× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5467fad165a4a433b1c25ca8f183af5041b1c9547004d8f4e4dc8f84604be326
File name: notepad.exe
Detection ratio: 21 / 67
Analysis date: 2019-02-20 01:58:41 UTC ( 3 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190219
Avast Win32:Malware-gen 20190220
AVG Win32:Malware-gen 20190220
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20181023
Cybereason malicious.5501a6 20190109
Cylance Unsafe 20190220
Cyren W32/GenBl.A659DC22!Olympus 20190220
eGambit Unsafe.AI_Score_72% 20190220
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/GenKryptik.DABY 20190220
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20190220
McAfee Packed-FQY!A659DC22C1C1 20190220
McAfee-GW-Edition Artemis!Trojan 20190219
Palo Alto Networks (Known Signatures) generic.ml 20190220
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190219
Tencent Win32.Trojan.Inject.Auto 20190220
Trapmine malicious.high.ml.score 20190123
Webroot W32.Malware.gen 20190220
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190220
Ad-Aware 20190220
AegisLab 20190220
AhnLab-V3 20190219
Alibaba 20180921
ALYac 20190220
Antiy-AVL 20190220
Arcabit 20190220
Avast-Mobile 20190219
Avira (no cloud) 20190219
Babable 20180918
Baidu 20190215
BitDefender 20190220
Bkav 20190219
CAT-QuickHeal 20190219
ClamAV 20190219
CMC 20190219
Comodo 20190219
DrWeb 20190220
Emsisoft 20190219
F-Prot 20190220
F-Secure 20190219
Fortinet 20190220
GData 20190219
Ikarus 20190219
Jiangmin 20190220
K7AntiVirus 20190219
K7GW 20190219
Kingsoft 20190220
Malwarebytes 20190219
MAX 20190220
Microsoft 20190220
eScan 20190220
NANO-Antivirus 20190220
Panda 20190219
Qihoo-360 20190220
Rising 20190220
Sophos AV 20190219
SUPERAntiSpyware 20190213
Symantec Mobile Insight 20190207
TACHYON 20190220
TheHacker 20190217
TrendMicro 20190219
TrendMicro-HouseCall 20190220
Trustlook 20190220
VBA32 20190219
ViRobot 20190219
Yandex 20190219
Zillya 20190219
Zoner 20190220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Cultivar7
Original name Aotus.exe
Internal name Aotus
File version 1.06.0002
Comments adventured7
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 12:17 AM 2/22/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-03 13:44:40
Entry Point 0x000010B8
Number of sections 3
PE sections
Overlays
MD5 9a3451ef093502b7f9a2796ff2108f84
File type data
Offset 581632
Size 6144
Entropy 7.32
PE imports
EVENT_SINK_QueryInterface
Ord(519)
ProcCallEngine
Ord(646)
__vbaExceptHandler
Ord(100)
MethCallEngine
DllFunctionCall
Ord(573)
Ord(631)
Ord(578)
Ord(525)
Ord(618)
EVENT_SINK_Release
Ord(616)
EVENT_SINK_AddRef
Ord(685)
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
adventured7

InitializedDataSize
8192

ImageVersion
1.6

ProductName
Cultivar7

FileVersionNumber
1.6.0.2

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Aotus.exe

MIMEType
application/octet-stream

FileVersion
1.06.0002

TimeStamp
2015:04:03 06:44:40-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Aotus

ProductVersion
1.06.0002

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
573440

FileSubtype
0

ProductVersionNumber
1.6.0.2

EntryPoint
0x10b8

ObjectFileType
Executable application

File identification
MD5 a659dc22c1c1d7c548f0532392e52279
SHA1 ef38fc95501a6b6f305001dbb9c93ed2fa35a699
SHA256 5467fad165a4a433b1c25ca8f183af5041b1c9547004d8f4e4dc8f84604be326
ssdeep
6144:V8BGkq/UTsWyXXLhCb3cH49fNm/m1SfxR4r4IzRUOXTw9v+7FyA2AsvHC9InWvQY:KIkIUTsWMmGmtkgpjWR3/1o

authentihash 1b8f92d71d33c217f00a279d727c3dee5ed8297d28bb608c5bd0fb453bfde8df
imphash 4ec2a25b8338b826ea221e7ee60099e0
File size 574.0 KB ( 587776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-02-19 20:32:48 UTC ( 3 months ago )
Last submission 2019-02-19 20:32:48 UTC ( 3 months ago )
File names Aotus
fbet.exe
notepad.exe
Aotus.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.