× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6e37c39bade829d7c9578c69cc58fa41a8d66d08519e6b67519da69bb7a66b93
File name: 6e37c39bade829d7c9578c69cc58fa41a8d66d08519e6b67519da69bb7a66b93_...
Detection ratio: 9 / 66
Analysis date: 2018-04-23 06:48:45 UTC ( 10 months ago ) View latest
Antivirus Result Update
AegisLab Ransom.Matrix.Gen!c 20180423
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20180418
Cylance Unsafe 20180423
Kaspersky UDS:DangerousObject.Multi.Generic 20180423
Palo Alto Networks (Known Signatures) generic.ml 20180423
Qihoo-360 HEUR/QVM09.0.B0F3.Malware.Gen 20180423
Symantec Ransom.Matrix 20180422
Webroot W32.Trojan.Emotet 20180423
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180423
Ad-Aware 20180423
AhnLab-V3 20180423
Alibaba 20180423
ALYac 20180423
Antiy-AVL 20180418
Arcabit 20180423
Avast 20180423
Avast-Mobile 20180422
AVG 20180423
Avira (no cloud) 20180423
AVware 20180423
Babable 20180406
Baidu 20180423
BitDefender 20180423
Bkav 20180410
CAT-QuickHeal 20180423
ClamAV 20180423
CMC 20180422
Comodo 20180423
Cybereason None
Cyren 20180423
DrWeb 20180423
eGambit 20180423
Emsisoft 20180423
Endgame 20180403
ESET-NOD32 20180423
F-Prot 20180423
F-Secure 20180423
Fortinet 20180423
GData 20180423
Ikarus 20180422
Sophos ML 20180121
Jiangmin 20180423
K7AntiVirus 20180423
K7GW 20180423
Kingsoft 20180423
Malwarebytes 20180423
MAX 20180423
McAfee 20180422
McAfee-GW-Edition 20180423
Microsoft 20180423
eScan 20180423
NANO-Antivirus 20180423
nProtect 20180423
Panda 20180422
Rising 20180423
SentinelOne (Static ML) 20180225
Sophos AV 20180423
SUPERAntiSpyware 20180423
Symantec Mobile Insight 20180419
Tencent 20180423
TheHacker 20180423
TrendMicro 20180423
TrendMicro-HouseCall 20180423
Trustlook 20180423
VBA32 20180420
VIPRE 20180423
ViRobot 20180423
Yandex 20180420
Zillya 20180420
Zoner 20180422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Often Subtract
Original name Often Subtract.exe
File version 0, 8, 3518, 4136
Description Often Subtract
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-04-22 13:49:02
Entry Point 0x0003695E
Number of sections 4
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
LoadResource
InterlockedDecrement
GetEnvironmentVariableW
SetLastError
GetSystemTime
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
CreateSemaphoreW
TerminateProcess
SetUnhandledExceptionFilter
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
OpenProcess
GetDateFormatW
GetStartupInfoW
GetProcAddress
GetProcessHeap
GetModuleFileNameW
GlobalLock
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
QueryPerformanceFrequency
TlsFree
GetModuleHandleA
CloseHandle
GetACP
GetModuleHandleW
HeapCreate
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoSuspendClassObjects
StgCreateDocfile
OleCreate
Number of PE resources by type
RT_DIALOG 12
RT_ICON 7
BINARES 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 25
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Often Subtract

UninitializedDataSize
0

InitializedDataSize
991232

ImageVersion
0.0

ProductName
Often Subtract

FileVersionNumber
0.8.3518.4136

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
Often Subtract.exe

MIMEType
application/octet-stream

FileVersion
0, 8, 3518, 4136

TimeStamp
2006:04:22 14:49:02+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

FileDescription
Often Subtract

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Metallist

CodeSize
253952

FileSubtype
0

ProductVersionNumber
0.8.3518.4136

EntryPoint
0x3695e

ObjectFileType
Executable application

File identification
MD5 9c207a7e2f920f01ce916cea472ca842
SHA1 74ab56a3997606933795f6377c2f86df99d51810
SHA256 6e37c39bade829d7c9578c69cc58fa41a8d66d08519e6b67519da69bb7a66b93
ssdeep
24576:yJykiQ9I9cEGX1MVxaKIePgBn/SOFWcatf3Bi4zoGKxp6/:yJQQ9Onr9ID/SEatfUZGmp6/

authentihash d5e3e790262e6b4845e4918d065e29d610d036c4c04ed3b7bdbe5ce214714198
imphash d2504ed8dc1e812cc1c3bdd52781c752
File size 1.2 MB ( 1216512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.3%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-23 04:26:38 UTC ( 10 months ago )
Last submission 2018-08-07 06:55:54 UTC ( 6 months, 2 weeks ago )
File names it1.class
6e37c39bade829d7c9578c69cc58fa41a8d66d08519e6b67519da69bb7a66b93._exe
it2.class
it5.class
it4.class
6e37c39bade829d7c9578c69cc58fa41a8d66d08519e6b67519da69bb7a66b93_20180423-06_26_01_testv.php.vir
Often Subtract.exe
it3.class
crypt_0001_1044a.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Runtime DLLs