× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60e49e8e896f5c661a7a337202f2e3265403caedaa66815ca26e31ab407cf46f
File name: pub.exe
Detection ratio: 7 / 69
Analysis date: 2018-11-29 01:00:53 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.1d2a0c 20180225
Cylance Unsafe 20181129
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Symantec ML.Attribute.HighConfidence 20181128
Trapmine malicious.moderate.ml.score 20181126
Ad-Aware 20181129
AegisLab 20181128
AhnLab-V3 20181128
Alibaba 20180921
ALYac 20181129
Antiy-AVL 20181128
Arcabit 20181128
Avast 20181129
Avast-Mobile 20181128
AVG 20181128
Avira (no cloud) 20181128
Babable 20180918
Baidu 20181128
BitDefender 20181128
Bkav 20181128
CAT-QuickHeal 20181128
ClamAV 20181128
CMC 20181128
Comodo 20181128
Cyren 20181128
DrWeb 20181129
eGambit 20181129
Emsisoft 20181129
ESET-NOD32 20181129
F-Prot 20181128
F-Secure 20181128
Fortinet 20181129
GData 20181129
Ikarus 20181128
Jiangmin 20181129
K7AntiVirus 20181128
K7GW 20181128
Kaspersky 20181129
Kingsoft 20181129
Malwarebytes 20181129
MAX 20181129
McAfee 20181128
McAfee-GW-Edition 20181128
Microsoft 20181128
eScan 20181128
NANO-Antivirus 20181128
Palo Alto Networks (Known Signatures) 20181129
Panda 20181128
Qihoo-360 20181129
Rising 20181129
SentinelOne (Static ML) 20181011
Sophos AV 20181128
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181128
Tencent 20181129
TheHacker 20181126
TotalDefense 20181128
TrendMicro 20181128
TrendMicro-HouseCall 20181128
Trustlook 20181129
VBA32 20181128
ViRobot 20181128
Webroot 20181129
Yandex 20181128
Zillya 20181128
ZoneAlarm by Check Point 20181129
Zoner 20181129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©SystemTools Software Inc. 1999 - 2014

Product Doing
Description Bells Earnings Hopefully Ruler Prospect
Comments Bells Earnings Hopefully Ruler Prospect
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-28 23:36:04
Entry Point 0x0000B4C9
Number of sections 4
PE sections
PE imports
CryptGetKeyParam
CryptAcquireContextA
RegQueryValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegOpenKeyExA
CryptDecrypt
CryptCreateHash
capGetDriverDescriptionA
SetMapMode
CreatePen
TextOutA
CreateFontIndirectA
GetTextMetricsA
MaskBlt
GetPixel
Rectangle
GetObjectA
LineTo
DeleteDC
GetTextExtentPointA
SetPixel
DeleteObject
BitBlt
CreateDIBSection
CreateBitmap
MoveToEx
GetStockObject
SetViewportOrgEx
CreateCompatibleDC
SwapBuffers
SelectObject
GetTextExtentPoint32A
SetWindowExtEx
CreateSolidBrush
DPtoLP
GetMapMode
SetViewportExtEx
Ellipse
GetStdHandle
WaitForSingleObject
EncodePointer
SetConsoleCursorPosition
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
EnumSystemLocalesW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
ResumeThread
FreeLibraryAndExitThread
FindClose
TlsGetValue
FindNextChangeNotification
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
SetEnvironmentVariableW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
TerminateProcess
GetModuleHandleExW
ReadConsoleW
GetCurrentThreadId
GetProcAddress
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetOEMCP
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
GetStartupInfoW
SetEvent
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
CompareStringW
FindFirstFileExA
FindNextFileA
IsValidLocale
WaitForMultipleObjects
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
FindFirstChangeNotificationW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetConsoleTitleA
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
VirtualAlloc
acmDriverDetailsA
glVertex2f
glFlush
glColor3f
glClearColor
glClear
glEnd
wglGetCurrentDC
glBegin
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
Ord(727)
SHGetFileInfoW
SetFocus
GetMessageA
UpdateWindow
GetScrollRange
GetScrollInfo
BeginPaint
GetScrollPos
KillTimer
PostQuitMessage
DefWindowProcA
FindWindowA
DeferWindowPos
GetSystemMetrics
DispatchMessageA
EndPaint
SetMenu
MoveWindow
MessageBoxA
GetWindowDC
TranslateMessage
GetWindow
SetActiveWindow
SetScrollInfo
EndDeferWindowPos
ReleaseDC
GetIconInfo
GetMenu
ScrollWindow
BeginDeferWindowPos
SendMessageA
GetClientRect
GetDlgItem
SetScrollPos
wsprintfA
SetTimer
SetWindowTextA
TranslateAcceleratorA
GetDialogBaseUnits
GetDesktopWindow
ValidateRect
LoadImageA
GetDC
EnableWindow
GetFileVersionInfoW
timeGetTime
GdipCloneBrush
GdipFillEllipseI
GdipSetPathGradientCenterColor
GdipCreateFromHDC
GdipFree
GdipCreatePath
GdipGetPathGradientPointCount
GdipDeletePath
GdipAlloc
GdiplusStartup
GdipDeleteBrush
GdipSetPathGradientSurroundColorsWithCount
GdipDeleteGraphics
GdipCreatePathGradientFromPath
GdipAddPathEllipseI
CreateAsyncBindCtx
Number of PE resources by type
RT_BITMAP 9
RT_GROUP_CURSOR 8
RT_ICON 5
RT_CURSOR 5
GOOGLEUPDATEAPPLICATIONCOMMANDS 4
CUSTOM 1
RT_MANIFEST 1
BINAR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 36
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

Comments
Bells Earnings Hopefully Ruler Prospect

LinkerVersion
14.16

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.1.9.515

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Bells Earnings Hopefully Ruler Prospect

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
285696

EntryPoint
0xb4c9

MIMEType
application/octet-stream

LegalCopyright
Copyright SystemTools Software Inc. 1999 - 2014

TimeStamp
2018:11:29 00:36:04+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
7.1.9.515

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SystemTools Software Inc.

CodeSize
145408

ProductName
Doing

ProductVersionNumber
7.1.9.515

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 63056d11d2a0c85a5e5932df2269b7fd
SHA1 e848d608730f2a8fd0f2652d5b9c32d8d8391e63
SHA256 60e49e8e896f5c661a7a337202f2e3265403caedaa66815ca26e31ab407cf46f
ssdeep
6144:67nFEaJUwteAOzq9w6p6/LTeSmp/+YmqNd:oFEaRQRP/hmp/+5od

authentihash a472307f55e98a7d9344d1f61defffd7537891f67b906b3da332a2b33b8522b5
imphash a68ec77bb02537a620b207ff13bfa10b
File size 422.0 KB ( 432128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (68.7%)
Win32 Executable (generic) (11.2%)
OS/2 Executable (generic) (5.0%)
Clipper DOS Executable (5.0%)
Generic Win/DOS Executable (4.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-29 01:00:53 UTC ( 5 months, 3 weeks ago )
Last submission 2018-12-21 22:01:43 UTC ( 5 months ago )
File names pub.exe
pub.exe
63056d11d2a0c85a5e5932df2269b7fd
63056d11.gxe
output.114591095.txt
63056d11d2a0c85a5e5932df2269b7fd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!