× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5fb71ad0bf8fb19ab50eb4f1705f331acf61f59a1ef2a2f0672dbcefa45b7a1d
File name: Dumped__.exe.vir
Detection ratio: 8 / 64
Analysis date: 2017-10-01 09:12:05 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170804
Cylance Unsafe 20171001
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Spy.KeyLogger.OZH 20171001
Sophos ML heuristic 20170914
Qihoo-360 HEUR/QVM05.1.33D8.Malware.Gen 20171001
Rising Malware.Heuristic!ET#99% (RDM+:cmRtazop0a8kof3SFFJDiG2WbJQs) 20171001
SentinelOne (Static ML) static engine - malicious 20170806
Ad-Aware 20171001
AegisLab 20171001
AhnLab-V3 20170930
Alibaba 20170911
ALYac 20171001
Antiy-AVL 20171001
Arcabit 20171001
Avast 20171001
Avast-Mobile 20170929
AVG 20171001
Avira (no cloud) 20170930
AVware 20171001
Baidu 20170930
BitDefender 20171001
CAT-QuickHeal 20170930
ClamAV 20171001
CMC 20170928
Comodo 20171001
Cyren 20171001
DrWeb 20171001
Emsisoft 20171001
F-Prot 20171001
F-Secure 20171001
Fortinet 20170929
GData 20171001
Ikarus 20171001
Jiangmin 20171001
K7AntiVirus 20170928
K7GW 20171001
Kaspersky 20171001
Kingsoft 20171001
Malwarebytes 20171001
MAX 20171001
McAfee 20171001
McAfee-GW-Edition 20171001
Microsoft 20171001
eScan 20171001
NANO-Antivirus 20171001
nProtect 20171001
Palo Alto Networks (Known Signatures) 20171001
Panda 20171001
Sophos AV 20171001
SUPERAntiSpyware 20171001
Symantec 20170930
Symantec Mobile Insight 20170928
Tencent 20171001
TheHacker 20170928
TotalDefense 20171001
TrendMicro 20171001
TrendMicro-HouseCall 20171001
Trustlook 20171001
VBA32 20170929
VIPRE 20171001
ViRobot 20171001
Webroot 20171001
WhiteArmor 20170927
Yandex 20170908
ZoneAlarm by Check Point 20171001
Zoner 20171001
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 9.6.0.1
Description Місrosoft User Interface Manager
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000640FC
Number of sections 8
PE sections
PE imports
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
WaitForSingleObject
GetLocalTime
DeleteCriticalSection
GetLocaleInfoA
LocalAlloc
SetErrorMode
GetTempPathA
GetCPInfo
InterlockedExchange
WriteFile
GetDiskFreeSpaceA
GetFullPathNameA
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
GetStringTypeExA
GlobalFindAtomA
ExitProcess
GetModuleFileNameA
EnumCalendarInfoA
GetVolumeInformationA
LoadLibraryExA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
CreateThread
GlobalAddAtomA
MulDiv
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetEvent
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
GetDateFormatA
DeleteFileA
GlobalLock
GlobalReAlloc
FindFirstFileA
lstrcpyA
CompareStringA
GetProcAddress
CreateEventA
TlsSetValue
CreateFileA
InterlockedIncrement
GetLastError
GlobalDeleteAtom
GetSystemInfo
lstrlenA
GlobalFree
GetThreadLocale
GlobalUnlock
VirtualQuery
GetShortPathNameA
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
GetCommandLineA
RaiseException
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
FreeResource
VirtualFree
Sleep
FindResourceA
VirtualAlloc
ResetEvent
RegOpenKeyExA
GetUserNameA
RegQueryValueExA
RegCloseKey
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_Read
ImageList_GetDragImage
ImageList_Create
ImageList_DragMove
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_DragShowNolock
ImageList_Remove
ImageList_EndDrag
GetDIBColorTable
GetWindowOrgEx
PatBlt
GetClipBox
GetCurrentPositionEx
SaveDC
CreateFontIndirectA
GetTextMetricsA
MaskBlt
SetStretchBltMode
GetPixel
GetObjectA
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
SetBkMode
GetSystemPaletteEntries
SetPixel
CreateSolidBrush
IntersectClipRect
CreateHalftonePalette
CreateDIBSection
RealizePalette
SetTextColor
GetDeviceCaps
MoveToEx
BitBlt
CreateBitmap
RectVisible
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
UnrealizeObject
GetDIBits
SetBrushOrgEx
GetDCOrgEx
GetBrushOrgEx
StretchBlt
GetBitmapBits
CreateCompatibleDC
SetROP2
SelectObject
GetTextExtentPoint32A
GetPaletteEntries
SetDIBColorTable
CreateBrushIndirect
SetWindowOrgEx
SetBkColor
DeleteObject
CreateCompatibleBitmap
CreatePenIndirect
CoUninitialize
CoCreateInstance
CoInitialize
VariantChangeType
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
VariantCopy
GetErrorInfo
SysFreeString
VariantInit
SHGetSpecialFolderPathA
RedrawWindow
GetForegroundWindow
EnableScrollBar
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
DrawIcon
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
CharLowerBuffA
SetScrollPos
CallNextHookEx
GetKeyboardState
ClientToScreen
GetTopWindow
ShowCursor
ScrollWindow
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
SetClassLongA
GetPropA
GetDesktopWindow
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
GetClipboardData
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
InsertMenuItemA
CreatePopupMenu
GetIconInfo
LoadStringA
SetParent
CharLowerA
IsZoomed
GetWindowPlacement
GetKeyboardLayoutList
DrawMenuBar
IsIconic
RegisterClassA
GetMenuItemCount
GetWindowLongA
SetTimer
OemToCharA
GetActiveWindow
ShowOwnedPopups
FillRect
EnumThreadWindows
CharNextA
GetSysColorBrush
CreateMenu
DestroyWindow
IsChild
IsDialogMessageA
SetFocus
MapVirtualKeyA
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
MapWindowPoints
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
GetScrollRange
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
CreateWindowExA
ScreenToClient
InsertMenuA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
GetMenuState
GetKeyboardLayout
GetSystemMenu
GetDC
SetForegroundWindow
OpenClipboard
DrawTextA
IntersectRect
GetScrollInfo
GetCapture
WaitMessage
FindWindowA
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
CallWindowProcA
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
GetMenuItemInfoA
SystemParametersInfoA
DestroyIcon
GetKeyNameTextA
IsWindowVisible
CharToOemA
GetDCEx
WinHelpA
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
CreateIcon
IsRectEmpty
GetCursor
GetFocus
CloseClipboard
GetKeyboardType
SetMenu
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetGetConnectedState
Number of PE resources by type
RT_STRING 16
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_DIALOG 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 45
UKRAINIAN DEFAULT 2
PORTUGUESE BRAZILIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
9.6.0.1

LanguageCode
Portuguese (Brazilian)

FileFlagsMask
0x003f

FileDescription
rosoft User Interface Manager

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
67072

EntryPoint
0x640fc

MIMEType
application/octet-stream

FileVersion
9.6.0.1

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
rosoft

CodeSize
406016

FileSubtype
0

ProductVersionNumber
9.6.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b51c34274913bee351938b733f16c4b0
SHA1 8bbaebe7558132407c74d063d5313845adca036c
SHA256 5fb71ad0bf8fb19ab50eb4f1705f331acf61f59a1ef2a2f0672dbcefa45b7a1d
ssdeep
6144:BdkBi4hZjka03cWlhV8t8OiLjMYDYK0Sy9ZdlfDAaogZ/zqY/LR33gXVl:MBiyZOcxt85USW9V/zqY/F33gXz

authentihash 3b93cd18d04e7d6ca8274869011b06d4a086b09dac86183e02508769fce92284
imphash 56095336333ab34f1717a1a5c44c18b0
File size 463.0 KB ( 474112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 7 (93.4%)
Win32 Executable Delphi generic (1.9%)
Windows screen saver (1.8%)
Win32 Dynamic Link Library (generic) (0.9%)
Win32 Executable (generic) (0.6%)
Tags
bobsoft peexe

VirusTotal metadata
First submission 2017-10-01 09:12:05 UTC ( 1 year, 7 months ago )
Last submission 2018-10-24 15:15:06 UTC ( 6 months, 3 weeks ago )
File names Dumped__.exe
b51c34274913bee351938b733f16c4b0.vir
b51c34274913bee351938b733f16c4b0.vir
b51c34274913bee351938b733f16c4b0.vir
b51c34274913bee351938b733f16c4b0.virobj
Dumped__.exe.vir
messages.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests
UDP communications