× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 56a3c73708449d8ef5b6549d5181b0437844c46d21fda4729150ba20ce8391d5
File name: 56a3c73708449d8ef5b6549d5181b0437844c46d21fda4729150ba20ce8391d5
Detection ratio: 50 / 66
Analysis date: 2018-10-26 00:41:58 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30708185 20181025
AegisLab Trojan.Win32.Gozi.4!c 20181026
AhnLab-V3 Trojan/Win32.Ursnif.C2492305 20181025
ALYac Spyware.Ursnif 20181026
Antiy-AVL Trojan[Banker]/Win32.Gozi 20181025
Arcabit Trojan.Generic.D1D491D9 20181025
Avast Win32:Malware-gen 20181026
AVG Win32:Malware-gen 20181026
Avira (no cloud) TR/Crypt.ZPACK.lsusd 20181025
BitDefender Trojan.GenericKD.30708185 20181026
CAT-QuickHeal Trojan.Sigmal.S2636861 20181025
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181022
Cylance Unsafe 20181026
Cyren W32/Trojan.EXLZ-3336 20181026
DrWeb Trojan.Siggen7.49533 20181025
Emsisoft Trojan.GenericKD.30708185 (B) 20181025
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Spy.Ursnif.BR 20181026
F-Prot W32/Ursnif.LO 20181025
F-Secure Trojan.GenericKD.30708185 20181025
Fortinet W32/Kryptik.FZFH!tr 20181026
GData Win32.Trojan-Spy.Ursnif.3Y2XMF 20181026
Ikarus Trojan-Spy.Zbot 20181025
Sophos ML heuristic 20180717
Jiangmin Trojan.Banker.Gozi.bp 20181026
K7AntiVirus Trojan ( 0051c74e1 ) 20181025
K7GW Trojan ( 0051c74e1 ) 20181025
Kaspersky Trojan-Banker.Win32.Gozi.ob 20181025
Malwarebytes Spyware.PasswordStealer 20181025
McAfee Generic.ayv 20181026
McAfee-GW-Edition BehavesLike.Win32.AdwareLinkury.th 20181025
Microsoft Trojan:Win32/Skeeyah.A!bit 20181026
eScan Trojan.GenericKD.30708185 20181026
NANO-Antivirus Trojan.Win32.Kryptik.fdycjn 20181026
Palo Alto Networks (Known Signatures) generic.ml 20181026
Panda Trj/WLT.D 20181025
Qihoo-360 Trojan.Generic 20181026
Rising Spyware.Ursnif!8.1DEF (CLOUD) 20181026
Sophos AV Troj/Spy-AQK 20181026
Symantec Trojan.Ursnif 20181026
Tencent Win32.Trojan-banker.Gozi.Pdmm 20181026
TrendMicro TSPY_URSNIF.THEOCAH 20181025
TrendMicro-HouseCall TSPY_URSNIF.THEOCAH 20181026
VBA32 TrojanBanker.Gozi 20181025
ViRobot Trojan.Win32.S.Agent.1078272 20181025
Webroot W32.Rogue.Gen 20181026
Yandex Trojan.PWS.Gozi! 20181025
Zillya Trojan.Gozi.Win32.143 20181024
ZoneAlarm by Check Point Trojan-Banker.Win32.Gozi.ob 20181026
Zoner Trojan.Gozi 20181025
Alibaba 20180921
Avast-Mobile 20181025
Baidu 20181024
Bkav 20181025
ClamAV 20181026
CMC 20181025
Cybereason 20180225
eGambit 20181026
Kingsoft 20181026
MAX 20181026
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181001
TACHYON 20181026
TheHacker 20181025
TotalDefense 20181025
Trustlook 20181026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 2, 5, 5153, 1281
Description Good Suit
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-02 15:24:14
Entry Point 0x00096B03
Number of sections 4
PE sections
PE imports
RestoreDC
StartPage
StartDocW
Rectangle
CreateFontIndirectW
HeapSize
GetLastError
TlsGetValue
HeapFree
CopyFileW
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
LoadLibraryW
GetConsoleCP
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
GetModuleHandleW
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetCommandLineW
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
DeleteFileW
GetProcAddress
EncodePointer
GetFileType
SetStdHandle
GetStringTypeW
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
HeapSetInformation
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetUserDefaultLCID
HeapAlloc
TerminateProcess
InitializeCriticalSection
HeapCreate
CreateFileW
CreateProcessW
InterlockedDecrement
Sleep
SetLastError
SetFileAttributesW
TlsSetValue
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InterlockedIncrement
EndDialog
SetCapture
WindowFromPoint
LoadIconW
GetMessageW
CloseClipboard
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
OleSetContainedObject
CoCreateInstance
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
CodeSize
685568

UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
2.5.5153.1281

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Good Suit

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
461312

EntryPoint
0x96b03

MIMEType
application/octet-stream

FileVersion
2, 5, 5153, 1281

TimeStamp
2012:05:02 08:24:14-07:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2, 5, 5153, 1281

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Thousand Evening

LegalTrademarks
Good Suit

FileSubtype
0

ProductVersionNumber
2.5.5153.1281

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 42d87be786dd12006fff4b744cff3831
SHA1 0b0dab27ca660ba528a29de5bdf5a9af603a6e1a
SHA256 56a3c73708449d8ef5b6549d5181b0437844c46d21fda4729150ba20ce8391d5
ssdeep
12288:oIaQ5y0dCw6BtQjUEcLOwLX91Me/6nghfQejFfWMrq3j5eVMdhvPHN1W+F18RlNH:oI34z2/cFLYA/xdrq3J9IN0otrzUng

authentihash e996e254b21f32f069f55a221c78d2bb94cc0286bea14e3af0fef7ffd079409e
imphash 36179785b71d6c6dc95fe144d045122f
File size 1.0 MB ( 1078272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-03 06:29:19 UTC ( 10 months, 3 weeks ago )
Last submission 2018-09-10 06:47:23 UTC ( 6 months, 1 week ago )
File names iterg.yarn
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Runtime DLLs