× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 53a2a8043e62be4697a8731f9f8370ad4d197cddf6e6105d8bb69ba638644def
File name: W0M5U224Jy0s4nUrL.exe
Detection ratio: 11 / 67
Analysis date: 2017-11-29 10:25:44 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20171129
AVG FileRepMalware 20171129
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171129
Cybereason malicious.d1d626 20171103
Cylance Unsafe 20171129
Endgame malicious (high confidence) 20171024
Fortinet W32/Kryptik.FZTF!tr 20171129
Sophos ML heuristic 20170914
Qihoo-360 HEUR/QVM20.1.8209.Malware.Gen 20171129
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/EncPk-ANR 20171129
Ad-Aware 20171129
AegisLab 20171129
AhnLab-V3 20171129
Alibaba 20171129
ALYac 20171129
Antiy-AVL 20171129
Arcabit 20171129
Avast-Mobile 20171129
Avira (no cloud) 20171129
AVware 20171129
BitDefender 20171129
Bkav 20171128
CAT-QuickHeal 20171129
ClamAV 20171129
CMC 20171126
Comodo 20171129
CrowdStrike Falcon (ML) 20171016
Cyren 20171129
DrWeb 20171129
eGambit 20171129
Emsisoft 20171129
ESET-NOD32 20171129
F-Prot 20171129
F-Secure 20171129
GData 20171129
Ikarus 20171129
Jiangmin 20171129
K7AntiVirus 20171129
K7GW 20171129
Kaspersky 20171129
Kingsoft 20171129
Malwarebytes 20171129
MAX 20171129
McAfee 20171129
McAfee-GW-Edition 20171129
Microsoft 20171129
eScan 20171129
NANO-Antivirus 20171129
nProtect 20171129
Palo Alto Networks (Known Signatures) 20171129
Panda 20171128
Rising 20171129
SUPERAntiSpyware 20171129
Symantec 20171129
Symantec Mobile Insight 20171129
Tencent 20171129
TheHacker 20171126
TotalDefense 20171129
TrendMicro 20171129
TrendMicro-HouseCall 20171129
Trustlook 20171129
VBA32 20171129
VIPRE 20171129
ViRobot 20171129
Webroot 20171129
WhiteArmor 20171104
Yandex 20171120
Zillya 20171128
ZoneAlarm by Check Point 20171129
Zoner 20171129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2017 Bruce Sckeet

Product Bruce Sckeet Organiz
Original name lolola.exe
Internal name lolola
File version 15.0.1.0
Description Steven Mark Slivader
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-29 19:21:21
Entry Point 0x00001860
Number of sections 5
PE sections
PE imports
CM_Get_Device_ID_List_Size_ExW
GetFileTime
GetThreadPriority
CompareFileTime
FileTimeToSystemTime
GetModuleFileNameW
OpenThread
CreateFileW
VirtualQuery
CloseHandle
GetVersion
lstrcmpiW
GetCurrentThread
PathIsPrefixW
ChangeDisplaySettingsExW
GetInputState
RegisterClassW
wsprintfW
memcpy
Number of PE resources by type
RT_ICON 2
RT_BITMAP 2
RT_MANIFEST 1
RT_STRING 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
86528

EntryPoint
0x1860

OriginalFileName
lolola.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005-2017 Bruce Sckeet

FileVersion
15.0.1.0

TimeStamp
2017:11:29 20:21:21+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
lolola

ProductVersion
15.0.1.0

FileDescription
Steven Mark Slivader

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bruce Sckeet

CodeSize
26624

ProductName
Bruce Sckeet Organiz

ProductVersionNumber
10.0.1.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 4441f82ff7429c7593f30b9f1c6d00d1
SHA1 4d76499d1d626896b1d5d673c87fe243dadcbd9c
SHA256 53a2a8043e62be4697a8731f9f8370ad4d197cddf6e6105d8bb69ba638644def
ssdeep
1536:huIJAyKj9EYmYzwSWhG/0wOFFXYMoD+zasf7oEeNDlSyY9gSfESjD3BQQeW:hhJA/WYmYzRWhSmFhJz1fcEDDZs0DxQ4

authentihash 30e5060af0ddb095017c7639427a30f714af9e97fbea6a13f796fa20fef0a0af
imphash 5a5eeffd0249d835dbe38d5618c583dd
File size 95.5 KB ( 97792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-29 10:25:44 UTC ( 6 months, 3 weeks ago )
Last submission 2018-05-08 03:51:51 UTC ( 1 month, 2 weeks ago )
File names lolola.exe
12118488.exe
lolola
W0M5U224Jy0s4nUrL.exe
29616600.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
UDP communications