× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5798c6d61bed2daa40317db932409270d84ee2f469afe23d2ea8c2632c170b7a
File name: standard terms and conditions.exe
Detection ratio: 48 / 67
Analysis date: 2017-10-14 01:41:22 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6075957 20171013
AegisLab Uds.Dangerousobject.Multi!c 20171014
ALYac Trojan.GenericKD.6075957 20171013
Arcabit Trojan.Generic.D5CB635 20171014
Avast Win32:Malware-gen 20171014
AVG Win32:Malware-gen 20171014
Avira (no cloud) TR/Dropper.VB.kykqm 20171014
AVware Trojan.Win32.Generic!BT 20171014
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20171013
BitDefender Trojan.GenericKD.6075957 20171014
CAT-QuickHeal Udsdangerousobject.Multi 20171013
ClamAV Win.Packer.VbPack-0-6334882-0 20171014
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20171014
Cyren W32/Trojan.LIJV-6743 20171014
DrWeb Trojan.PWS.Stealer.1932 20171013
eGambit malicious_confidence_96% 20171014
Emsisoft Trojan.GenericKD.6075957 (B) 20171014
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Injector.DSJJ 20171013
F-Secure Trojan.GenericKD.6075957 20171013
Fortinet W32/GenKryptik.ARJR!tr 20171013
GData Trojan.GenericKD.6075957 20171013
Ikarus Trojan.VB.Crypt 20171013
Sophos ML heuristic 20170914
Jiangmin Trojan.PSW.Fareit.odl 20171013
K7AntiVirus Trojan ( 00518a301 ) 20171013
K7GW Trojan ( 00518a301 ) 20171013
Kaspersky Trojan-PSW.Win32.Fareit.dbzy 20171014
Malwarebytes Spyware.Pony 20171014
MAX malware (ai score=100) 20171014
McAfee RDN/Generic PWS.y 20171013
McAfee-GW-Edition BehavesLike.Win32.Fareit.fz 20171013
Microsoft PWS:Win32/Fareit 20171013
eScan Trojan.GenericKD.6075957 20171013
Palo Alto Networks (Known Signatures) generic.ml 20171014
Panda Trj/GdSda.A 20171013
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/FareitVB-M 20171013
Symantec Trojan.Gen.2 20171013
Tencent Win32.Trojan-qqpass.Qqrob.Paly 20171014
TrendMicro TSPY_HPZBOT.SM2 20171013
TrendMicro-HouseCall TSPY_VBFAREIT.SM1 20171013
VBA32 TrojanPSW.Fareit 20171013
VIPRE Trojan.Win32.Generic!BT 20171013
Webroot W32.Trojan.Gen 20171014
Zillya Trojan.GenKryptik.Win32.11308 20171013
ZoneAlarm by Check Point Trojan-PSW.Win32.Fareit.dbzy 20171014
AhnLab-V3 20171013
Alibaba 20170911
Antiy-AVL 20171014
Avast-Mobile 20171013
Bkav 20171013
CMC 20171013
Comodo 20171013
F-Prot 20171014
Kingsoft 20171014
NANO-Antivirus 20171013
nProtect 20171014
Qihoo-360 20171014
Rising 20171013
SUPERAntiSpyware 20171014
Symantec Mobile Insight 20171011
TheHacker 20171013
TotalDefense 20171013
Trustlook 20171014
ViRobot 20171014
WhiteArmor 20170927
Yandex 20171013
Zoner 20171014
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Befrir5
Original name Tipisal07.exe
Internal name Tipisal07
File version 3.00.0005
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-05 07:33:24
Entry Point 0x0000121C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(546)
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaI4Cy
_adj_fdivr_m64
_adj_fprem
Ord(678)
_adj_fpatan
EVENT_SINK_AddRef
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaFreeVar
__vbaCyErrVar
_adj_fprem1
_adj_fdiv_m64
Ord(542)
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
_allmul
_CIcos
_adj_fptan
Ord(613)
__vbaVarMove
_CIatan
Ord(540)
__vbaNew2
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
Ord(588)
_adj_fdivr_m32
Ord(543)
_CItan
Ord(609)
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
JAPANESE DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
3.0

FileSubtype
0

FileVersionNumber
3.0.0.5

LanguageCode
Japanese

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x121c

OriginalFileName
Tipisal07.exe

MIMEType
application/octet-stream

FileVersion
3.00.0005

TimeStamp
2017:10:05 08:33:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Tipisal07

ProductVersion
3.00.0005

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
319488

ProductName
Befrir5

ProductVersionNumber
3.0.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 407e1faac75a19d4c36d872d5229e1fe
SHA1 87fae0ececc65410829b4e87ed3ad36cfb0ab217
SHA256 5798c6d61bed2daa40317db932409270d84ee2f469afe23d2ea8c2632c170b7a
ssdeep
3072:bfS0iHRk7BxBpzpG/6wQEsu26s+uVEcsLWGIrQUGyy6Llky6L:bfSduBpdG/6dRGIsU

authentihash 1e3c19aa0fb34a0427a4440788246c3a6c54e5dc36c83713fd401ff765c40ca0
imphash c44cdf005a35234d80bc56272416e849
File size 336.0 KB ( 344064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-05 08:32:14 UTC ( 1 month, 2 weeks ago )
Last submission 2017-10-12 06:00:52 UTC ( 1 month, 1 week ago )
File names standard terms and conditions.exe
Tipisal07.exe
Tipisal07
RFQ scope of requirements.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications