× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 65fb18701e712ce9fcba0a338926c713503f29dbb339547387f8ed8aad953de1
File name: 5fe6d8fd76a45e8ac69eb1efaabeefce
Detection ratio: 41 / 67
Analysis date: 2017-12-15 09:59:08 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6298084 20171215
AegisLab Troj.W32.Mansabo!c 20171215
Arcabit Trojan.Generic.D6019E4 20171215
Avast FileRepMalware 20171215
AVG FileRepMalware 20171215
Avira (no cloud) TR/Dropper.VB.teete 20171215
AVware Trojan.Win32.Generic!BT 20171215
BitDefender Trojan.GenericKD.6298084 20171215
CAT-QuickHeal Trojan.Mansabo 20171215
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1f8560 20171103
Cylance Unsafe 20171215
DrWeb Trojan.DownLoader26.1077 20171215
Emsisoft Trojan.GenericKD.6298084 (B) 20171215
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Injector.DUNT 20171215
F-Secure Trojan.GenericKD.6298084 20171215
Fortinet W32/GenKryptik.BIRS!tr 20171215
GData Trojan.GenericKD.6298084 20171215
Ikarus Trojan.Win32.Injector 20171214
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 005207851 ) 20171215
K7GW Trojan ( 005207851 ) 20171214
Kaspersky Trojan.Win32.Mansabo.ake 20171215
Malwarebytes Trojan.Injector 20171215
MAX malware (ai score=100) 20171215
McAfee RDN/Generic.com 20171215
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20171215
Microsoft Trojan:Win32/Totbrick.H 20171214
eScan Trojan.GenericKD.6298084 20171215
Palo Alto Networks (Known Signatures) generic.ml 20171215
Panda Trj/CI.A 20171214
Qihoo-360 HEUR/QVM03.0.D241.Malware.Gen 20171215
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/Generic-S 20171215
Tencent Win32.Trojan.Mansabo.Tbsw 20171215
TrendMicro TROJ_GEN.R00EC0WLE17 20171215
TrendMicro-HouseCall TROJ_GEN.R00EC0WLE17 20171215
VIPRE Trojan.Win32.Generic!BT 20171215
Webroot W32.Adware.Gen 20171215
ZoneAlarm by Check Point Trojan.Win32.Mansabo.ake 20171215
AhnLab-V3 20171214
Alibaba 20171215
ALYac 20171215
Avast-Mobile 20171214
Baidu 20171212
Bkav 20171214
ClamAV 20171215
CMC 20171215
Comodo 20171215
Cyren 20171215
eGambit 20171215
F-Prot 20171215
Jiangmin 20171215
Kingsoft 20171215
NANO-Antivirus 20171215
nProtect 20171215
Rising 20171215
SUPERAntiSpyware 20171215
Symantec 20171215
Symantec Mobile Insight 20171215
TheHacker 20171210
TotalDefense 20171215
Trustlook 20171215
VBA32 20171214
ViRobot 20171215
WhiteArmor 20171204
Yandex 20171214
Zillya 20171214
Zoner 20171215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Ays Hotel 2.5

Product Expansive
Original name elly.exe
Internal name elly
File version 7.00
Description steel nails and Purchasing
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-13 08:33:14
Entry Point 0x00001150
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
DllFunctionCall
Ord(648)
Ord(516)
EVENT_SINK_Invoke
Ord(661)
Ord(546)
EVENT_SINK_AddRef
Ord(650)
EVENT_SINK_GetIDsOfNames
Ord(600)
__vbaExceptHandler
Ord(632)
MethCallEngine
Ord(645)
Zombie_GetTypeInfoCount
Ord(540)
Ord(100)
Zombie_GetTypeInfo
Ord(608)
Ord(547)
Ord(571)
Ord(573)
ProcCallEngine
Ord(614)
Ord(606)
EVENT_SINK_Release
Ord(595)
Ord(617)
Ord(644)
Ord(541)
Ord(598)
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_VERSION 1
RGB6666581 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
GERMAN LUXEMBOURG 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
7.0

FileSubtype
0

FileVersionNumber
7.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
steel nails and Purchasing

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
278528

EntryPoint
0x1150

OriginalFileName
elly.exe

MIMEType
application/octet-stream

LegalCopyright
Ays Hotel 2.5

FileVersion
7.0

TimeStamp
2017:12:13 09:33:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
elly

ProductVersion
7.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
steel nails and Purchasing

CodeSize
106496

ProductName
Expansive

ProductVersionNumber
7.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 5fe6d8fd76a45e8ac69eb1efaabeefce
SHA1 9a9456a1f8560226a8e85904c5b83d97980dbb1f
SHA256 65fb18701e712ce9fcba0a338926c713503f29dbb339547387f8ed8aad953de1
ssdeep
6144:N5SHvDn5SHvDDdLYENO9rq9/1pFMGloQQzBPggMxTaCGJjvcA5XmJgH8l:wvyv1NUWflj6glIjzdncl

authentihash 0042f99b7f3e6a76a593053753b0d479fa3f75c26c457549c31960599292ad85
imphash 05d54aec13d03a413b06b1d1215a3829
File size 380.0 KB ( 389120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-14 06:51:31 UTC ( 1 year, 2 months ago )
Last submission 2018-05-26 18:03:26 UTC ( 8 months, 3 weeks ago )
File names elly
stsvd.ex_
elly.exe
5fe6d8fd76a45e8ac69eb1efaabeefce
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!