× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5eb674601bdc901df84be3d9e10f61d0cd7c476dda813735e6f6f32d00e15b4c
File name: batthyper.exe
Detection ratio: 18 / 66
Analysis date: 2018-05-24 22:18:46 UTC ( 9 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180524
AVG FileRepMalware 20180524
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180524
BitDefender Trojan.GenericKDZ.44200 20180524
Cylance Unsafe 20180524
Emsisoft Trojan.GenericKDZ.44200 (B) 20180524
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GHBV 20180524
Fortinet W32/GenKryptik.BTIX!tr 20180524
Sophos ML heuristic 20180503
Malwarebytes Spyware.PasswordStealer 20180524
MAX malware (ai score=85) 20180524
Microsoft Trojan:Win32/Fuerboos.A!cl 20180524
eScan Trojan.GenericKDZ.44200 20180524
Qihoo-360 HEUR/QVM20.1.62B1.Malware.Gen 20180524
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANX 20180524
Symantec ML.Attribute.HighConfidence 20180524
Ad-Aware 20180524
AegisLab 20180524
AhnLab-V3 20180524
Alibaba 20180524
ALYac 20180524
Antiy-AVL 20180524
Arcabit 20180524
Avast-Mobile 20180524
Avira (no cloud) 20180524
AVware 20180524
Babable 20180406
Bkav 20180524
CAT-QuickHeal 20180524
ClamAV 20180521
CMC 20180524
Comodo 20180524
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cyren 20180524
DrWeb 20180524
eGambit 20180524
F-Prot 20180524
F-Secure 20180524
GData 20180524
Ikarus 20180524
Jiangmin 20180524
K7AntiVirus 20180524
K7GW 20180524
Kaspersky 20180524
Kingsoft 20180524
McAfee 20180524
McAfee-GW-Edition 20180524
NANO-Antivirus 20180524
nProtect 20180524
Palo Alto Networks (Known Signatures) 20180524
Panda 20180524
Rising 20180524
SUPERAntiSpyware 20180524
Symantec Mobile Insight 20180522
Tencent 20180524
TheHacker 20180524
TotalDefense 20180524
TrendMicro 20180524
TrendMicro-HouseCall 20180524
Trustlook 20180524
VBA32 20180524
VIPRE 20180524
ViRobot 20180524
Webroot 20180524
Yandex 20180524
Zillya 20180524
ZoneAlarm by Check Point 20180524
Zoner 20180524
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2028-12-25 04:27:37
Entry Point 0x00001EA5
Number of sections 4
PE sections
PE imports
GetUserNameA
CertOpenSystemStoreA
CertGetCertificateChain
CreateWaitableTimerW
GetNumberFormatA
LocalHandle
FlsGetValue
GetComputerNameExW
FindVolumeMountPointClose
FlsFree
FindFirstVolumeW
LZSeek
VarUI4FromUI8
SetActivePwrScheme
SetupDiGetDeviceInstanceIdW
StrCpyNW
SHSetValueW
SHCopyKeyW
GetAncestor
waveOutGetErrorTextW
GetPrinterDataExW
WintrustRemoveActionID
SCardForgetCardTypeW
SCardDisconnect
STGMEDIUM_UserMarshal
OleConvertOLESTREAMToIStorage
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.164

ImageVersion
0.0

FileVersionNumber
1.0.124.0

LanguageCode
Japanese

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
188416

EntryPoint
0x1ea5

MIMEType
application/octet-stream

TimeStamp
2028:12:25 05:27:37+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
25 4 3

CodeSize
0

FileSubtype
0

ProductVersionNumber
24.0.55.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 18853e0a6838f6edcc3bf5103dd940bb
SHA1 87eaab3c819bbf488ccde9ad32d0672325bcac83
SHA256 5eb674601bdc901df84be3d9e10f61d0cd7c476dda813735e6f6f32d00e15b4c
ssdeep
1536:TwdeOUbTpbJpGVjGdDfiHyZaL8X15G6rrVHqIlVQAm94XMTFC5EU:m70FNpGI1fDZg8Fg6Xpznm9XTFCCU

authentihash 02bdbc3c7f0ed627cc5725bd871ee6c05cbfb2307d4169f990ab16035ee14e93
imphash 8d22dc5bc23257ef29b33b8e8842073c
File size 200.0 KB ( 204800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-24 22:18:46 UTC ( 9 months ago )
Last submission 2018-05-24 22:18:46 UTC ( 9 months ago )
File names batthyper.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!