× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5185b460d7cdfe30642663d552810209b23c574dab81c925f40e019c12be7465
File name: 2.tmp.exe
Detection ratio: 42 / 68
Analysis date: 2017-11-26 09:17:32 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12617939 20171126
AegisLab Filerepmalware.Gen!c 20171126
Antiy-AVL Trojan/Win32.TSGeneric 20171126
Arcabit Trojan.Generic.DC088D3 20171126
Avast Win32:Malware-gen 20171126
AVG Win32:Malware-gen 20171126
Avira (no cloud) TR/AD.Inject.jinaj 20171125
AVware Trojan.Win32.Zbot.aj (v) 20171126
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9798 20171124
BitDefender Trojan.GenericKD.12617939 20171126
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.c2c05e 20171103
Cylance Unsafe 20171126
Cyren W32/VBTrojan.Dropper.4!Maximus 20171126
Emsisoft Trojan.GenericKD.12617939 (B) 20171126
Endgame malicious (high confidence) 20171024
ESET-NOD32 Win32/TrickBot.Q 20171126
F-Prot W32/VBTrojan.Dropper.4!Maximus 20171126
F-Secure Trojan.GenericKD.12617939 20171126
Fortinet W32/Injector.CWJO!tr 20171126
GData Win32.Trojan.Agent.VZL2V5 20171126
Ikarus Trojan.Win32.Krypt 20171125
Sophos ML heuristic 20170914
K7AntiVirus EmailWorm ( 003c363a1 ) 20171124
K7GW EmailWorm ( 003c363a1 ) 20171126
Kaspersky Trojan.Win32.Pakes.avyg 20171126
MAX malware (ai score=99) 20171126
McAfee Downloader-FSA 20171126
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20171126
eScan Trojan.GenericKD.12617939 20171126
Palo Alto Networks (Known Signatures) generic.ml 20171126
Panda Trj/CI.A 20171125
Qihoo-360 Win32/Trojan.4c4 20171126
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/Generic-S 20171126
Symantec Trojan.Gen.2 20171125
Tencent Win32.Trojan.Pakes.Wrqt 20171126
TrendMicro TROJ_GEN.R045C0PKP17 20171126
TrendMicro-HouseCall TROJ_GEN.R045C0PKP17 20171126
VIPRE Trojan.Win32.Zbot.aj (v) 20171126
Webroot W32.Malware.Gen 20171126
ZoneAlarm by Check Point Trojan.Win32.Pakes.avyg 20171126
AhnLab-V3 20171125
Alibaba 20171124
ALYac 20171126
Avast-Mobile 20171125
Bkav 20171124
CAT-QuickHeal 20171125
ClamAV 20171126
CMC 20171126
Comodo 20171126
DrWeb 20171126
eGambit 20171126
Jiangmin 20171126
Kingsoft 20171126
Malwarebytes 20171126
Microsoft 20171126
NANO-Antivirus 20171126
nProtect 20171126
Rising 20171126
SUPERAntiSpyware 20171126
Symantec Mobile Insight 20171124
TheHacker 20171121
TotalDefense 20171126
Trustlook 20171126
VBA32 20171124
ViRobot 20171125
WhiteArmor 20171104
Yandex 20171120
Zillya 20171124
Zoner 20171126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
@niekupujadoptujcom

Product Nike
Original name Sandy.exe
Internal name Sandy
File version 1.00
Description Kupuj, sprzedawaj i wymieniaj ubrania, akcesoria, kosmetyki i wiele innych
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-24 08:15:18
Entry Point 0x000011C8
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
_adj_fpatan
__vbaGenerateBoundsError
_allmul
__vbaAryUnlock
_adj_fprem
__vbaAryMove
__vbaObjVar
__vbaLateMemCall
_adj_fdiv_m32i
_adj_fdivr_m64
__vbaSetSystemError
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
__vbaUbound
_adj_fdiv_r
Ord(100)
__vbaFreeVar
_adj_fdiv_m64
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaAryLock
_CIcos
_adj_fptan
__vbaExceptHandler
__vbaErrorOverflow
_CIatan
__vbaNew2
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
_adj_fprem1
_adj_fdivr_m32
__vbaVar2Vec
_CItan
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
PPTLS_4 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL DEFAULT 2
GERMAN LUXEMBOURG 2
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
8192

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Kupuj, sprzedawaj i wymieniaj ubrania, akcesoria, kosmetyki i wiele innych

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
245760

EntryPoint
0x11c8

OriginalFileName
Sandy.exe

MIMEType
application/octet-stream

LegalCopyright
@niekupujadoptujcom

FileVersion
1.0

TimeStamp
2017:11:24 08:15:18+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sandy

ProductVersion
1.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Odpowiedzialna

LegalTrademarks
Kupuj na raty

ProductName
Nike

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6ba7b201e098601063f39e5b57738556
SHA1 e95de97c2c05e85485adc4552d03b8ed044258c0
SHA256 5185b460d7cdfe30642663d552810209b23c574dab81c925f40e019c12be7465
ssdeep
6144:KUVSLcctkQFcdV8yoNil9B/TYfm5k5BJTJJanwEC2y:KmUDuYcdWyoN+9BrYfm5EJTEjy

authentihash 555e1fb682961d5985204d53b347fb017c86eaf50facf8633b4f3576d94a4c9f
imphash a3b95a0802b42f6be5ef47c975f4aca7
File size 252.0 KB ( 258048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-24 17:29:22 UTC ( 1 year, 2 months ago )
Last submission 2017-11-24 17:29:22 UTC ( 1 year, 2 months ago )
File names 2.tmp.exe
Sandy.exe
Sandy
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!