× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 67434909130561a7796d7988c2eefb18fd37e408cbb0a069ae859ca90c3b9745
File name: .
Detection ratio: 45 / 68
Analysis date: 2018-08-17 17:24:19 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40383503 20180817
AhnLab-V3 Malware/Win32.Generic.C2662642 20180817
ALYac Trojan.GenericKD.40383503 20180817
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20180817
Arcabit Trojan.Generic.D268340F 20180817
Avast Win32:Trojan-gen 20180817
AVG Win32:Trojan-gen 20180817
AVware Trojan.Win32.Generic!BT 20180817
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9888 20180817
BitDefender Trojan.GenericKD.40383503 20180817
CAT-QuickHeal Backdoor.Androm 20180817
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cybereason malicious.356347 20180225
Cylance Unsafe 20180817
Cyren W32/Trojan.CNMG-2769 20180817
DrWeb Trojan.PWS.Stealer.23680 20180817
Emsisoft Trojan.GenericKD.40383503 (B) 20180817
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GJTI 20180817
F-Prot W32/Trojan3.AMVV 20180817
Fortinet W32/GenKryptik.CHPW!tr 20180817
GData Trojan.GenericKD.40383503 20180817
Ikarus Trojan-Banker.Ramnit 20180817
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053a2841 ) 20180816
K7GW Trojan ( 0053a2841 ) 20180817
Kaspersky Backdoor.Win32.Androm.qfho 20180817
Malwarebytes Trojan.LokiBot 20180817
McAfee Generic.dxl 20180817
McAfee-GW-Edition BehavesLike.Win32.Generic.gh 20180817
Microsoft Trojan:Win32/Dynamer!rfn 20180817
eScan Trojan.GenericKD.40383503 20180817
Palo Alto Networks (Known Signatures) generic.ml 20180817
Panda Trj/GdSda.A 20180817
Qihoo-360 Win32/Backdoor.6a1 20180817
Rising Backdoor.Androm!8.113 (CLOUD) 20180817
Sophos AV Mal/Generic-S 20180817
Symantec Trojan.Gen.2 20180817
Tencent Win32.Backdoor.Androm.Alsm 20180817
TrendMicro TROJ_GEN.F0C2C00HB18 20180817
TrendMicro-HouseCall TROJ_GEN.F0C2C00HB18 20180817
VBA32 BScope.TrojanPSW.Coins 20180817
VIPRE Trojan.Win32.Generic!BT 20180817
ViRobot Trojan.Win32.Z.Agent.439808.EE 20180817
ZoneAlarm by Check Point Backdoor.Win32.Androm.qfho 20180817
AegisLab 20180817
Alibaba 20180713
Avast-Mobile 20180817
Avira (no cloud) 20180817
Babable 20180725
Bkav 20180817
ClamAV 20180817
CMC 20180817
Comodo 20180817
eGambit 20180817
F-Secure 20180814
Jiangmin 20180817
Kingsoft 20180817
MAX 20180817
NANO-Antivirus 20180817
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180817
Symantec Mobile Insight 20180814
TACHYON 20180817
TheHacker 20180817
TotalDefense 20180816
Trustlook 20180817
Webroot 20180817
Yandex 20180817
Zillya 20180817
Zoner 20180816
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c)

