× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 53735b29c4c88b76fe346f6cf0018533591086642119eb44a0541eb4551fc24e
File name: .
Detection ratio: 23 / 71
Analysis date: 2019-01-16 17:16:10 UTC ( 2 months ago )
Antivirus Result Update
Acronis suspicious 20190116
AhnLab-V3 Trojan/Win32.Ursnif.R249989 20190116
Antiy-AVL Trojan[Banker]/Win32.IcedID 20190116
Avast Win32:Trojan-gen 20190115
AVG Win32:Trojan-gen 20190116
Cylance Unsafe 20190116
ESET-NOD32 a variant of Win32/GenKryptik.CTIK 20190116
Fortinet W32/GenKryptik.CUBY!tr 20190116
Sophos ML heuristic 20181128
Jiangmin Trojan.Generic.cvwdk 20190116
Kaspersky HEUR:Trojan.Win32.Generic 20190116
McAfee Ursnif-FQLY!977F99364831 20190116
McAfee-GW-Edition Ursnif-FQLY!977F99364831 20190116
NANO-Antivirus Trojan.Win32.IcedID.flfwvw 20190116
Panda Trj/GdSda.A 20190116
Rising Trojan.GenKryptik!8.AA55 (TFE:5:31pL9X01atQ) 20190116
Symantec ML.Attribute.HighConfidence 20190116
Trapmine suspicious.low.ml.score 20190103
VBA32 BScope.TrojanBanker.IcedID 20190116
Webroot W32.Adware.Gen 20190116
Yandex Trojan.PWS.IcedID! 20190116
Zillya Trojan.IcedID.Win32.14 20190115
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190116
Ad-Aware 20190116
AegisLab 20190116
Alibaba 20180921
ALYac 20190116
Arcabit 20190116
Avast-Mobile 20190116
Avira (no cloud) 20190116
Babable 20180918
Baidu 20190116
BitDefender 20190116
Bkav 20190116
CAT-QuickHeal 20190116
ClamAV 20190116
CMC 20190116
Comodo 20190116
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190116
DrWeb 20190116
eGambit 20190116
Emsisoft 20190116
Endgame 20181108
F-Prot 20190116
F-Secure 20190116
GData 20190116
Ikarus 20190116
K7AntiVirus 20190116
K7GW 20190116
Kingsoft 20190116
Malwarebytes 20190116
MAX 20190116
Microsoft 20190116
eScan 20190116
Palo Alto Networks (Known Signatures) 20190116
Qihoo-360 20190116
SentinelOne (Static ML) 20181223
Sophos AV 20190116
SUPERAntiSpyware 20190109
TACHYON 20190116
Tencent 20190116
TheHacker 20190115
TotalDefense 20190116
TrendMicro 20190116
TrendMicro-HouseCall 20190116
Trustlook 20190116
VIPRE 20190116
ViRobot 20190116
Zoner 20190116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2002 Jama Software Grow. All rights reserved

Original name seatfour.exe
Internal name Carthey
File version 4.0.87.59
Description Carthey
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-13 12:45:34
Entry Point 0x0000137B
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
GetEnvironmentStringsW
IsDebuggerPresent
HeapAlloc
TlsAlloc
VirtualProtect
GetModuleFileNameA
RtlUnwind
GetACP
HeapSetInformation
GetCurrentProcess
DecodePointer
GetCurrentProcessId
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
QueryPerformanceCounter
GetEnvironmentVariableA
HeapCreate
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
GetShellWindow
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
OleSetContainedObject
CoCreateInstance
CLSIDFromString
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
225792

ImageVersion
0.0

FileVersionNumber
4.0.87.59

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
seatfour.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.0.87.59

TimeStamp
2011:12:13 13:45:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Carthey

ProductVersion
4.0.87.59

FileDescription
Carthey

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright 2002 Jama Software Grow. All rights reserved

MachineType
Intel 386 or later, and compatibles

CompanyName
Jama Software Grow

CodeSize
121344

FileSubtype
0

ProductVersionNumber
4.0.87.59

EntryPoint
0x137b

ObjectFileType
Executable application

File identification
MD5 977f99364831f084b8e65264511c3f52
SHA1 6e929e07197e4deaacde14dbc09b300389c87c52
SHA256 53735b29c4c88b76fe346f6cf0018533591086642119eb44a0541eb4551fc24e
ssdeep
3072:v/eXMFc2jxAjrA9eAyGrSUWf3p452B5E3YLNB+BjN3jsovVOI75Sve:v/Amc2jx4EePwg4IB5EI453jbVOHve

authentihash f42e3574b01c91112dda0518cbe2646892ef530ea7b717cd9683e36721255d4f
imphash 875b32d68c6858daada126b7b5bce36d
File size 304.0 KB ( 311296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-16 17:16:10 UTC ( 2 months ago )
Last submission 2019-01-16 17:16:10 UTC ( 2 months ago )
File names seatfour.exe
Carthey
.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.