× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 55c9300471a970d07973c6c9027f4096397da573807d746fc3428d7f6626fcb0
File name: boolean operations
Detection ratio: 46 / 70
Analysis date: 2019-02-15 05:43:25 UTC ( 21 hours, 17 minutes ago )
Antivirus Result Update
Acronis suspicious 20190213
Ad-Aware Trojan.GenericKD.31516101 20190214
AhnLab-V3 Malware/Gen.Generic.C2921668 20190214
ALYac Trojan.Mansabo.gen 20190214
Antiy-AVL Trojan/Win32.Mansabo 20190214
Arcabit Trojan.Generic.D1E0E5C5 20190214
Avast Win32:Trojan-gen 20190214
AVG Win32:Trojan-gen 20190214
BitDefender Trojan.GenericKD.31516101 20190214
CAT-QuickHeal Trojan.Mansabo 20190214
Comodo Malware@#3yxqxpsl0jam 20190214
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cylance Unsafe 20190214
Cyren W32/Trojan.JIGF-8428 20190214
DrWeb Trojan.Trick.46210 20190214
Emsisoft Trojan.GenericKD.31516101 (B) 20190214
ESET-NOD32 a variant of Win32/Injector.ECUP 20190214
Fortinet W32/PossibleThreat 20190214
GData Trojan.GenericKD.31516101 20190214
Ikarus Trojan.Win32.Trickbot 20190214
Jiangmin Trojan.Mansabo.aer 20190214
K7AntiVirus Riskware ( 0040eff71 ) 20190214
K7GW Riskware ( 0040eff71 ) 20190214
Kaspersky Trojan.Win32.Mansabo.btu 20190214
McAfee RDN/Generic.dx 20190214
McAfee-GW-Edition BehavesLike.Win32.Generic.gm 20190214
Microsoft Trojan:Win32/Skeeyah.A!bit 20190214
eScan Trojan.GenericKD.31516101 20190214
NANO-Antivirus Trojan.Win32.Trick.fmnsou 20190214
Palo Alto Networks (Known Signatures) generic.ml 20190214
Panda Trj/GdSda.A 20190214
Qihoo-360 Win32/Trojan.BO.c93 20190214
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20190214
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Generic-S 20190214
Symantec Trojan.Trickybot 20190214
TACHYON Trojan/W32.VB-Mansabo.466944.D 20190214
Tencent Win32.Trojan.Mansabo.Wrgk 20190214
TrendMicro TROJ_GEN.F0C2C00AB19 20190214
TrendMicro-HouseCall TROJ_GEN.F0C2C00AB19 20190214
VBA32 Trojan.Mansabo 20190214
ViRobot Trojan.Win32.Mansabo.466944.A 20190214
Webroot W32.Trojan.Gen 20190214
Yandex Trojan.Mansabo! 20190214
Zillya Trojan.Injector.Win32.630637 20190214
ZoneAlarm by Check Point Trojan.Win32.Mansabo.btu 20190214
AegisLab 20190214
Alibaba 20180921
Avast-Mobile 20190214
Avira (no cloud) 20190214
Babable 20180917
Baidu 20190214
Bkav 20190214
ClamAV 20190214
CMC 20190214
Cybereason 20190109
eGambit 20190214
Endgame 20181108
F-Prot 20190214
F-Secure 20190214
Sophos ML 20181128
Kingsoft 20190214
Malwarebytes 20190214
MAX 20190214
SUPERAntiSpyware 20190213
Symantec Mobile Insight 20190206
TheHacker 20190212
TotalDefense 20190214
Trapmine 20190123
Trustlook 20190214
Zoner 20190214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product boolean operations
Original name boolean operations.exe
Internal name boolean operations
File version 2.78.0001
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-10 13:20:23
Entry Point 0x000013C8
Number of sections 3
PE sections
PE imports
WideCharToMultiByte
GetUserDefaultLCID
SetFileApisToOEM
RtlMoveMemory
GetStartupInfoW
SetFileApisToANSI
VirtualProtect
GetProcAddress
VirtualAlloc
GetModuleHandleW
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaGenerateBoundsError
_allmul
_CIsin
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
__vbaRedimPreserve
__vbaAryMove
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarForInit
__vbaVarVargNofree
_adj_fdiv_m32i
__vbaVarPow
__vbaExceptHandler
__vbaVarForNext
__vbaFreeVarList
__vbaRedim
__vbaFPException
_adj_fdivr_m16i
__vbaUbound
__vbaVarAdd
Ord(581)
_adj_fdiv_r
Ord(100)
__vbaAryLock
__vbaUI1I2
__vbaVarOr
__vbaFreeVar
__vbaBoolVarNull
_adj_fdiv_m64
__vbaUI1I4
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
__vbaVarSub
_CIlog
__vbaVarMul
__vbaVarIdiv
__vbaStrVarVal
_CIcos
EVENT_SINK_QueryInterface
Ord(706)
_adj_fptan
_CItan
__vbaR8Var
__vbaObjSet
__vbaVarFix
__vbaI4Var
__vbaVarDiv
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
_adj_fdivr_m32i
__vbaVarCmpEq
__vbaAryDestruct
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaVar2Vec
__vbaFreeStrList
__vbaFreeStr
_adj_fdiv_m16i
SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
LoadStringW
WaitMessage
Number of PE resources by type
RT_STRING 4
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
GERMAN LUXEMBOURG 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
327680

ImageVersion
2.78

ProductName
boolean operations

FileVersionNumber
2.78.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
boolean operations.exe

MIMEType
application/octet-stream

FileVersion
2.78.0001

TimeStamp
2019:01:10 05:20:23-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
boolean operations

ProductVersion
2.78.0001

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Brad's Quadratic

CodeSize
135168

FileSubtype
0

ProductVersionNumber
2.78.0.1

EntryPoint
0x13c8

ObjectFileType
Executable application

Execution parents
File identification
MD5 d58a8f6dfeea35d6f39c1ae4b9dcbc9a
SHA1 8d68199e2ecf9e97f9d589bf331921e8505be4dc
SHA256 55c9300471a970d07973c6c9027f4096397da573807d746fc3428d7f6626fcb0
ssdeep
3072:0iORn4gsYzn+HpiUuo4SlJZiLV2RgOrdJQcs4VTkg6Mad2oS3h3s2dN3EWjeAoSw:zJB0PLony25k8tgWi/h/Wd+EiO1o

authentihash a7b74238fea7c8368759461d922ec359dc4fbacf921c314fb6e4856bfbbdc2d8
imphash 58471b8a9f8702d1a9e4838d7b7d501a
File size 456.0 KB ( 466944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-10 15:04:38 UTC ( 1 month ago )
Last submission 2019-01-16 17:32:30 UTC ( 1 month ago )
File names setup.exe
boolean operations.exe
boolean operations
wosming.exe
<SAMPLE.EXE>
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs