× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 61e635861fe6d7e53340a029694972b58526f92c4f33635ba2cf330be42aeb92
File name: 61E635861FE6D7E53340A029694972B58526F92C4F33635BA2CF330BE42AEB92.dat
Detection ratio: 31 / 68
Analysis date: 2018-07-26 17:44:52 UTC ( 6 months, 3 weeks ago )
Antivirus Result Update
Antiy-AVL GrayWare[AdWare]/Win32.InstallCore.gena 20180726
AVware Trojan.Win32.Generic!BT 20180726
BitDefender Application.Alphaeon.1.Gen 20180726
Comodo Application.Win32.Agent.balnb 20180726
Cybereason malicious.fe4518 20180225
Cyren W32/Trojan.YCAL-6377 20180726
Emsisoft Application.Alphaeon.1.Gen (B) 20180726
Endgame malicious (high confidence) 20180711
ESET-NOD32 Win32/InstallCore.Gen.A potentially unwanted 20180726
F-Secure Application.Alphaeon.1 20180726
Fortinet Riskware/InstallCore_Gen 20180726
GData Application.Alphaeon.1.Gen (12x) 20180726
Sophos ML heuristic 20180717
K7AntiVirus Adware ( 005023931 ) 20180726
K7GW Adware ( 005023931 ) 20180726
Kaspersky not-a-virus:HEUR:AdWare.Win32.DealPly.gen 20180726
MAX malware (ai score=99) 20180726
McAfee Artemis!E66F0F6FE451 20180726
McAfee-GW-Edition BehavesLike.Win32.AdwareFileTour.tc 20180726
eScan Application.Alphaeon.1.Gen 20180726
NANO-Antivirus Virus.InnoSetup.Gen.ccng 20180726
Panda PUP/DownloadAssistant 20180726
Qihoo-360 Win32/Application.31b 20180726
Rising PUF.InstallCore!1.AB2C (CLASSIC) 20180726
Sophos AV Install Core (PUA) 20180726
Symantec ML.Attribute.HighConfidence 20180726
TrendMicro PUA_InstallCore 20180726
TrendMicro-HouseCall PUA_InstallCore 20180726
VIPRE Trojan.Win32.Generic!BT 20180726
Webroot W32.Adware.Gen 20180726
ZoneAlarm by Check Point not-a-virus:AdWare.Win32.DealPly.heur 20180726
Ad-Aware 20180726
AegisLab 20180726
AhnLab-V3 20180726
Alibaba 20180713
ALYac 20180726
Arcabit 20180726
Avast 20180726
Avast-Mobile 20180726
AVG 20180726
Avira (no cloud) 20180726
Babable 20180725
Baidu 20180726
Bkav 20180726
CAT-QuickHeal 20180725
ClamAV 20180726
CMC 20180726
CrowdStrike Falcon (ML) 20180723
Cylance 20180726
DrWeb 20180726
eGambit 20180726
F-Prot 20180726
Ikarus 20180726
Jiangmin 20180726
Kingsoft 20180726
Malwarebytes 20180726
Microsoft 20180726
Palo Alto Networks (Known Signatures) 20180726
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180726
TACHYON 20180726
Tencent 20180726
TheHacker 20180726
TotalDefense 20180726
Trustlook 20180726
VBA32 20180726
ViRobot 20180726
Yandex 20180725
Zillya 20180726
Zoner 20180726
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Product Hehos
File version 2.2.3.5
Description Hehos Setup
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009C40
Number of sections 8
PE sections
Overlays
MD5 55e97acf1734cf343aa6f839de5f57e4
File type data
Offset 54272
Size 1225661
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
17920

