× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6421903d0455b4729d94ea384f7ad30d96fb90869d68237d60d106bd88a93eb5
File name: 44783M8UH77G8L8_NKUBYHU5VFXXBH878XO6HLTTKPPZF28TSDU5KWPPK_11C1JL.EXE
Detection ratio: 35 / 72
Analysis date: 2019-01-06 00:10:33 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31487457 20190105
Arcabit Trojan.Generic.D1E075E1 20190105
Avast Win32:Malware-gen 20190105
AVG Win32:Malware-gen 20190105
BitDefender Trojan.GenericKD.31487457 20190105
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20190106
Cyren W32/Trojan.SGKG-9084 20190105
Emsisoft Trojan.GenericKD.31487457 (B) 20190105
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CVRV 20190105
F-Secure Trojan.GenericKD.31487457 20190105
Fortinet W32/GenKryptik.CVRV!tr 20190105
GData Win32.Trojan-Spy.TrickBot.KPK5E5 20190105
Ikarus Trojan.Win32.Krypt 20190105
Sophos ML heuristic 20181128
K7GW Riskware ( 0040eff71 ) 20190105
Kaspersky Trojan.Win32.Mansabo.btk 20190105
MAX malware (ai score=99) 20190106
McAfee RDN/Generic.grp 20190105
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20190105
Microsoft Trojan:Win32/MereTam.A 20190105
eScan Trojan.GenericKD.31487457 20190105
Palo Alto Networks (Known Signatures) generic.ml 20190106
Qihoo-360 HEUR/QVM03.0.52AD.Malware.Gen 20190106
Rising Trojan.MereTam!8.E4CE (CLOUD) 20190105
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Generic-S 20190105
Symantec Trojan.Gen.2 20190105
Tencent Win32.Trojan.Mansabo.Wskd 20190106
Trapmine malicious.high.ml.score 20190103
TrendMicro-HouseCall TROJ_GEN.R002H0DA519 20190105
ViRobot Trojan.Win32.Z.Highconfidence.208896.P 20190105
Webroot W32.Trojan.Gen 20190106
ZoneAlarm by Check Point Trojan.Win32.Mansabo.btk 20190105
Acronis 20181227
AegisLab 20190105
AhnLab-V3 20190105
Alibaba 20180921
ALYac 20190105
Antiy-AVL 20190105
Avast-Mobile 20190105
Avira (no cloud) 20190105
AVware 20180925
Babable 20180918
Baidu 20190104
Bkav 20190104
CAT-QuickHeal 20190105
ClamAV 20190105
CMC 20190105
Comodo 20190105
Cybereason 20180225
DrWeb 20190105
eGambit 20190106
F-Prot 20190105
Jiangmin 20190105
K7AntiVirus 20190105
Kingsoft 20190106
Malwarebytes 20190105
NANO-Antivirus 20190105
Panda 20190105
SUPERAntiSpyware 20190102
TACHYON 20190105
TheHacker 20190104
TotalDefense 20190105
TrendMicro 20190105
Trustlook 20190106
VBA32 20190104
VIPRE 20190106
Yandex 20181229
Zillya 20190105
Zoner 20190105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
DJ Cartier Bad Boy Brown Host

Product Graphic
Original name Graphic.exe
Internal name Graphic
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-03 09:33:10
Entry Point 0x00001360
Number of sections 3
PE sections
PE imports
WideCharToMultiByte
RtlMoveMemory
VirtualProtect
GetProcAddress
VirtualAlloc
GetModuleHandleW
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
_allmul
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
EVENT_SINK_AddRef
__vbaR4Var
__vbaAryMove
_adj_fpatan
_adj_fdiv_m32i
__vbaFreeObjList
__vbaVarForInit
Ord(535)
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
__vbaUbound
__vbaVarAdd
__vbaVarTstLt
Ord(100)
__vbaUI1I2
__vbaFreeVar
__vbaR4Str
_adj_fdiv_r
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
__vbaAryLock
_CIcos
__vbaVarTstEq
_adj_fptan
__vbaVarSub
_CItan
Ord(581)
__vbaObjSet
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaVarForNext
Ord(644)
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrR8
_adj_fprem1
_adj_fdivr_m32
__vbaVar2Vec
__vbaFreeStrList
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
LoadStringW
Number of PE resources by type
RT_STRING 6
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 6
NEUTRAL DEFAULT 2
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
172032

ImageVersion
1.0

ProductName
Graphic

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Graphic.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0

TimeStamp
2019:01:03 10:33:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Graphic

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
DJ Cartier Bad Boy Brown Host

MachineType
Intel 386 or later, and compatibles

CompanyName
NironSoft

CodeSize
32768

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1360

ObjectFileType
Executable application

Execution parents
File identification
MD5 d97f8abc78b978c8cd4ece4c810affb5
SHA1 73328e692d3579ffbcf68aa059a457184a31a40d
SHA256 6421903d0455b4729d94ea384f7ad30d96fb90869d68237d60d106bd88a93eb5
ssdeep
3072:k8j6LzmEH+o1V/JmyvAOkhnETBdFA8q0NjPDHgYkhWzd75Q:ILSEH+d4LkhnaqirHVxu

authentihash 7fbeceaca205c3cde1525b14756cf5f243b329f3577b669a23eef66d5c221e4a
imphash 6823fecaa9992080b47fe69e2b09b0ff
File size 204.0 KB ( 208896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-04 15:02:33 UTC ( 1 month, 2 weeks ago )
Last submission 2019-01-04 15:02:33 UTC ( 1 month, 2 weeks ago )
File names nbwu71vp92eno7qx19hxhr2cgfzq97ltq5d8wkzpzvrishsyrm9sy6anf58hkbly.exe
Graphic
table.png
<SAMPLE.EXE>
44783M8UH77G8L8_NKUBYHU5VFXXBH878XO6HLTTKPPZF28TSDU5KWPPK_11C1JL.EXE
Graphic.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Copied files
Created processes
Code injections in the following processes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.