× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 582d05c16e2dc232e37f34049e7fec7997c4587c483677fdbb2ee58276fcb83e
File name: Tipisal03
Detection ratio: 49 / 65
Analysis date: 2017-09-19 01:56:15 UTC ( 2 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5967329 20170919
AegisLab Uds.Dangerousobject.Multi!c 20170919
AhnLab-V3 Trojan/Win32.Injector.C2126299 20170918
ALYac Trojan.GenericKD.5967329 20170919
Antiy-AVL Trojan/Win32.TSGeneric 20170919
Arcabit Trojan.Generic.D5B0DE1 20170918
Avast Win32:Malware-gen 20170918
AVG Win32:Malware-gen 20170918
Avira (no cloud) TR/Dropper.VB.ijyuq 20170918
AVware Trojan.Win32.Generic!BT 20170919
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9988 20170918
BitDefender Trojan.GenericKD.5967329 20170919
CAT-QuickHeal Udsdangerousobject.Multi 20170918
ClamAV Win.Packer.VbPack-0-6334882-0 20170918
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170919
Cyren W32/Trojan.UGKZ-4589 20170918
DrWeb Trojan.PWS.Stealer.1932 20170918
Emsisoft Trojan.GenericKD.5967329 (B) 20170919
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Injector.DRNC 20170919
F-Secure Trojan.GenericKD.5967329 20170918
Fortinet W32/Injector.DQRQ!tr 20170919
GData Trojan.GenericKD.5967329 20170918
Ikarus Trojan.VB.Crypt 20170918
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 00516a161 ) 20170918
K7GW Trojan ( 00516a161 ) 20170918
Kaspersky Trojan-PSW.Win32.Fareit.dasd 20170918
Malwarebytes Spyware.Pony 20170919
MAX malware (ai score=100) 20170919
McAfee RDN/Generic PWS.y 20170918
McAfee-GW-Edition RDN/Generic PWS.y 20170919
Microsoft PWS:Win32/Fareit 20170918
eScan Trojan.GenericKD.5967329 20170919
NANO-Antivirus Trojan.Win32.Fareit.esrkez 20170919
Palo Alto Networks (Known Signatures) generic.ml 20170919
Panda Trj/GdSda.A 20170918
Rising Trojan.GenKryptik!8.AA55 (cloud:7dgANIafloS) 20170919
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/FareitVB-M 20170919
Symantec Downloader.Ponik 20170918
Tencent Win32.Trojan-qqpass.Qqrob.Edek 20170919
TrendMicro TSPY_VBFAREIT.SM1 20170919
TrendMicro-HouseCall TSPY_VBFAREIT.SM1 20170919
VIPRE Trojan.Win32.Generic!BT 20170919
ViRobot Trojan.Win32.Z.Injector.151552.UG 20170918
Zillya Trojan.Fareit.Win32.22526 20170916
ZoneAlarm by Check Point Trojan-PSW.Win32.Fareit.dasd 20170919
Alibaba 20170911
Avast-Mobile 20170829
CMC 20170918
Comodo 20170918
F-Prot 20170918
Jiangmin 20170918
Kingsoft 20170919
nProtect 20170919
Qihoo-360 20170919
SUPERAntiSpyware 20170919
Symantec Mobile Insight 20170917
TheHacker 20170916
TotalDefense 20170918
Trustlook 20170919
VBA32 20170918
Webroot 20170919
WhiteArmor 20170829
Yandex 20170908
Zoner 20170919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Photophone
Original name Tipisal03.exe
Internal name Tipisal03
File version 5.00.0003
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-10 22:48:02
Entry Point 0x0000126C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(546)
EVENT_SINK_Release
EVENT_SINK_QueryInterface
_allmul
__vbaR8Cy
Ord(527)
_adj_fprem
Ord(678)
_adj_fpatan
EVENT_SINK_AddRef
__vbaCyStr
_adj_fdiv_m32i
Ord(717)
Ord(702)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
_adj_fdivr_m64
__vbaFreeVar
__vbaObjSetAddref
__vbaPowerR8
_adj_fdiv_m64
Ord(542)
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(606)
_CIcos
_adj_fptan
_CItan
Ord(672)
Ord(613)
__vbaVarMove
_CIatan
__vbaNew2
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrR8
_adj_fprem1
_adj_fdivr_m32
__vbaVarDup
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
5.0

FileSubtype
0

FileVersionNumber
5.0.0.3

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x126c

OriginalFileName
Tipisal03.exe

MIMEType
application/octet-stream

FileVersion
5.00.0003

TimeStamp
2017:09:10 23:48:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Tipisal03

ProductVersion
5.00.0003

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
135168

ProductName
Photophone

ProductVersionNumber
5.0.0.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8e6ea4ae39406e385eae2306b620a81b
SHA1 509c6640912232300cd7b8a93eafad410575002b
SHA256 582d05c16e2dc232e37f34049e7fec7997c4587c483677fdbb2ee58276fcb83e
ssdeep
3072:HOQtivoeBnJVBqiHTrrRXJ4ixzUFiQ0hK9fLzpRLZ:qAuNqgrRXJ4hFiHhK

authentihash 6505c08065d5e29d07af7c3a0f44e2ed20e32e9486c6db47a40f31c38a492e1d
imphash 5c572fda06b0c02e127b28a9eb4ee2cd
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-11 04:43:38 UTC ( 2 months, 1 week ago )
Last submission 2017-09-11 22:46:15 UTC ( 2 months, 1 week ago )
File names Tipisal03.exe
Tipisal03
8e6ea4ae39406e385eae2306b620a81b
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications