× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6c80adee2b1721ee34149059bc3e400aa5d38ed2938b4658b9e8d15295c009b9
File name: 9459c6fd7bafed112f385e60988fa75b
Detection ratio: 9 / 69
Analysis date: 2018-11-12 13:44:59 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Dropper.VB.Gen 20181112
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181022
Cybereason malicious.3999b3 20180225
Cylance Unsafe 20181112
Endgame malicious (high confidence) 20181108
Ikarus Trojan-Banker.TrickBot 20181112
Sophos ML heuristic 20181108
McAfee-GW-Edition BehavesLike.Win32.Generic.hc 20181112
SentinelOne (Static ML) static engine - malicious 20181011
Ad-Aware 20181112
AegisLab 20181112
AhnLab-V3 20181112
Alibaba 20180921
ALYac 20181112
Antiy-AVL 20181112
Arcabit 20181112
Avast 20181112
Avast-Mobile 20181112
AVG 20181112
AVware 20180925
Babable 20180918
Baidu 20181112
BitDefender 20181112
Bkav 20181110
CAT-QuickHeal 20181112
ClamAV 20181112
CMC 20181112
Cyren 20181112
DrWeb 20181112
eGambit 20181112
Emsisoft 20181112
ESET-NOD32 20181112
F-Prot 20181112
F-Secure 20181112
Fortinet 20181112
GData 20181112
Jiangmin 20181112
K7AntiVirus 20181112
K7GW 20181112
Kaspersky 20181112
Kingsoft 20181112
Malwarebytes 20181112
MAX 20181112
McAfee 20181112
Microsoft 20181112
eScan 20181112
NANO-Antivirus 20181112
Palo Alto Networks (Known Signatures) 20181112
Panda 20181112
Qihoo-360 20181112
Rising 20181112
Sophos AV 20181112
SUPERAntiSpyware 20181107
Symantec 20181112
Symantec Mobile Insight 20181108
TACHYON 20181112
Tencent 20181112
TheHacker 20181108
TotalDefense 20181111
TrendMicro 20181112
TrendMicro-HouseCall 20181112
Trustlook 20181112
VBA32 20181112
VIPRE 20181112
ViRobot 20181112
Webroot 20181112
Yandex 20181109
Zillya 20181109
ZoneAlarm by Check Point 20181112
Zoner 20181112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product A better Atomic Time Synch
Original name AcronixB.exe
Internal name AcronixB
File version 1.00
Comments I've got a program that will let
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-12 10:56:28
Entry Point 0x000014F0
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
Ord(595)
_adj_fprem
__vbaAryMove
_adj_fdiv_r
Ord(547)
Ord(100)
__vbaHresultCheckObj
__vbaI2Var
_CIlog
Ord(616)
_adj_fptan
__vbaI4Var
__vbaLateIdCall
Ord(608)
__vbaFreeStr
__vbaLateIdCallLd
Ord(631)
__vbaStrI4
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
__vbaLenBstr
Ord(553)
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaFreeVar
__vbaLbound
__vbaPowerR8
_CIsin
_CIsqrt
EVENT_SINK_Release
__vbaVarTstEq
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaAryUnlock
Ord(661)
__vbaFreeObjList
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
Ord(618)
__vbaExitProc
Ord(542)
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
_CIcos
__vbaDateVar
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaLateIdSt
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(543)
_adj_fdiv_m32
Ord(535)
__vbaEnd
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarForInit
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_m64
Ord(544)
__vbaUI1I4
__vbaUI1I2
__vbaAryLock
_CIatan
Ord(587)
__vbaR8Var
__vbaObjSet
Ord(644)
__vbaVarCat
_CIexp
_CItan
__vbaFpI4
Ord(598)
Ord(545)
Number of PE resources by type
RT_ICON 11
RT_STRING 6
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 12
ENGLISH US 7
GERMAN LUXEMBOURG 1
PE resources
ExifTool file metadata
CodeSize
262144

SubsystemVersion
4.0

Comments
I've got a program that will let

InitializedDataSize
278528

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x14f0

OriginalFileName
AcronixB.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2018:11:12 11:56:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AcronixB

ProductVersion
1.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Network Time Protocol

LegalTrademarks
It's been totally rewritten

ProductName
A better Atomic Time Synch

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 9459c6fd7bafed112f385e60988fa75b
SHA1 680cb653999b3e6f87b01f4f44a1122542036b06
SHA256 6c80adee2b1721ee34149059bc3e400aa5d38ed2938b4658b9e8d15295c009b9
ssdeep
6144:z3WFbhYOlNPPhnWVh3gqE53PQSLgaFXvrY8jfMox65W:z3WFbhBlNPPsVh3gqo34Szk87JB

authentihash 3ce27be07dfc319bc22b4964944a3b5c8d0b56a19bb756019aa77d382a7dcfb5
imphash 1b669e145a6b2d658aa2e2c258ce44c6
File size 532.0 KB ( 544768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-12 13:44:59 UTC ( 4 months, 1 week ago )
Last submission 2018-11-16 07:00:49 UTC ( 4 months ago )
File names AcronixB.exe
44783M8UH77G8L8_NKUBYHU5VFXXBH878XO6HLTTKPPZF28TSDU5KWPPK_11C1JL.EXE
<SAMPLE.EXE>
AcronixB
mholtx1usjci76x1wmqolb3x0mfgw47cgz_yk1wt5mowhduaw1bmwvh311rqduhi.exe
9459c6fd7bafed112f385e60988fa75b
9459c6fd7bafed112f385e60988fa75b
44783m8uh77g8l8_nkubyhu5vfxxbh878xo6hlttkppzf28tsdu5kwppk_11c1jl.exe
44893m9uh88g9l9_nkubyhu6vfxxbh989xo7hlttkppzf29ttdu6kwppk_11c1jl.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.