× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 56c9226f3c9cc3dbb790919b9bcf7d813a469a28175e9c8528bc8f1bbf094f47
File name: 56c9226f3c9cc3dbb790919b9bcf7d813a469a28175e9c8528bc8f1bbf094f47
Detection ratio: 37 / 67
Analysis date: 2017-10-27 11:11:13 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.420193 20171027
AegisLab Gen.Variant.Graftor!c 20171027
AhnLab-V3 Trojan/Win32.Trickster.R211544 20171027
Arcabit Trojan.Graftor.D66961 20171027
Avast FileRepMalware 20171027
AVG FileRepMalware 20171027
Avira (no cloud) TR/Dropper.VB.wksyy 20171027
AVware Trojan.Win32.Generic!BT 20171027
BitDefender Gen:Variant.Johnnie.73133 20171027
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20171016
Cylance Unsafe 20171027
Cyren W32/Trojan.JXBK-5631 20171027
DrWeb Trojan.DownLoader25.49164 20171027
eGambit Unsafe.AI_Score_99% 20171027
Emsisoft Gen:Variant.Johnnie.73133 (B) 20171027
Endgame malicious (high confidence) 20171024
ESET-NOD32 Win32/TrickBot.Y 20171027
F-Secure Gen:Variant.Graftor.420193 20171027
Fortinet W32/TrickBot.Y!tr 20171027
GData Gen:Variant.Graftor.420193 20171027
Ikarus Win32.Outbreak 20171027
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 0051a62d1 ) 20171027
K7GW Trojan ( 0051a62d1 ) 20171027
Kaspersky Trojan.Win32.Pakes.avqi 20171027
MAX malware (ai score=96) 20171027
McAfee GenericR-KRM!7CD23BE0F257 20171027
McAfee-GW-Edition BehavesLike.Win32.BadFile.fh 20171027
eScan Gen:Variant.Graftor.420193 20171027
Palo Alto Networks (Known Signatures) generic.ml 20171027
Panda Trj/GdSda.A 20171027
SentinelOne (Static ML) static engine - malicious 20171019
Symantec Trojan.Gen.2 20171027
TrendMicro-HouseCall Suspicious_GEN.F47V1026 20171027
VIPRE Trojan.Win32.Generic!BT 20171027
Webroot W32.Trojan.Gen 20171027
ZoneAlarm by Check Point Trojan.Win32.Pakes.avqi 20171027
Alibaba 20170911
ALYac 20171027
Antiy-AVL 20171027
Avast-Mobile 20171027
Baidu 20171027
Bkav 20171027
CAT-QuickHeal 20171027
ClamAV 20171027
CMC 20171027
Comodo 20171027
Cybereason 20170628
F-Prot 20171027
Jiangmin 20171027
Kingsoft 20171027
Malwarebytes 20171027
Microsoft 20171027
NANO-Antivirus 20171027
nProtect 20171027
Qihoo-360 20171027
Sophos AV 20171027
SUPERAntiSpyware 20171027
Symantec Mobile Insight 20171027
Tencent 20171027
TheHacker 20171024
TotalDefense 20171027
TrendMicro 20171027
Trustlook 20171027
VBA32 20171027
ViRobot 20171027
WhiteArmor 20171024
Yandex 20171026
Zillya 20171027
Zoner 20171027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2014-2017 Zawebis

Product JUB je mednarodno
Original name SinatraCWM.exe
Internal name SinatraCWM
File version 1.00
Description Dans le judaпsme, les Kivre Tsadikim sont le lieu de sйpulture, parfois
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-26 07:05:40
Entry Point 0x00001690
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
Ord(616)
EVENT_SINK_Invoke
_adj_fprem
__vbaAryMove
__vbaVarMod
__vbaVerifyVarObj
__vbaUI1Var
__vbaVarAnd
__vbaRedim
__vbaRecDestruct
_adj_fdiv_r
__vbaRecAnsiToUni
__vbaObjSetAddref
__vbaI4Var
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaI2Var
_CIlog
__vbaVarMul
Ord(595)
_adj_fptan
__vbaFileClose
__vbaLineInputStr
Ord(306)
__vbaRecUniToAnsi
__vbaFreeStr
__vbaLateIdCallLd
__vbaStrI2
__vbaFPFix
Ord(709)
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(689)
Ord(648)
__vbaLateIdStAd
__vbaI4Str
Ord(525)
Ord(594)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
Zombie_GetTypeInfoCount
__vbaPowerR8
__vbaUbound
__vbaFreeVar
__vbaFileOpen
Ord(571)
Ord(606)
__vbaAryLock
EVENT_SINK_Release
__vbaR8FixI4
Ord(593)
Ord(667)
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaStrCmp
__vbaAryUnlock
__vbaFreeObjList
__vbaVarCmpGt
EVENT_SINK_GetIDsOfNames
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaExitProc
Zombie_GetTypeInfo
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
Ord(690)
_CIcos
Ord(713)
__vbaVarMove
__vbaNew2
__vbaR8IntI4
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaRedimPreserve
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarForInit
Ord(300)
__vbaStrCopy
Ord(645)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
Ord(599)
__vbaRecDestructAnsi
__vbaCastObjVar
_CIsin
_CIsqrt
__vbaVarCopy
_CIatan
__vbaObjSet
Ord(644)
_CIexp
__vbaStrToAnsi
_CItan
Number of PE resources by type
RT_ICON 11
STORAGE RES MODE 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
77824

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Dans le juda sme, les Kivre Tsadikim sont le lieu de s pulture, parfois

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
294912

EntryPoint
0x1690

OriginalFileName
SinatraCWM.exe

MIMEType
application/octet-stream

LegalCopyright
2014-2017 Zawebis

FileVersion
1.0

TimeStamp
2017:10:26 08:05:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SinatraCWM

ProductVersion
1.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
flash

LegalTrademarks
We are pleased to help with any questions

ProductName
JUB je mednarodno

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 7cd23be0f257f0c7c820f18a06b00418
SHA1 39f78bd62f53e3edbacb301eb71710efae09aa63
SHA256 56c9226f3c9cc3dbb790919b9bcf7d813a469a28175e9c8528bc8f1bbf094f47
ssdeep
6144:ao2RAiWE9FQUwQdpkbKDN6d30/VgX0P2+2yoHZnl:ao2RAiWE9wkfYZbEZ2yob

authentihash 5b9d89fd56c58db4c76b0d794829713ac972aaf49401473d9c05707851a2a016
imphash 77fe7da1ce72f73589e2680057eda143
File size 368.0 KB ( 376832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (68.2%)
Win64 Executable (generic) (22.9%)
Win32 Executable (generic) (3.7%)
OS/2 Executable (generic) (1.6%)
Generic Win/DOS Executable (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-26 23:03:43 UTC ( 1 year, 3 months ago )
Last submission 2018-07-21 09:43:30 UTC ( 7 months ago )
File names SinatraCWM.exe
39f78bd62f53e3edbacb301eb71710efae09aa63
SinatraCWM
7cd23be0f257f0c7c820f18a06b00418.vir
1002-39f78bd62f53e3edbacb301eb71710efae09aa63
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!