIFzecjuKqL7zjPuxl6CFCuKOnDkLbK23e2w9pQd2BuIgsGn:XThnm6ALhnxnYIgANqL7/Pux4CFhKODc

authentihash 5bf94eecc2988c9571aca48d9281e8315696711e7dbc6b0b845ae5eec99ad6cf
imphash 56ec8157ff3dfcaf9a3b3bde0c350b5f
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-21 15:05:49 UTC ( 1 year, 8 months ago )
Last submission 2016-08-09 12:44:34 UTC ( 1 year, 3 months ago )
File names 808a8eac400c6abf49d352ae1d944c2a
89h766b.exe
4ef58904172d664a9cdc944db93c6db2f3e0db84bcf78a4e01458d3ae7e3d918.exe
89h766b.exe
EiGckX.exe
808a8eac400c6abf49d352ae1d944c2a.exe
89h766b.exe
4ef58904172d664a9cdc944db93c6db2f3e0db84bcf78a4e01458d3ae7e3d918.bin
89h766b.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Shell commands
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections
UDP communications