EntryPoint
0x9c40

MIMEType
application/octet-stream

FileVersion
2.2.3.5

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
4.6.2

FileDescription
Hehos Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sat

CodeSize
37888

ProductName
Hehos

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 e66f0f6fe4518634a25ca98f338261f3
SHA1 54fe1ab6192f965d3cd31ad255e69e28c66a72f4
SHA256 61e635861fe6d7e53340a029694972b58526f92c4f33635ba2cf330be42aeb92
ssdeep
24576:18vk3b6SfmDK3WAC7CU9oFvQ3atfotTxUhbmFs6tkex:1YavmDK3WpCUeFvQ3koTUh0Vx

authentihash 6d35e4261da088338f844f4f02857a3c0f89d05553026a482101f27ba1c1b204
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 1.2 MB ( 1279933 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (42.4%)
Win32 Dynamic Link Library (generic) (19.7%)
Win32 Executable (generic) (13.5%)
Win16/32 Executable Delphi generic (6.2%)
OS/2 Executable (generic) (6.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-04-16 07:56:49 UTC ( 1 year, 10 months ago )
Last submission 2018-05-25 17:53:33 UTC ( 8 months, 3 weeks ago )
File names adobe_flash_setup_3550776969.exe"; filename*=UTF-8''adobe_flash_setup_3550776969.exe
adobe_flash_setup_1587547923.exe"; filename*=UTF-8''adobe_flash_setup_1587547923.exe
adobe_flash_setup_3933694564.exe"; filename*=UTF-8''adobe_flash_setup_3933694564.exe
adobe_flash_setup_4095972735.exe"; filename*=UTF-8''adobe_flash_setup_4095972735.exe
adobe_flash_setup_1645257758.exe"; filename*=UTF-8''adobe_flash_setup_1645257758.exe
adobe_flash_setup_1089460863.exe"; filename*=UTF-8''adobe_flash_setup_1089460863.exe
adobe_flash_setup_0234094710.exe"; filename*=UTF-8''adobe_flash_setup_0234094710.exe
adobe_flash_setup_2272034583.exe"; filename*=UTF-8''adobe_flash_setup_2272034583.exe
adobe_flash_setup_3786141683.exe"; filename*=UTF-8''adobe_flash_setup_3786141683.exe
adobe_flash_setup_2566255972.exe"; filename*=UTF-8''adobe_flash_setup_2566255972.exe
adobe_flash_setup_4210485658.exe"; filename*=UTF-8''adobe_flash_setup_4210485658.exe
adobe_flash_setup_0787536889.exe"; filename*=UTF-8''adobe_flash_setup_0787536889.exe
adobe_flash_setup_3370386496.exe"; filename*=UTF-8''adobe_flash_setup_3370386496.exe
adobe_flash_setup_1003154072.exe"; filename*=UTF-8''adobe_flash_setup_1003154072.exe
adobe_flash_setup_1208814886.exe"; filename*=UTF-8''adobe_flash_setup_1208814886.exe
adobe_flash_setup_0873946766.exe"; filename*=UTF-8''adobe_flash_setup_0873946766.exe
adobe_flash_setup_3020676145.exe"; filename*=UTF-8''adobe_flash_setup_3020676145.exe
adobe_flash_setup_3290432288.exe"; filename*=UTF-8''adobe_flash_setup_3290432288.exe
adobe_flash_setup_3914166545.exe"; filename*=UTF-8''adobe_flash_setup_3914166545.exe
adobe_flash_setup_3406776064.exe"; filename*=UTF-8''adobe_flash_setup_3406776064.exe
adobe_flash_setup_3686151000.exe"; filename*=UTF-8''adobe_flash_setup_3686151000.exe
adobe_flash_setup_2708136035.exe"; filename*=UTF-8''adobe_flash_setup_2708136035.exe
adobe_flash_setup_0548544426.exe"; filename*=UTF-8''adobe_flash_setup_0548544426.exe
adobe_flash_setup_3819806372.exe"; filename*=UTF-8''adobe_flash_setup_3819806372.exe
adobe_flash_setup_2712677418.exe"; filename*=UTF-8''adobe_flash_setup_2712677418.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs
UDP communications