× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6e852e36a2118eed8cbff3904eb6c3b9b05fddec1f8f2f382c4c05dd535c60ed
File name: LxENN8pHuyrBcKzP12U.exe
Detection ratio: 14 / 68
Analysis date: 2017-12-15 06:29:35 UTC ( 1 year ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20171215
AVG FileRepMalware 20171215
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171212
CAT-QuickHeal Trojan.Drixed.100454 20171215
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.5ebfb0 20171103
Cylance Unsafe 20171215
Endgame malicious (high confidence) 20171130
Fortinet W32/Kryptik.FZTF!tr 20171215
Sophos ML heuristic 20170914
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.nc 20171215
Palo Alto Networks (Known Signatures) generic.ml 20171215
Qihoo-360 HEUR/QVM20.1.DAD7.Malware.Gen 20171215
SentinelOne (Static ML) static engine - malicious 20171207
Ad-Aware 20171215
AegisLab 20171215
AhnLab-V3 20171214
Alibaba 20171215
ALYac 20171215
Antiy-AVL 20171215
Arcabit 20171215
Avast-Mobile 20171214
Avira (no cloud) 20171215
AVware 20171215
BitDefender 20171215
Bkav 20171214
ClamAV 20171215
CMC 20171215
Comodo 20171215
Cyren 20171215
DrWeb 20171215
eGambit 20171215
Emsisoft 20171215
ESET-NOD32 20171215
F-Prot 20171215
F-Secure 20171215
GData 20171215
Ikarus 20171214
Jiangmin 20171215
K7AntiVirus 20171215
K7GW 20171214
Kaspersky 20171215
Kingsoft 20171215
Malwarebytes 20171215
MAX 20171215
McAfee 20171215
Microsoft 20171214
eScan 20171215
NANO-Antivirus 20171215
nProtect 20171215
Panda 20171214
Rising 20171215
Sophos AV 20171215
SUPERAntiSpyware 20171215
Symantec 20171215
Symantec Mobile Insight 20171215
Tencent 20171215
TheHacker 20171210
TotalDefense 20171215
TrendMicro 20171215
TrendMicro-HouseCall 20171215
Trustlook 20171215
VBA32 20171214
VIPRE 20171215
ViRobot 20171215
Webroot 20171215
WhiteArmor 20171204
Yandex 20171214
Zillya 20171214
ZoneAlarm by Check Point 20171215
Zoner 20171215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Cherreene Corporation.

Product Aviator Edi
Original name avb.exe
Internal name avb
File version 3.1.7
Description Aviator Editor 3
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1993-12-20 20:50:11
Entry Point 0x000018D0
Number of sections 5
PE sections
PE imports
GetBkColor
ImmRegisterWordW
GetLastError
GetSystemDefaultLCID
DeleteAtom
GetTickCount
GetHandleInformation
Sleep
DecodePointer
AddAtomW
GetCurrentThread
I_RpcMapWin32Status
SetupDiGetDeviceRegistryPropertyA
PathIsContentTypeW
PathMakePrettyW
PathAddExtensionW
GetMessageA
GetSystemMetrics
GetForegroundWindow
ReleaseDC
TabbedTextOutW
GetDC
timeGetSystemTime
_vswprintf_c_l
memcpy
Number of PE resources by type
RT_ICON 2
RT_BITMAP 2
RT_DIALOG 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.1.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Aviator Editor 3

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
88576

EntryPoint
0x18d0

OriginalFileName
avb.exe

MIMEType
application/octet-stream

LegalCopyright
Cherreene Corporation.

FileVersion
3.1.7

TimeStamp
1993:12:20 21:50:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
avb

ProductVersion
3.1.76

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Cherreene

CodeSize
0

ProductName
Aviator Edi

ProductVersionNumber
10.0.1.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 f0baa950f701918792e8aa7caed9088f
SHA1 7a6a45b5ebfb072e631158eafa96033f3e2c20d9
SHA256 6e852e36a2118eed8cbff3904eb6c3b9b05fddec1f8f2f382c4c05dd535c60ed
ssdeep
1536:AvTe49dIgFpFT9aFKn6Ar4jW4HC7bGX+3fz3JwBva1FJ+ydEx+/mJoc8Yw9uP0iq:Av/FpFT9aFGAWkhQzSen5m+c8Yw4Pjq

authentihash 8b4872f6f6d3a3b287523b7d243d2a07be4d338c2d7657474ea9b9614e1dfdfd
imphash 43e33588d0e6b7506bd0ebb614b48feb
File size 97.5 KB ( 99840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-15 06:29:35 UTC ( 1 year ago )
Last submission 2017-12-15 06:29:35 UTC ( 1 year ago )
File names 64929.exe
2484.exe
8491.exe
2920.exe
96124.exe
47725.exe
avb.exe
LxENN8pHuyrBcKzP12U.exe
1526.exe
7886.exe
avb
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications