× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5aff4bea2fd246126e8128f2870a4cc9687f3ffe9de209b828089ac342819514
Detection ratio: 33 / 65
Analysis date: 2018-05-01 16:07:46 UTC ( 9 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.188671 20180501
AegisLab Gen.Variant.Ursu!c 20180501
ALYac Gen:Variant.Ursu.188671 20180501
Arcabit Trojan.Ursu.D2E0FF 20180501
Avast FileRepMalware 20180501
AVG FileRepMalware 20180501
Avira (no cloud) TR/Dropper.VB.ezxzw 20180501
BitDefender Gen:Variant.Ursu.188671 20180501
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cyren W32/Trojan.RDJQ-6031 20180501
DrWeb Trojan.PWS.Stealer.1932 20180501
Emsisoft Gen:Variant.Ursu.188671 (B) 20180501
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Injector.DXQV 20180501
F-Secure Gen:Variant.Ursu.188671 20180501
Fortinet W32/GenKryptik.AWXD!tr 20180501
GData Win32.Trojan.Injector.NC 20180501
Ikarus Trojan.Win32.Injector 20180501
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 0052f3fd1 ) 20180501
K7GW Trojan ( 0052f3fd1 ) 20180501
Kaspersky Trojan-PSW.Win32.Fareit.dzia 20180501
Malwarebytes Trojan.MalPack 20180501
MAX malware (ai score=95) 20180501
McAfee GenericRXFE-DZ!CC00D156082B 20180501
McAfee-GW-Edition Artemis 20180425
eScan Gen:Variant.Ursu.188671 20180501
Panda Trj/CI.A 20180501
SentinelOne (Static ML) static engine - malicious 20180225
Symantec Trojan.Gen.2 20180501
TrendMicro-HouseCall TROJ_GEN.R002H09DT18 20180501
VIPRE Trojan.Win32.Generic!BT 20180501
ZoneAlarm by Check Point Trojan-PSW.Win32.Fareit.dzia 20180501
AhnLab-V3 20180501
Alibaba 20180428
Antiy-AVL 20180501
Avast-Mobile 20180501
AVware 20180428
Babable 20180406
Baidu 20180428
Bkav 20180426
CAT-QuickHeal 20180501
ClamAV 20180501
CMC 20180501
Comodo 20180501
Cybereason None
Cylance 20180501
eGambit 20180501
F-Prot 20180501
Jiangmin 20180501
Kingsoft 20180501
Microsoft 20180501
NANO-Antivirus 20180501
nProtect 20180501
Palo Alto Networks (Known Signatures) 20180501
Qihoo-360 20180501
Rising 20180501
Sophos AV 20180501
SUPERAntiSpyware 20180501
Symantec Mobile Insight 20180501
Tencent 20180501
TheHacker 20180430
Trustlook 20180501
VBA32 20180428
ViRobot 20180501
Webroot 20180501
Yandex 20180428
Zillya 20180430
Zoner 20180430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
GJSa 'COMPUTINg fORCES'

Product tia kosSE
Original name Pointing0.exe
Internal name Pointing0
File version 6.09
Comments heAVEN TOol SOFTWARE
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-28 08:26:09
Entry Point 0x00001278
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaInStrB
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(607)
_adj_fpatan
EVENT_SINK_AddRef
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaStrMove
__vbaVarAdd
_adj_fdiv_r
Ord(100)
__vbaFreeVar
__vbaVarTstNe
__vbaLateMemCallLd
__vbaObjSetAddref
_adj_fdiv_m64
Ord(542)
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
__vbaVarTstGt
__vbaVarIdiv
_CIcos
Ord(616)
_adj_fptan
Ord(685)
__vbaObjSet
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
Ord(608)
__vbaNew2
__vbaR8IntI4
__vbaLateIdCallLd
_adj_fdivr_m32i
_CIexp
__vbaInStrVar
_adj_fprem1
_adj_fdivr_m32
_CItan
Ord(609)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
16855040

SubsystemVersion
4.0

Comments
heAVEN TOol SOFTWARE

InitializedDataSize
16384

ImageVersion
6.9

FileSubtype
0

FileVersionNumber
6.9.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x1278

OriginalFileName
Pointing0.exe

MIMEType
application/octet-stream

LegalCopyright
GJSa 'COMPUTINg fORCES'

FileVersion
6.09

TimeStamp
2018:04:28 09:26:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Pointing0

ProductVersion
6.09

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

LegalTrademarks
epsON

ProductName
tia kosSE

ProductVersionNumber
6.9.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 cc00d156082b6364c8055d235fef40d2
SHA1 570980b6dd7f214dd574069c05977ebf2abff3ad
SHA256 5aff4bea2fd246126e8128f2870a4cc9687f3ffe9de209b828089ac342819514
ssdeep
12288:WTsNrav87Sb5L/9/5q00KmAAmYt1vHQ0Eg:WTsNev87SFLF5q2mAAxt1vHb

authentihash 806cc278be94945851140cf9b30abdfc76d46d3d5e7f3427d5b75620e5a8fd09
imphash 0ffc1fb508017d1c7c0b07e70e069e86
File size 16.1 MB ( 16871424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-29 21:47:55 UTC ( 9 months, 3 weeks ago )
Last submission 2018-05-01 16:07:46 UTC ( 9 months, 3 weeks ago )
File names ponew.exe
Pointing0
Pointing0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.