× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57d9193eca643945221e664325f43b82481454853abcae92e0b7d76f6b585aeb
File name: AE89.tmp
Detection ratio: 10 / 56
Analysis date: 2016-10-15 15:34:06 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Gen.lGkf 20161015
Avast Win32:Malware-gen 20161015
AVG Generic_s.KJE 20161015
Avira (no cloud) TR/Crypt.Xpack.gymic 20161015
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9880 20161015
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Sophos ML trojan.win32.emotet.g 20160928
Malwarebytes Spyware.Boaxxe 20161015
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20161015
Rising Malware.Obscure/Heur!1.9E03 (classic) 20161015
Ad-Aware 20161015
AhnLab-V3 20161015
Alibaba 20161014
ALYac 20161015
Antiy-AVL 20161015
Arcabit 20161015
AVware 20161015
BitDefender 20161015
Bkav 20161015
CAT-QuickHeal 20161015
ClamAV 20161015
CMC 20161015
Comodo 20161015
Cyren 20161015
DrWeb 20161015
Emsisoft 20161015
ESET-NOD32 20161015
F-Prot 20161015
F-Secure 20161015
Fortinet 20161015
GData 20161015
Ikarus 20161015
Jiangmin 20161015
K7AntiVirus 20161015
K7GW 20161015
Kaspersky 20161015
Kingsoft 20161015
McAfee 20161015
McAfee-GW-Edition 20161015
Microsoft 20161015
eScan 20161015
NANO-Antivirus 20161015
nProtect 20161015
Panda 20161015
Sophos AV 20161015
SUPERAntiSpyware 20161015
Symantec 20161015
Tencent 20161015
TheHacker 20161014
TrendMicro 20161015
TrendMicro-HouseCall 20161015
VBA32 20161014
VIPRE 20161015
ViRobot 20161015
Yandex 20161014
Zillya 20161013
Zoner 20161015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ? 2016

Product hatt
Original name hattl.exe
Internal name hatt
File version 1, 0, 0, 1
Description hatt
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-11 17:58:17
Entry Point 0x000069EA
Number of sections 4
PE sections
PE imports
TranslateCharsetInfo
MoveToEx
FreeEnvironmentStringsA
GetStartupInfoA
CreateFileA
GetTimeZoneInformation
GetModuleHandleA
SetFilePointer
DeleteFileA
FindFirstFileW
UnhandledExceptionFilter
VirtualProtect
GetCurrentThreadId
VirtualAlloc
GetModuleFileNameA
SetEnvironmentVariableA
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(3597)
Ord(939)
Ord(3136)
Ord(6375)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(5953)
Ord(2446)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(3092)
Ord(4441)
Ord(1134)
Ord(941)
Ord(4465)
Ord(5300)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(800)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(3147)
Ord(2124)
Ord(3262)
Ord(1576)
Ord(4353)
Ord(5065)
Ord(4407)
Ord(3097)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(1247)
Ord(4376)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
_except_handler3
__p__fmode
__CxxFrameHandler
_acmdln
_exit
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
ToUnicodeEx
MapDialogRect
GetSystemMetrics
SendMessageA
GetQueueStatus
SetWindowTextW
DrawIcon
GetWindowTextW
FindWindowW
GetCapture
GetClientRect
EnableWindow
FindWindowA
IsIconic
DeleteMenu
htons
htonl
Number of PE resources by type
RT_ICON 12
RT_DIALOG 2
RT_GROUP_ICON 2
NMKEFG 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 10
NEUTRAL 6
GERMAN AUSTRIAN 1
SPANISH MEXICAN 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Swedish

FileFlagsMask
0x003f

CharacterSet
Windows, Turkish

InitializedDataSize
376832

EntryPoint
0x69ea

OriginalFileName
hattl.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright ? 2016

FileVersion
1, 0, 0, 1

TimeStamp
2016:10:11 18:58:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
hatt

ProductVersion
1, 0, 0, 1

FileDescription
hatt

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
24576

ProductName
hatt

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 88757d0996674a3ef01b799e46364074
SHA1 579dc4deecd689bcef5d9d176c476852ec108ee9
SHA256 57d9193eca643945221e664325f43b82481454853abcae92e0b7d76f6b585aeb
ssdeep
6144:omu6FNcUo630BsHqPtHw+B2aQI05pNDd1n3Ra1wdDCQm9AZY8MhEUAAAAAAAAGZ:ot6HNaTVB9QVFZNCBmZUu

authentihash 28fa89330cd1f50d4bca7854399ec676e47ddb69173c285f9fadf48814e97a00
imphash 7361a7832ea0da732154ad195b2b1089
File size 396.0 KB ( 405504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-10-15 15:34:06 UTC ( 2 years, 5 months ago )
Last submission 2016-10-15 15:34:06 UTC ( 2 years, 5 months ago )
File names hattl.exe
hatt
AE89.tmp
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1016.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications