× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60ddf98c201ae3e8df605b99881ad0270d79ee711bf3e7c331ad61b3082bcae8
File name: 60ddf98c201ae3e8df605b99881ad0270d79ee711bf3e7c331ad61b3082bcae8
Detection ratio: 33 / 67
Analysis date: 2018-10-28 19:46:07 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40653224 20181028
AhnLab-V3 Malware/Win32.Generic.C2773214 20181028
Alibaba PUA:Win32/GenKryptik.ed5d02bc 20180921
Antiy-AVL Trojan/Win32.Yakes 20181028
Arcabit Trojan.Generic.D26C51A8 20181028
Avast Win32:Malware-gen 20181028
AVG Win32:Malware-gen 20181028
BitDefender Trojan.GenericKD.40653224 20181028
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181028
Emsisoft Trojan.GenericKD.40653224 (B) 20181028
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.COTZ 20181028
F-Secure Trojan.GenericKD.40653224 20181028
Fortinet W32/Generic.AP.2184E6!tr 20181028
GData Trojan.GenericKD.40653224 20181028
Ikarus Trojan.Win32.Krypt 20181028
Sophos ML heuristic 20180717
Jiangmin Trojan.Yakes.abla 20181028
Malwarebytes Trojan.IcedID 20181028
MAX malware (ai score=100) 20181028
McAfee RDN/Generic.grp 20181028
McAfee-GW-Edition BehavesLike.Win32.Expiro.jh 20181028
Microsoft Trojan:Win32/Occamy.C 20181028
eScan Trojan.GenericKD.40653224 20181028
NANO-Antivirus Trojan.Win32.Yakes.fjkgvn 20181028
Palo Alto Networks (Known Signatures) generic.ml 20181028
Qihoo-360 Win32/Trojan.Downloader.7cc 20181028
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20181028
Sophos AV Mal/Generic-S 20181028
Symantec Trojan.Gen.2 20181028
VBA32 Trojan.Yakes 20181026
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181028
AegisLab 20181028
ALYac 20181028
Avast-Mobile 20181028
Avira (no cloud) 20181028
Babable 20180918
Baidu 20181026
Bkav 20181025
CAT-QuickHeal 20181028
ClamAV 20181028
CMC 20181028
Comodo 20181028
Cybereason 20180225
Cyren 20181028
DrWeb 20181028
eGambit 20181028
F-Prot 20181028
K7AntiVirus 20181028
K7GW 20181025
Kaspersky 20181028
Kingsoft 20181028
Panda 20181028
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181026
TACHYON 20181028
Tencent 20181028
TheHacker 20181025
TotalDefense 20181028
TrendMicro 20181028
TrendMicro-HouseCall 20181028
ViRobot 20181028
Webroot 20181028
Yandex 20181026
Zillya 20181028
Zoner 20181027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Google Ventures ©. All rights reserved.

Product Stern
Original name Stern
Internal name Stern
File version 3.4.64.6
Description Randy Hack
Comments Randy Hack
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-17 19:21:49
Entry Point 0x0000E580
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorDacl
CryptReleaseContext
CryptAcquireContextA
SetSecurityDescriptorGroup
CryptGenRandom
CryptGenKey
AVIStreamOpenFromFileA
AVIFileInit
AVIMakeCompressedStream
AVIStreamSetFormat
AVIFileExit
AVIStreamInfoA
ImageList_Create
GetDeviceCaps
GetObjectA
TextOutA
ExtTextOutW
SelectObject
CreateFontA
GetTextMetricsA
SetViewportOrgEx
SelectPalette
CreateFontIndirectA
AddFontResourceExW
CreateSolidBrush
CombineRgn
SetBkColor
SelectClipRgn
CreateCompatibleDC
DeleteObject
RealizePalette
SetTextColor
GetStdHandle
CancelIoEx
WaitForSingleObject
HeapDestroy
EncodePointer
GetCommandLineW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
OutputDebugStringW
TlsGetValue
EnumDateFormatsA
OutputDebugStringA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
SetFilePointer
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetDateFormatA
GetStartupInfoW
GetUserDefaultLCID
SetFileInformationByHandle
VirtualProtectEx
HeapValidate
FreeConsole
IsValidLocale
GetProcAddress
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GetCurrentProcessId
GetCompressedFileSizeW
HeapQueryInformation
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
WriteFile
Sleep
IsBadReadPtr
VirtualAlloc
NetWkstaUserGetInfo
SysFreeString
OleTranslateColor
SysAllocStringLen
UuidToStringA
UuidCreate
CommandLineToArgvW
PathFileExistsW
PathIsDirectoryW
SendNotifyMessageA
GetParent
UpdateWindow
AttachThreadInput
BeginPaint
OffsetRect
SetScrollRange
ScrollWindowEx
AppendMenuW
SetCaretBlinkTime
GetSysColor
SetActiveWindow
GetDC
CreateDialogParamW
ReleaseDC
GetMenu
EndMenu
SendMessageA
SetScrollPos
FrameRect
CreateWindowExA
LoadCursorA
IsDlgButtonChecked
GetSysColorBrush
GetDialogBaseUnits
DestroyWindow
mmioStringToFOURCCA
mmioDescend
mmioOpenA
mmioClose
EnumerateLoadedModules
GdiplusShutdown
PdhBrowseCountersA
Number of PE resources by type
RT_STRING 15
RT_DIALOG 5
RT_ICON 4
RT_BITMAP 3
RCDATA 2
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 33
PE resources
Debug information
ExifTool file metadata
CodeSize
328704

SubsystemVersion
5.1

Comments
Randy Hack

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.4.64.6

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Randy Hack

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
299008

PrivateBuild
3.4.64.6

EntryPoint
0xe580

OriginalFileName
Stern

MIMEType
application/octet-stream

LegalCopyright
Google Ventures . All rights reserved.

FileVersion
3.4.64.6

TimeStamp
2018:10:17 20:21:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Stern

ProductVersion
3.4.64.6

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Google Ventures

LegalTrademarks
Google Ventures . All rights reserved.

ProductName
Stern

ProductVersionNumber
3.4.64.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 527c4dbdbf801be1f723430f26d7ac3e
SHA1 aac67eea0da39c5173c6dfde81a9a285abe8b27d
SHA256 60ddf98c201ae3e8df605b99881ad0270d79ee711bf3e7c331ad61b3082bcae8
ssdeep
12288:pgetbkhQUf0C7/BhL/3H/4MfubQQsnO/RHgLD4oaI8xGSjo:pgeFUfH/zPp1u/lgLD4fjo

authentihash 62ebde7328aff77c54dc6e07d1f46688eb50927ef2585545ef9b2c1b6dca8b2b
imphash c983bfad24d4e08b23d756805b2848fa
File size 614.0 KB ( 628736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (61.9%)
Win32 Dynamic Link Library (generic) (13.0%)
Win32 Executable (generic) (8.9%)
OS/2 Executable (generic) (4.0%)
Clipper DOS Executable (4.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-27 16:49:50 UTC ( 5 months, 3 weeks ago )
Last submission 2018-10-30 20:47:55 UTC ( 5 months, 3 weeks ago )
File names .
Stern
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!