× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6f35196310894afed8b2ef6bdc8c9baa8802ec973f2f14eaee97bfe4be49b9d8
File name: eve.exe
Detection ratio: 29 / 70
Analysis date: 2019-02-09 03:10:40 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31672552 20190208
Avast Win32:Malware-gen 20190208
AVG Win32:Malware-gen 20190208
Avira (no cloud) TR/AD.GandCrab.mwfxs 20190208
BitDefender Trojan.GenericKD.31672552 20190208
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
DrWeb Trojan.Encoder.27143 20190208
Emsisoft Trojan.GenericKD.31672552 (B) 20190208
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Generik.ESWPEWV 20190208
F-Secure Trojan.TR/AD.GandCrab.mwfxs 20190208
GData Win32.Packed.Kryptik.QJD90A 20190208
Ikarus Win32.Outbreak 20190208
Sophos ML heuristic 20181128
Kaspersky Trojan-Ransom.Win32.GandCrypt.hos 20190208
MAX malware (ai score=80) 20190208
McAfee RDN/Generic.dx 20190208
McAfee-GW-Edition BehavesLike.Win32.Generic.hc 20190208
Microsoft Trojan:Win32/Casdet!rfn 20190208
eScan Trojan.GenericKD.31672552 20190208
Palo Alto Networks (Known Signatures) generic.ml 20190208
Qihoo-360 HEUR/QVM10.2.17CF.Malware.Gen 20190208
Rising Trojan.Casdet!8.FAA9 (CLOUD) 20190208
Symantec ML.Attribute.HighConfidence 20190208
Trapmine malicious.moderate.ml.score 20190123
TrendMicro Ransom_HPLOCKY.SME1 20190208
TrendMicro-HouseCall Ransom_HPLOCKY.SME1 20190208
Webroot W32.Malware.Gen 20190208
ZoneAlarm by Check Point Trojan-Ransom.Win32.GandCrypt.hos 20190208
Acronis 20190207
AegisLab 20190208
AhnLab-V3 20190208
Alibaba 20180921
ALYac 20190208
Antiy-AVL 20190208
Arcabit 20190208
Avast-Mobile 20190208
Babable 20180917
Baidu 20190201
Bkav 20190201
CAT-QuickHeal 20190208
ClamAV 20190208
CMC 20190208
Comodo 20190208
Cybereason 20190109
Cylance 20190208
Cyren 20190208
eGambit 20190208
F-Prot 20190208
Fortinet 20190208
Jiangmin 20190208
K7AntiVirus 20190208
K7GW 20190208
Kingsoft 20190208
Malwarebytes 20190208
NANO-Antivirus 20190208
Panda 20190208
SentinelOne (Static ML) 20190203
Sophos AV 20190208
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190206
TACHYON 20190208
Tencent 20190208
TheHacker 20190203
TotalDefense 20190206
Trustlook 20190208
VBA32 20190208
ViRobot 20190208
Yandex 20190207
Zillya 20190208
Zoner 20190208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©. All rights reserved. Indigo Rose Corporation

Product AnchrsSavedcheckin
File version 2.5.4.56
Description Attentional Touch Rooted
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-08 11:54:17
Entry Point 0x000068C6
Number of sections 4
PE sections
PE imports
AVIFileInit
AVIFileExit
AVIStreamInfoA
AVIStreamOpenFromFileA
CryptFindOIDInfo
GetSystemPaletteEntries
CreatePen
CombineRgn
Rectangle
GetObjectA
LineTo
DeleteDC
ChoosePixelFormat
BitBlt
RealizePalette
DescribePixelFormat
MoveToEx
CreatePalette
GetStockObject
SelectPalette
UnrealizeObject
SetPixelFormat
CreateCompatibleDC
SwapBuffers
CreateRectRgn
SelectObject
SetBkColor
DeleteObject
Ellipse
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
ResumeThread
LoadResource
TlsGetValue
OutputDebugStringA
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
ExitThread
TerminateProcess
WriteConsoleA
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
OpenProcess
DeleteFileA
GetProcAddress
GetConsoleScreenBufferInfo
GetProcessHeap
lstrcpyA
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
acmDriverClose
GradientFill
ICCompressorChoose
DsGetRdnW
SystemTimeToVariantTime
glIndexi
wglDeleteContext
glFlush
glColor3f
wglMakeCurrent
wglCreateContext
glViewport
glClear
glEnd
glVertex2i
glBegin
glRotatef
SHGetSpecialFolderLocation
SHBrowseForFolderA
ShellExecuteA
Shell_NotifyIconA
StrToIntExA
RedrawWindow
GetForegroundWindow
UpdateWindow
BeginPaint
EnumWindows
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
GetWindowThreadProcessId
EnableMenuItem
DispatchMessageA
EndPaint
SetDlgItemTextA
PostMessageA
LoadImageA
MessageBoxA
PeekMessageA
TranslateMessage
MsgWaitForMultipleObjectsEx
SetActiveWindow
GetDC
RegisterClassExA
GetCursorPos
ReleaseDC
LoadMenuA
RegisterClassW
OffsetRect
SendMessageA
GetWindowTextA
GetClientRect
GetDlgItem
IsIconic
ClientToScreen
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
FillRect
IsDlgButtonChecked
GetDialogBaseUnits
CreateWindowExW
GetMessageA
DestroyWindow
WindowFromDC
recv
WSAGetLastError
send
PE exports
Number of PE resources by type
RT_ICON 5
RT_DIALOG 4
REGISTRY 4
TXT 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
PE resources
ExifTool file metadata
CodeSize
263680

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.5.4.56

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Attentional Touch Rooted

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
257536

EntryPoint
0x68c6

MIMEType
application/octet-stream

LegalCopyright
Copyright . All rights reserved. Indigo Rose Corporation

FileVersion
2.5.4.56

TimeStamp
2019:02:08 12:54:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.5.4.56

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Indigo Rose Corporation

LegalTrademarks
Copyright . All rights reserved. Indigo Rose Corporation

ProductName
AnchrsSavedcheckin

ProductVersionNumber
2.5.4.56

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 26ea7a3076dc47bb078d05991087d75e
SHA1 1c04df01c69a8d043b3a046decc03da9b438bf01
SHA256 6f35196310894afed8b2ef6bdc8c9baa8802ec973f2f14eaee97bfe4be49b9d8
ssdeep
12288:lXAOApTSstWZdxCPEgeDjEZW3udTs4KKeCN9/vA1Tl5:6fIsMZdxCPEgeDjEZWedThVN9gtl5

authentihash 24e09595e5198aee085689d121df6a610b8ad5aeaadaaf6970450b9099d0c0e5
imphash 4948484549742ecea78b5786117881f3
File size 510.0 KB ( 522240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-08 12:40:51 UTC ( 3 months, 2 weeks ago )
Last submission 2019-03-11 11:33:06 UTC ( 2 months, 1 week ago )
File names man.exe
eve.exe
n.exe
6f35196310894afed8b2ef6bdc8c9baa8802ec973f2f14eaee97bfe4be49b9d8.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Terminated processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.