× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5be9afd7b807192be21cfbf655bcd4c774a216c890d426cdffa9cc1229f2ee72
File name: 04830b47379b71128be74883398f214c
Detection ratio: 58 / 67
Analysis date: 2018-08-10 17:25:41 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware Win32.Parite.B 20180810
AhnLab-V3 Win32/Parite 20180810
ALYac Win32.Parite.B 20180810
Antiy-AVL Virus/Win32.Parite.c 20180810
Arcabit Win32.Parite.B 20180810
Avast Win32:Parite 20180810
AVG Win32:Parite 20180810
Avira (no cloud) W32/Parite 20180810
AVware Win32.Parite.b (v) 20180810
Baidu Win32.Virus.Parite.d 20180810
BitDefender Win32.Parite.B 20180810
Bkav W32.Pinfi.B 20180810
CAT-QuickHeal W32.Perite.A 20180810
ClamAV Heuristics.W32.Parite.B 20180810
CMC Virus.Win32.Parite.b!O 20180810
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180810
Cyren W32/Parite.LAQX-0866 20180810
DrWeb Win32.Parite.2 20180810
Emsisoft Win32.Parite.B (B) 20180810
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Parite.B 20180810
F-Prot W32/Parite.B@mm 20180810
F-Secure Win32.Parite.B 20180810
Fortinet W32/Parite.B 20180810
GData Win32.Parite.B 20180810
Ikarus Virus.Win32.Parite 20180810
Sophos ML heuristic 20180717
Jiangmin Win32/Parite.b 20180810
K7AntiVirus Virus ( 00001b711 ) 20180810
K7GW Virus ( 00001b711 ) 20180810
Kaspersky Virus.Win32.Parite.b 20180810
Kingsoft Win32.Parite.b.5756 20180810
MAX malware (ai score=86) 20180810
McAfee W32/Pate.b 20180810
McAfee-GW-Edition BehavesLike.Win32.Pate.dc 20180810
Microsoft Virus:Win32/Parite.B 20180810
eScan Win32.Parite.B 20180810
NANO-Antivirus Virus.Win32.Parite.bgvo 20180810
Panda W32/Parite.B 20180810
Qihoo-360 Virus.Win32.Parite.H 20180810
Rising Malware.Heuristic!ET#91% (RDM+:cmRtazokjlsAoTY54S2mJevPz2W2) 20180810
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV W32/Parite-B 20180810
Symantec W32.Pinfi.B 20180810
TACHYON Virus/W32.Parite.C 20180810
Tencent Virus.Win32.Dropper.c 20180810
TheHacker W32/Pate.B 20180807
TotalDefense Win32/Pinfi.A 20180810
TrendMicro PE_PARITE.A 20180810
TrendMicro-HouseCall PE_PARITE.A 20180810
VBA32 Virus.Win32.Parite.b 20180810
VIPRE Win32.Parite.b (v) 20180810
ViRobot Win32.Parite.A 20180810
Yandex Win32.Parite.B 20180810
Zillya Virus.Parite.Win32.9 20180810
ZoneAlarm by Check Point Virus.Win32.Parite.b 20180810
Zoner Win32.Parite.B 20180810
AegisLab 20180810
Alibaba 20180713
Avast-Mobile 20180810
Babable 20180725
Comodo 20180810
eGambit 20180810
Malwarebytes 20180810
Palo Alto Networks (Known Signatures) 20180810
SUPERAntiSpyware 20180810
Symantec Mobile Insight 20180809
Trustlook 20180810
Webroot 20180810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-10 07:16:17
Entry Point 0x00013000
Number of sections 5
PE sections
Overlays
MD5 7442aa1329395fbae21783c29789c018
File type data
Offset 81920
Size 173534
Entropy 7.95
PE imports
HeapSize
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
LockResource
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
SetStdHandle
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
LeaveCriticalSection
SetFilePointer
WriteFile
WriteConsoleW
GetCPInfo
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
FindResourceExW
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
HeapDestroy
TerminateProcess
GetEnvironmentStrings
LCMapStringA
WriteConsoleA
IsValidCodePage
LoadResource
FindResourceW
CreateProcessW
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
VirtualFree
VirtualAlloc
HeapCreate
SetLastError
InterlockedIncrement
CommandLineToArgvW
PathFileExistsW
SHGetValueW
UnregisterClassA
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2014:11:10 08:16:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
20480

SubsystemVersion
4.0

EntryPoint
0x13000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 04830b47379b71128be74883398f214c
SHA1 bf2350e726f6b5b49e93818ba829e564725521d0
SHA256 5be9afd7b807192be21cfbf655bcd4c774a216c890d426cdffa9cc1229f2ee72
ssdeep
3072:FIcb5LqK0tGtbqfRXLLhQ3cSYbsKZCqNnAStAJCg6jMxd0Bd+6DKvGFmm25oBfRF:FnbCNXhilAsQGYjM4DdFmmQ4RxXxNcS

authentihash dfa50e999dc4a7ec52d8b80fb59b70344d51574196cb2d8a11e9a9ef64603371
imphash 4038d0b01e8c567f6b1698fc0ab710eb
File size 249.5 KB ( 255454 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-08-10 17:25:41 UTC ( 1 month, 2 weeks ago )
Last submission 2018-08-10 17:25:41 UTC ( 1 month, 2 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.