Product PdfAcknowledgement
File version 1.3.6.5
Description Example Fileperatin Managementcookie Concurrently
Comments Example Fileperatin Managementcookie Concurrently
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-08 18:21:53
Entry Point 0x0001A01E
Number of sections 4
PE sections
PE imports
GetTokenInformation
LookupAccountNameA
RegOpenKeyA
RegCloseKey
RegCreateKeyExA
RegQueryValueA
RegQueryValueExA
InitializeSecurityDescriptor
RegSetValueExA
ConvertStringSidToSidA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExW
AuthzInitializeContextFromSid
AuthzAccessCheck
GetOpenFileNameA
GetSaveFileNameA
CertGetNameStringA
SetMapMode
CreatePen
GetRgnBox
SaveDC
TextOutA
ExtSelectClipRgn
GetTextMetricsA
CreateRectRgnIndirect
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
SelectObject
FixBrushOrgEx
BitBlt
CreateDIBSection
SetTextColor
GetObjectA
CreateFontA
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
FloodFill
SetTextAlign
CreateCompatibleDC
DeleteObject
ScaleViewportExtEx
CreateRectRgn
GetClipRgn
SetWindowExtEx
SetDIBitsToDevice
SetWindowOrgEx
DPtoLP
Escape
SetBkColor
SetViewportExtEx
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
GetThreadPriority
InitializeCriticalSection
LoadResource
GlobalHandle
InterlockedDecrement
FormatMessageA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
GetPriorityClass
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
GetSystemDirectoryA
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GlobalLock
GlobalReAlloc
lstrcmpA
lstrcpyA
CompareStringA
CreateFileMappingA
lstrcmpW
GetProcAddress
GetTimeZoneInformation
GetConsoleWindow
CreateEventA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
MapUserPhysicalPages
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
FreeResource
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
NetWkstaGetInfo
NetAuditClear
DsGetRdnW
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
SysStringByteLen
VariantClear
VariantInit
VarEqv
VarAnd
SysAllocStringByteLen
VarAdd
PathFindFileNameA
PathFindExtensionA
SetFocus
GetForegroundWindow
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
IsWindow
SetTimer
DispatchMessageA
EndPaint
GrayStringA
WindowFromPoint
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetActiveWindow
LoadImageA
GetTopWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
GetClassInfoExA
ShowWindow
GetPropA
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
InsertMenuItemA
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateMenu
FillRect
CopyRect
GetSysColorBrush
GetDialogBaseUnits
PtInRect
IsDialogMessageA
MapWindowPoints
BeginPaint
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
PostMessageA
DrawIcon
EnumDesktopsA
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
CreateWindowExA
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
CreateDialogIndirectParamA
FindWindowExA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
IsDlgButtonChecked
GetMenuState
GetDC
SetForegroundWindow
ReleaseDC
EndDialog
LoadMenuA
SendInput
GetCapture
FindWindowA
DrawTextExA
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
AppendMenuA
UnhookWindowsHookEx
MoveWindow
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
IsWindowVisible
GetDesktopWindow
WinHelpA
InvalidateRect
wsprintfA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetMenu
SetCursor
IsThemeActive
GetWindowTheme
GetThemeInt
OpenPrinterA
DocumentPropertiesA
ClosePrinter
WICConvertBitmapSource
CoInitialize
CoCreateGuid
CoCreateInstance
StringFromCLSID
CreateFileMoniker
ReadFmtUserTypeStg
GetRunningObjectTable
HlinkNavigateMoniker
HlinkGoForward
Number of PE resources by type
AFX_DIALOG_LAYOUT 11
RT_RCDATA 8
RT_GROUP_CURSOR 7
RT_ICON 6
RT_CURSOR 5
RT_DIALOG 4
BINARY 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 46
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

Comments
Example Fileperatin Managementcookie Concurrently

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.3.6.5

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Example Fileperatin Managementcookie Concurrently

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
242176

PrivateBuild
1.3.6.5

EntryPoint
0x1a01e

MIMEType
application/octet-stream

LegalCopyright
Copyright (c)

FileVersion
1.3.6.5

TimeStamp
2018:08:08 19:21:53+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.3.6.5

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AMD Inc.

CodeSize
196608

ProductName
PdfAcknowledgement

ProductVersionNumber
1.3.6.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 eb6c6a9e231d8b751f8cc74a774668b2
SHA1 2fe71aa356347218063b76eed7f0a811f46cb1a3
SHA256 67434909130561a7796d7988c2eefb18fd37e408cbb0a069ae859ca90c3b9745
ssdeep
12288:yXoTOMQa+xhOcYcTSI9jLI1i1J1NrffE2:6oL5c/OI9g1i1JffE2

authentihash 589b912a0cfc640b72052ddd29aba743ffd0f0f93b3e08eec15643cf172d4b44
imphash c002e4bab1d6f4793d58fdc61a4f210e
File size 429.5 KB ( 439808 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-10 20:03:16 UTC ( 1 month, 1 week ago )
Last submission 2018-08-11 14:45:20 UTC ( 1 month, 1 week ago )
File names .
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections