× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 70406206c77dccf034d893495cfeac1cb89066375f57947dfdcf139a575e8663
File name: bigmac.jpg
Detection ratio: 12 / 66
Analysis date: 2017-10-08 05:52:38 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
ClamAV Win.Packer.VbPack-0-6334882-0 20171008
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170804
Cylance Unsafe 20171008
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Kryptik.FXIK 20171007
Fortinet W32/GenKryptik.AVJR!tr 20171008
Sophos ML heuristic 20170914
Malwarebytes Trojan.VBCrypt 20171008
Rising Malware.Heuristic!ET#100% (RDM+:cmRtazqHMbPdJhHD/fRN3aPRA5yz) 20171008
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/FareitVB-M 20171008
Symantec ML.Attribute.HighConfidence 20171007
Ad-Aware 20171008
AegisLab 20171008
AhnLab-V3 20171007
Alibaba 20170911
ALYac 20171007
Antiy-AVL 20171008
Arcabit 20171008
Avast 20171008
Avast-Mobile 20171007
AVG 20171008
Avira (no cloud) 20171007
AVware 20171008
Baidu 20170930
BitDefender 20171008
Bkav 20171007
CAT-QuickHeal 20171007
CMC 20171008
Comodo 20171008
Cyren 20171008
DrWeb 20171008
Emsisoft 20171008
F-Prot 20171008
F-Secure 20171008
GData 20171008
Ikarus 20171007
Jiangmin 20171008
K7AntiVirus 20171008
K7GW 20171008
Kaspersky 20171008
Kingsoft 20171008
MAX 20171008
McAfee 20171008
McAfee-GW-Edition 20171008
Microsoft 20171008
eScan 20171008
NANO-Antivirus 20171008
nProtect 20171008
Palo Alto Networks (Known Signatures) 20171008
Panda 20171007
Qihoo-360 20171008
SUPERAntiSpyware 20171008
Symantec Mobile Insight 20171006
Tencent 20171008
TheHacker 20171007
TotalDefense 20171008
TrendMicro 20171008
TrendMicro-HouseCall 20171008
Trustlook 20171008
VBA32 20171006
VIPRE 20171008
ViRobot 20171007
Webroot 20171008
WhiteArmor 20170927
Yandex 20171006
Zillya 20171006
ZoneAlarm by Check Point 20171008
Zoner 20171008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Trafikdrbt0

Product Combinant
Original name Isohel.exe
Internal name Isohel
File version 1.00
Description Arealberegningers
Comments Scintler
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-08 01:18:17
Entry Point 0x0000104C
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
__vbaExceptHandler
Ord(100)
MethCallEngine
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_AddRef
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Lacunule

SubsystemVersion
4.0

Comments
Scintler

InitializedDataSize
49152

ImageVersion
1.0

ProductName
Combinant

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Isohel.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0

TimeStamp
2017:10:08 02:18:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Isohel

ProductVersion
1.0

FileDescription
Arealberegningers

OSVersion
4.0

FileOS
Win32

LegalCopyright
Trafikdrbt0

MachineType
Intel 386 or later, and compatibles

CompanyName
canoN

CodeSize
159744

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x104c

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 69e27da38a07b962454a7f93cfae9502
SHA1 54d32e51a9bbf98f6ef7ad81f62d3486744bb3b8
SHA256 70406206c77dccf034d893495cfeac1cb89066375f57947dfdcf139a575e8663
ssdeep
3072:+ujpiI45DT6ZQq14qd+ofIuH8BE9Yv50K5fh9rOgD:+ujAIE6Z7EofIucG9Yv50K55Y6

authentihash 1dc952a140eac3420a2bc77959656f38bf6a70d5febe8a648950af69f112b9ef
imphash 2baf2cf5457a6cbc889a1294e9abb0e0
File size 164.0 KB ( 167936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-08 05:52:38 UTC ( 1 year, 4 months ago )
Last submission 2018-10-23 19:39:54 UTC ( 3 months, 4 weeks ago )
File names bigmac.jpg
bigmac.jpg.exe
69e27da38a07b962454a7f93cfae9502.vir
bigmac.jpg
Isohel
70406206c77dccf034d893495cfeac1cb89066375f57947dfdcf139a575e8663
69e27da38a07b962454a7f93cfae9502.vir
bigmac.jpg.exe
Isohel.exe
69e27da38a07b962454a7f93cfae9502.vir
70406206c77dccf034d893495cfeac1cb89066375f57947dfdcf139a575e8663
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications