× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 689dd74564c31d72467a3c7c2ed57d89f18f5824c87f46d6426b43bcd1e818a8
File name: Feakxo.exe
Detection ratio: 3 / 55
Analysis date: 2015-07-14 00:14:56 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
AVG Inject2.CMUA 20150714
ESET-NOD32 Win32/Spy.Zbot.ACB 20150714
Kaspersky UDS:DangerousObject.Multi.Generic 20150714
Ad-Aware 20150714
AegisLab 20150713
Yandex 20150713
AhnLab-V3 20150713
Alibaba 20150713
ALYac 20150713
Antiy-AVL 20150714
Arcabit 20150714
Avast 20150713
Avira (no cloud) 20150713
AVware 20150713
Baidu-International 20150713
BitDefender 20150714
Bkav 20150713
ByteHero 20150714
CAT-QuickHeal 20150713
ClamAV 20150713
Comodo 20150713
Cyren 20150714
DrWeb 20150714
Emsisoft 20150713
F-Prot 20150713
F-Secure 20150714
Fortinet 20150714
GData 20150714
Ikarus 20150713
Jiangmin 20150713
K7AntiVirus 20150713
K7GW 20150713
Kingsoft 20150714
Malwarebytes 20150713
McAfee 20150713
McAfee-GW-Edition 20150713
Microsoft 20150713
eScan 20150714
NANO-Antivirus 20150714
nProtect 20150713
Panda 20150713
Qihoo-360 20150714
Rising 20150713
Sophos AV 20150713
SUPERAntiSpyware 20150713
Symantec 20150714
Tencent 20150714
TheHacker 20150713
TrendMicro 20150713
TrendMicro-HouseCall 20150713
VBA32 20150713
VIPRE 20150713
ViRobot 20150713
Zillya 20150713
Zoner 20150713
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2012

Publisher
Product Internet Security
Original name Internet Security.exe
Internal name Internet Security
File version 1, 0, 0, 1
Description Internet Security
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-12 16:42:16
Entry Point 0x0000429C
Number of sections 4
PE sections
Overlays
MD5 a8a6515820a7bd87e891580daaab9ab4
File type data
Offset 258048
Size 512
Entropy 7.58
PE imports
RegDeleteValueW
TranslateCharsetInfo
MoveToEx
CreateSolidBrush
lstrcpynW
GetStartupInfoA
TerminateProcess
FreeEnvironmentStringsA
GetCPInfo
MapViewOfFile
GetSystemInfo
GetModuleHandleA
GetModuleFileNameW
CreateFileW
CreateFileMappingA
GlobalUnlock
GetLocalTime
Ord(1775)
Ord(2358)
Ord(4080)
Ord(537)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(1997)
Ord(6375)
Ord(755)
Ord(3798)
Ord(6282)
Ord(6052)
Ord(3721)
Ord(3610)
Ord(5290)
Ord(2446)
Ord(2370)
Ord(4441)
Ord(2363)
Ord(795)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(3092)
Ord(3574)
Ord(1134)
Ord(4465)
Ord(609)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5199)
Ord(5307)
Ord(567)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(6283)
Ord(1576)
Ord(1727)
Ord(1776)
Ord(2642)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(823)
Ord(800)
Ord(656)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(535)
Ord(2621)
Ord(2366)
Ord(533)
Ord(3259)
Ord(3262)
Ord(5194)
Ord(4353)
Ord(2575)
Ord(5065)
Ord(4407)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4160)
Ord(4376)
Ord(3402)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(4396)
Ord(6334)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(2648)
Ord(798)
Ord(5714)
Ord(5289)
Ord(4622)
Ord(561)
Ord(2302)
Ord(4486)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(6199)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
_except_handler3
?terminate@@YAXXZ
_acmdln
fabs
__CxxFrameHandler
__p__fmode
_exit
__p__commode
__setusermatherr
_setmbcp
__dllonexit
_onexit
exit
_XcptFilter
exp
__getmainargs
_initterm
_controlfp
rand
_adjust_fdiv
__set_app_type
GetWindowLongA
GetSystemMetrics
AppendMenuA
ReleaseDC
EnableWindow
DrawIcon
SendMessageA
GetClientRect
GetSystemMenu
DeleteMenu
FindWindowA
IsIconic
ScreenToClient
CheckDlgButton
DispatchMessageW
LoadIconA
PE exports
Number of PE resources by type
RT_DIALOG 2
27 1
RT_ICON 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 4
NEUTRAL 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Portuguese (Brazilian)

FileFlagsMask
0x003f

CharacterSet
Windows, Turkish

InitializedDataSize
237568

EntryPoint
0x429c

OriginalFileName
Internet Security.exe

MIMEType
application/octet-stream

LegalCopyright
(C) 2012

FileVersion
1, 0, 0, 1

TimeStamp
2015:07:12 17:42:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Internet Security

ProductVersion
1, 0, 0, 1

FileDescription
Internet Security

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
16384

ProductName
Internet Security

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 12e367ce109f6521422ff690bea97dba
SHA1 5f878f2ce204751ca6a683b6ab8865abeb050614
SHA256 689dd74564c31d72467a3c7c2ed57d89f18f5824c87f46d6426b43bcd1e818a8
ssdeep
6144:WT9uUXLCz2WaPxGbHU8RSm5hoMLoOuw99kMj0IMe:WUzCEzRKkOece

authentihash c91957748c5a7dac21f716b3cc59dac1b5d640f2ab529cc2f72475c8ad415550
imphash 93ddcdf2cabcdb1ef03afa4d4a84de6c
File size 252.5 KB ( 258560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-07-14 00:14:56 UTC ( 3 years, 8 months ago )
Last submission 2015-07-25 10:06:04 UTC ( 3 years, 8 months ago )
File names Internet Security.exe
Feakxo.exe
Internet Security
689dd74564c31d72467a3c7c2ed57d89f18f5824c87f46d6426b43bcd1e818a8.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs