× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 63a98bf5992ac85f1cf72cd17231c8c272a5b28e23963fc77329801b8753e3a0
File name: .
Detection ratio: 33 / 72
Analysis date: 2019-01-03 17:23:51 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.DLJC 20190103
ALYac Trojan.Agent.DLJC 20190103
Antiy-AVL Trojan[Banker]/Win32.IcedID 20190103
Arcabit Trojan.Agent.DLJC 20190103
Avast Win32:Trojan-gen 20190103
AVG Win32:Trojan-gen 20190103
BitDefender Trojan.Agent.DLJC 20190103
Comodo TrojWare.Win32.IcedID.GN@7zy1rw 20190103
Cylance Unsafe 20190103
DrWeb Trojan.IcedID.15 20190103
Emsisoft Trojan.Agent.DLJC (B) 20190103
ESET-NOD32 Win32/Spy.IcedId.H 20190103
F-Secure Trojan.Agent.DLJC 20190103
Fortinet W32/Kryptik.GNRO!tr 20190103
GData Trojan.Agent.DLJC 20190103
Ikarus Trojan-Banker.IcedID 20190103
Sophos ML heuristic 20181128
Jiangmin Trojan.Banker.IcedID.em 20190103
K7AntiVirus Trojan ( 005432871 ) 20190103
K7GW Trojan ( 005432871 ) 20190103
Malwarebytes Trojan.IcedID 20190103
MAX malware (ai score=81) 20190103
Microsoft Trojan:Win32/Cloxer.D!cl 20190103
eScan Trojan.Agent.DLJC 20190103
NANO-Antivirus Trojan.Win32.IcedID.flatoi 20190103
Panda Trj/GdSda.A 20190102
Qihoo-360 HEUR/QVM11.1.4DC9.Malware.Gen 20190103
Rising Trojan.Kryptik!8.8 (RDM+:cmRtazoasmdPtuU83D7XcVKJ0dlY) 20190103
SentinelOne (Static ML) static engine - malicious 20181223
TheHacker Posible_Worm32 20181230
Trapmine suspicious.low.ml.score 20190103
VBA32 Trojan.Azden 20181229
Webroot W32.Trojan.Gen 20190103
Acronis 20181227
AegisLab 20190103
AhnLab-V3 20190103
Alibaba 20180921
Avast-Mobile 20190103
Avira (no cloud) 20190103
AVware 20180925
Babable 20180918
Baidu 20190102
Bkav 20190103
CAT-QuickHeal 20190103
ClamAV 20190103
CMC 20190102
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cyren 20190103
eGambit 20190103
Endgame 20181108
F-Prot 20190103
Kaspersky 20190103
Kingsoft 20190103
McAfee 20190103
McAfee-GW-Edition 20190103
Palo Alto Networks (Known Signatures) 20190103
Sophos AV 20190103
SUPERAntiSpyware 20190102
Symantec 20190103
TACHYON 20190103
Tencent 20190103
TotalDefense 20190103
TrendMicro 20190103
TrendMicro-HouseCall 20190103
Trustlook 20190103
VIPRE 20190103
ViRobot 20190103
Yandex 20181229
Zillya 20190103
ZoneAlarm by Check Point 20190103
Zoner 20190103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2001 Formstack Round. All rights reserved.

Product Rosestudent
Original name greatvalley.exe
File version 7.8.81.32
Description Rosestudent
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-12-10 12:00:58
Entry Point 0x0003C0A0
Number of sections 3
PE sections
PE imports
GetPixel
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
ReleaseDC
VerQueryValueA
Number of PE resources by type
RT_DIALOG 13
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
UninitializedDataSize
114688

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.8.81.32

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Rosestudent

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x3c0a0

OriginalFileName
greatvalley.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2001 Formstack Round. All rights reserved.

FileVersion
7.8.81.32

TimeStamp
2010:12:10 13:00:58+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
7.8.81.32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Formstack Round

CodeSize
131072

ProductName
Rosestudent

ProductVersionNumber
7.8.81.32

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 be96797ab9bfabe4926b6fe2b81bd3b9
SHA1 6b83864a6f25a796262ab56409e9a1de8aabfe27
SHA256 63a98bf5992ac85f1cf72cd17231c8c272a5b28e23963fc77329801b8753e3a0
ssdeep
3072:X1kJxHE/mF9O6RJ6Sy6FmGTpge5Fi9GXdJsA0R7wLY0P:l8HW676Sy6FrTCoA94Wy

authentihash 908635a8a305a5edec613e054377ab77c6a076a21e2c6249b49e5cef385e3786
imphash af79ef28b905e14684dfab07b5d3aba6
File size 128.5 KB ( 131584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (61.2%)
Win32 Dynamic Link Library (generic) (14.8%)
Win32 Executable (generic) (10.2%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2019-01-03 17:23:51 UTC ( 1 month, 2 weeks ago )
Last submission 2019-01-03 17:23:51 UTC ( 1 month, 2 weeks ago )
File names greatvalley.exe
.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs