× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 59a53f7ceaf214945e0b00e74ed4ff8dbb6ebc76e49562ac4dace8094f84d377
File name: zbetcheckin_tracker_DC_7.exe
Detection ratio: 16 / 70
Analysis date: 2019-02-10 11:41:19 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190208
AhnLab-V3 Trojan/Win32.Generic.C2999873 20190210
Avast Win32:Evo-gen [Susp] 20190210
AVG Win32:Evo-gen [Susp] 20190210
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181023
Cybereason malicious.5069fa 20190109
Cylance Unsafe 20190210
DrWeb Trojan.DownLoader25.11684 20190210
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.EDLK 20190210
Sophos ML heuristic 20181128
Kaspersky HEUR:Backdoor.Win32.Remcos.gen 20190210
Microsoft Trojan:Win32/Fuerboos.A!cl 20190210
Rising Trojan.Injector!8.C4 (TFE:5:2E0QgPAfCcB) 20190210
Trapmine malicious.high.ml.score 20190123
ZoneAlarm by Check Point HEUR:Backdoor.Win32.Remcos.gen 20190210
Ad-Aware 20190210
AegisLab 20190210
Alibaba 20180921
ALYac 20190210
Antiy-AVL 20190210
Arcabit 20190210
Avast-Mobile 20190209
Avira (no cloud) 20190210
Babable 20180918
Baidu 20190202
BitDefender 20190210
Bkav 20190201
CAT-QuickHeal 20190210
ClamAV 20190209
CMC 20190210
Comodo 20190210
Cyren 20190210
eGambit 20190210
Emsisoft 20190210
F-Prot 20190210
F-Secure 20190210
Fortinet 20190210
GData 20190210
Ikarus 20190210
Jiangmin 20190210
K7AntiVirus 20190210
K7GW 20190210
Kingsoft 20190210
Malwarebytes 20190210
MAX 20190210
McAfee 20190210
McAfee-GW-Edition 20190210
eScan 20190210
NANO-Antivirus 20190210
Palo Alto Networks (Known Signatures) 20190210
Panda 20190210
Qihoo-360 20190210
SentinelOne (Static ML) 20190203
Sophos AV 20190210
SUPERAntiSpyware 20190206
Symantec 20190209
Symantec Mobile Insight 20190207
TACHYON 20190210
Tencent 20190210
TheHacker 20190203
TotalDefense 20190206
TrendMicro 20190210
TrendMicro-HouseCall 20190210
Trustlook 20190210
VBA32 20190208
ViRobot 20190209
Webroot 20190210
Yandex 20190208
Zillya 20190208
Zoner 20190210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Original name graphstudionext.exe
Internal name graphstudionext.exe
File version 0.5.0.1
Description GraphStudioNext
Packers identified
F-PROT PE_Patch, Aspack
PEiD ASProtect v1.23 RC1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00001000
Number of sections 10
PE sections
PE imports
RegSetValueExA
RegQueryValueExA
ImageList_SetIconSize
ChooseColorA
UnrealizeObject
GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
SysFreeString
SafeArrayPtrOfIndex
VariantChangeTypeEx
ShellExecuteA
SHGetFolderPathA
CreateWindowExA
GetKeyboardType
VerQueryValueA
Number of PE resources by type
RT_STRING 16
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 5
RT_ICON 2
RT_GROUP_ICON 2
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 48
DUTCH BELGIAN 2
ENGLISH NEUTRAL 1
ARABIC EGYPT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
0.5.0.1

LanguageCode
Unknown (0009)

FileFlagsMask
0x003f

FileDescription
GraphStudioNext

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
1335296

EntryPoint
0x1000

OriginalFileName
graphstudionext.exe

MIMEType
application/octet-stream

FileVersion
0.5.0.1

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
graphstudionext.exe

ProductVersion
0.5.0.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
517632

FileSubtype
0

ProductVersionNumber
0.5.0.1

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 92eb80ac0eff8d487f60ba22ef4e0129
SHA1 83a08825069fae99d87ede82d11fec0804c7de14
SHA256 59a53f7ceaf214945e0b00e74ed4ff8dbb6ebc76e49562ac4dace8094f84d377
ssdeep
24576:C1fcXtlos4jngM6X9L+BANoxE4oXZCT2Bm3cjUK0yGtVWW80FO62m:C1fcdSsonF2yWNoxLYCToWcYu176O62m

authentihash d76a584ed1cce14bedf7a705c3d3f78d77593a6480dc064b0c3436c0bfca9e9e
imphash cc82cadb9cd53fbc1eaa80e1f1651844
File size 1.2 MB ( 1277952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe asprotect aspack

VirusTotal metadata
First submission 2019-02-10 11:41:19 UTC ( 1 month ago )
Last submission 2019-02-11 00:36:17 UTC ( 1 month ago )
File names graphstudionext.exe
59a53f7ceaf214945e0b00e74ed4ff8dbb6ebc76e49562ac4dace8094f84d377.exe
zbetcheckin_tracker_DC_7.exe
DC_7.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Deleted files
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.