× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6f548cd9a73a46d001a0bd9a6e2a78c2e3f288c7c224f7eef5af9110017e80b9
File name: .
Detection ratio: 24 / 71
Analysis date: 2018-12-08 18:47:31 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Agent.R245620 20181208
Antiy-AVL Trojan[Banker]/Win32.IcedID 20181208
Avast Win32:Malware-gen 20181208
AVG Win32:Malware-gen 20181208
Avira (no cloud) HEUR/AGEN.1037055 20181208
Comodo TrojWare.Win32.IcedID.H@7yk0jj 20181208
DrWeb Trojan.IcedID.15 20181208
ESET-NOD32 Win32/Spy.IcedId.H 20181208
Fortinet W32/GenKryptij.CRRJ!tr 20181208
Jiangmin Trojan.Banker.IcedID.dj 20181208
K7AntiVirus Spyware ( 0053a3c61 ) 20181208
K7GW Spyware ( 0053a3c61 ) 20181208
Kaspersky HEUR:Trojan.Win32.Generic 20181208
Malwarebytes Trojan.Banker 20181208
McAfee GenericRXGP-NZ!6A665F1ADAAE 20181208
McAfee-GW-Edition GenericRXGP-NZ!6A665F1ADAAE 20181208
Microsoft TrojanSpy:Win32/IcedId.B!dha 20181208
NANO-Antivirus Trojan.Win32.IcedID.fkmiep 20181208
Panda Trj/GdSda.A 20181207
Rising Spyware.IcedId!8.F061 (RDM+:cmRtazpsJN9v+lrM0ZAHwQ0DIvVH) 20181208
Webroot W32.Trojan.Gen 20181208
Yandex Trojan.PWS.IcedID! 20181207
Zillya Trojan.IcedID.Win32.13 20181206
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181208
Ad-Aware 20181208
AegisLab 20181208
Alibaba 20180921
ALYac 20181208
Arcabit 20181208
Avast-Mobile 20181208
AVware 20180925
Babable 20180918
Baidu 20181207
BitDefender 20181208
Bkav 20181206
CAT-QuickHeal 20181207
ClamAV 20181208
CMC 20181207
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181208
Cyren 20181208
eGambit 20181208
Emsisoft 20181208
Endgame 20181108
F-Prot 20181208
F-Secure 20181208
GData 20181208
Ikarus 20181208
Sophos ML 20181128
Kingsoft 20181208
MAX 20181208
eScan 20181208
Palo Alto Networks (Known Signatures) 20181208
Qihoo-360 20181208
SentinelOne (Static ML) 20181011
Sophos AV 20181208
SUPERAntiSpyware 20181205
Symantec 20181208
Symantec Mobile Insight 20181207
TACHYON 20181208
Tencent 20181208
TheHacker 20181202
TotalDefense 20181208
Trapmine 20181205
TrendMicro 20181208
TrendMicro-HouseCall 20181208
Trustlook 20181208
VBA32 20181207
VIPRE 20181208
ViRobot 20181207
Zoner 20181207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright© 2019-2013 Terrasoft Such, Inc.

Product Portcrowd
Original name slowmountain.exe
Internal name slowmountain.exe
File version 7.8.26.13
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-19 12:29:38
Entry Point 0x000099AA
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
OpenServiceA
RegQueryValueExA
RegCreateKeyExA
DeleteService
RegOpenKeyA
OpenProcessToken
QueryServiceStatus
RegOpenKeyExA
GetTokenInformation
OpenThreadToken
RegEnumKeyA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
SetEntriesInAclA
OpenSCManagerA
CreateToolbarEx
ImageList_SetOverlayImage
ImageList_Destroy
ImageList_LoadImageA
DestroyPropertySheetPage
Ord(6)
Ord(17)
GetOpenFileNameA
GetSaveFileNameA
CreatePatternBrush
GetBkColor
GetSystemTime
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
AreFileApisANSI
ReadFile
GetStartupInfoW
GetLocaleInfoW
GetModuleFileNameW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetACP
RaiseException
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetDateFormatA
LoadLibraryExA
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
LCMapStringW
OpenProcess
UnhandledExceptionFilter
GetModuleHandleW
GetWindowsDirectoryA
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetProcessHeap
GetConsoleCP
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetTempPathA
ReadConsoleW
WideCharToMultiByte
TlsFree
GetModuleHandleA
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
IsValidLocale
GetSystemDirectoryA
HeapReAlloc
DecodePointer
GetUserDefaultLCID
HeapAlloc
TerminateProcess
GetModuleFileNameA
GetModuleHandleExW
GetEnvironmentVariableA
OutputDebugStringW
SetLastError
CreateFileW
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
EncodePointer
GetCurrentThreadId
FindResourceA
WriteConsoleW
LeaveCriticalSection
Ord(156)
Ord(48)
Ord(154)
Ord(58)
Ord(140)
Ord(152)
Ord(142)
Ord(150)
Ord(117)
Ord(162)
Ord(63)
Ord(121)
Ord(18)
Ord(160)
Ord(24)
Ord(167)
Ord(44)
Ord(78)
Ord(165)
Ord(20)
Ord(64)
Ord(72)
Ord(119)
Ord(145)
Ord(49)
Ord(155)
Ord(147)
Ord(59)
Ord(61)
Ord(69)
Ord(141)
Ord(153)
Ord(68)
Ord(43)
Ord(166)
Ord(170)
Ord(16)
AppendMenuA
TrackPopupMenu
SetWindowsHookExA
GetActiveWindow
PostMessageA
FillRect
DrawFrameControl
IsDialogMessageA
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.8.26.13

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
315904

EntryPoint
0x99aa

OriginalFileName
slowmountain.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2019-2013 Terrasoft Such, Inc.

FileVersion
7.8.26.13

TimeStamp
2014:11:19 04:29:38-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
slowmountain.exe

ProductVersion
7.8.26.13

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Terrasoft Such

CodeSize
224256

ProductName
Portcrowd

ProductVersionNumber
7.8.26.13

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6a665f1adaae7806e9bd42463133cec2
SHA1 4fc56f11d40087441cf6d082ade242306d2de20b
SHA256 6f548cd9a73a46d001a0bd9a6e2a78c2e3f288c7c224f7eef5af9110017e80b9
ssdeep
12288:RgWioobUNeZxx6Fk6XzjkzybXcPP99ZNcxr:RVPgC9zjkzybXcPxNcxr

authentihash 44c5fd77e0e2a3827119c5310563f980de37649ef0c9127494812da6295eadc0
imphash 08a4fe7032f0e73953d29de7217f5f7e
File size 448.5 KB ( 459264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-08 18:47:31 UTC ( 3 months, 2 weeks ago )
Last submission 2018-12-08 18:47:31 UTC ( 3 months, 2 weeks ago )
File names slowmountain.exe
.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!