× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 517725d3990d22d5d040c018ed8b3027c069924d924f76ccebd25a76052dac37
File name: $RKUWYUM.ex_
Detection ratio: 33 / 69
Analysis date: 2019-02-05 14:17:12 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190130
Ad-Aware Trojan.GenericKD.31646405 20190205
Avast Win32:Trojan-gen 20190205
AVG Win32:Trojan-gen 20190205
Avira (no cloud) TR/AD.IcedId.dvwup 20190205
BitDefender Trojan.GenericKD.31646405 20190205
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181023
DrWeb Trojan.Inject3.12630 20190205
Emsisoft Trojan.GenericKD.31646405 (B) 20190205
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNPE 20190205
F-Secure Trojan.TR/AD.IcedId.dvwup 20190205
Fortinet W32/PossibleThreat 20190205
GData Win32.Trojan.Agent.5UO4S3 20190205
K7AntiVirus Trojan ( 005432871 ) 20190205
K7GW Trojan ( 005432871 ) 20190205
Kaspersky Trojan-Banker.Win32.IcedID.totm 20190205
MAX malware (ai score=86) 20190205
McAfee RDN/Generic.grp 20190205
McAfee-GW-Edition RDN/Generic.grp 20190205
Microsoft Trojan:Win32/Zpevdo.B 20190205
eScan Trojan.GenericKD.31646405 20190205
Palo Alto Networks (Known Signatures) generic.ml 20190205
Panda Trj/GdSda.A 20190205
Qihoo-360 Win32/Trojan.bf0 20190205
Rising Trojan.Kryptik!8.8 (CLOUD) 20190205
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Generic-S 20190205
Symantec Backdoor.Ratenjay 20190205
Tencent Win32.Trojan-banker.Icedid.Tapr 20190205
TrendMicro-HouseCall TROJ_GEN.R002H0CB419 20190205
Webroot W32.Malware.Gen 20190205
ZoneAlarm by Check Point Trojan-Banker.Win32.IcedID.totm 20190205
AegisLab 20190205
AhnLab-V3 20190205
Alibaba 20180921
ALYac 20190205
Antiy-AVL 20190205
Arcabit 20190205
Avast-Mobile 20190204
Babable 20180918
Baidu 20190202
Bkav 20190201
CAT-QuickHeal 20190205
ClamAV 20190205
CMC 20190205
Comodo 20190205
Cybereason 20190109
Cyren 20190205
eGambit 20190205
F-Prot 20190205
Sophos ML 20181128
Jiangmin 20190205
Kingsoft 20190205
Malwarebytes 20190205
NANO-Antivirus 20190205
SUPERAntiSpyware 20190130
TACHYON 20190205
TheHacker 20190203
TotalDefense 20190205
Trapmine 20190123
TrendMicro 20190205
Trustlook 20190205
VBA32 20190205
VIPRE 20190203
ViRobot 20190205
Yandex 20190204
Zillya 20190204
Zoner 20190204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2005-2015, Satisfyd rose resultgroup

Product Justclock
Original name Colonyteam.exe
Internal name Justclock
Description Justclock
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-31 10:05:39
Entry Point 0x0000A5A2
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
OpenServiceA
RegQueryValueExA
RegCreateKeyExA
DeleteService
RegOpenKeyA
OpenProcessToken
QueryServiceStatus
RegEnumKeyA
GetTokenInformation
OpenThreadToken
RegOpenKeyExA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
SetEntriesInAclA
OpenSCManagerA
ScaleWindowExtEx
SetViewportExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
FindFirstChangeNotificationA
GetModuleFileNameW
GlobalFree
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GlobalUnlock
VirtualProtect
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetLocalTime
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
GetDateFormatW
SetErrorMode
GetCurrentDirectoryA
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
FindNextChangeNotification
SetStdHandle
GetFileTime
GetTimeFormatW
RaiseException
UnhandledExceptionFilter
WideCharToMultiByte
TlsFree
CompareStringW
SetUnhandledExceptionFilter
WriteFile
MulDiv
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
GetProcessHeap
TerminateProcess
FindCloseChangeNotification
GetTimeZoneInformation
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
SetLastError
CreateFileW
GlobalAlloc
GetEnvironmentStringsW
TlsGetValue
Sleep
IsBadReadPtr
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
CloseHandle
AlphaBlend
GradientFill
EndDeferWindowPos
DrawTextA
GetDoubleClickTime
ReleaseDC
InflateRect
GetWindowLongA
EnumWindows
IntersectRect
GetClassInfoExA
DefWindowProcA
GetAncestor
ExitWindowsEx
CallNextHookEx
CreateEnvironmentBlock
DeleteProfileA
UnloadUserProfile
DestroyEnvironmentBlock
waveInOpen
timeEndPeriod
waveInClose
waveInUnprepareHeader
waveInStart
timeBeginPeriod
Number of PE resources by type
RT_ICON 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 6
PE resources
Debug information
ExifTool file metadata
CodeSize
91648

SubsystemVersion
6.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.7.65.61

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Justclock

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
125952

EntryPoint
0xa5a2

OriginalFileName
Colonyteam.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2005-2015, Satisfyd rose resultgroup

TimeStamp
2014:01:31 11:05:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Justclock

ProductVersion
10.7.65.61

UninitializedDataSize
0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Satisfyd

LegalTrademarks
Justclock surfacelone cow

ProductName
Justclock

ProductVersionNumber
10.7.65.61

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5ecf4dd7ece49a7c0222001e9fe3be32
SHA1 293fcedf1bb03533ca8558572835baee67668984
SHA256 517725d3990d22d5d040c018ed8b3027c069924d924f76ccebd25a76052dac37
ssdeep
3072:BkcgBjeLtC0y2fscpN1p+tjFOHW7Yx+7b1UWJsQabQk94:GBqZCv4BlSZqzHbH94

authentihash 6d77eca49ebd9060eb549e9cd76b8ab911529f8bc5a3a446b2b11dc55fb86e0a
imphash 507f09eaf7637ca9a2251e3cff3029e6
File size 177.0 KB ( 181248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-04 20:28:55 UTC ( 1 month, 1 week ago )
Last submission 2019-02-04 20:28:55 UTC ( 1 month, 1 week ago )
File names Justclock
$RKUWYUM.ex_
Colonyteam.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!