× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 70900b5777ea48f4c635f78b597605e9bdbbee469b3052f1bd0088a1d18f85d3
File name: 1.exe
Detection ratio: 45 / 69
Analysis date: 2018-12-21 15:12:42 UTC ( 2 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31376452 20181221
AhnLab-V3 Malware/Win32.Generic.C2864719 20181221
ALYac Trojan.GenericKD.31376452 20181221
Antiy-AVL Trojan[PSW]/Win32.Azorult 20181221
Arcabit Trojan.Generic.D1DEC444 20181221
Avast Win32:Malware-gen 20181221
AVG Win32:Malware-gen 20181221
Avira (no cloud) TR/AD.MoksSteal.dnrib 20181221
BitDefender Trojan.GenericKD.31376452 20181221
CAT-QuickHeal Trojan.Multi 20181221
Comodo Malware@#39jc732ayxgmy 20181220
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181221
Cyren W32/Trojan.ZRQV-0735 20181221
DrWeb Trojan.PWS.Stealer.24943 20181221
Emsisoft Trojan.GenericKD.31376452 (B) 20181221
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNGY 20181221
F-Secure Trojan.GenericKD.31376452 20181221
Fortinet W32/GenKryptik.CSCS!tr 20181221
GData Trojan.GenericKD.31376452 20181221
Ikarus Trojan.AD.MoksSteal 20181221
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005423471 ) 20181221
K7GW Trojan ( 005423471 ) 20181221
Kaspersky Trojan-PSW.Win32.Azorult.ahy 20181221
MAX malware (ai score=99) 20181221
McAfee RDN/Generic.com 20181221
McAfee-GW-Edition BehavesLike.Win32.Dropper.fh 20181221
Microsoft Trojan:Win32/Occamy.C 20181221
eScan Trojan.GenericKD.31376452 20181221
NANO-Antivirus Trojan.Win32.Azorult.fkpxnn 20181221
Palo Alto Networks (Known Signatures) generic.ml 20181221
Panda Trj/CI.A 20181220
Qihoo-360 Win32/Trojan.PSW.b94 20181221
Sophos AV Mal/Generic-S 20181221
Symantec Trojan.Gen.2 20181221
TACHYON Trojan-PWS/W32.Azorult.401920 20181221
TrendMicro Trojan.Win32.SMOKELOAD.AC 20181221
TrendMicro-HouseCall Trojan.Win32.SMOKELOAD.AC 20181221
VBA32 TrojanPSW.Azorult 20181221
ViRobot Trojan.Win32.Z.Azorult.401920 20181221
Webroot W32.Trojan.GenKD 20181221
Zillya Adware.Azorult.Win32.22 20181219
ZoneAlarm by Check Point Trojan-PSW.Win32.Azorult.ahy 20181221
Acronis 20180726
AegisLab 20181221
Alibaba 20180921
Avast-Mobile 20181221
Babable 20180918
Baidu 20181207
ClamAV 20181221
CMC 20181220
Cybereason 20180225
eGambit 20181221
F-Prot 20181221
Jiangmin 20181221
Kingsoft 20181221
Malwarebytes 20181221
Rising 20181221
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
Tencent 20181221
TheHacker 20181220
TotalDefense 20181221
Trapmine 20181205
Trustlook 20181221
Yandex 20181221
Zoner 20181221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C)Beepa Pty Ltd

Product Presidency
Internal name Presidency
File version 7.6.3.8
Description Schoolers Possessed Reassembling Harnessed
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-24 13:48:53
Entry Point 0x0001FE82
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
LsaQueryInformationPolicy
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
AVIStreamWrite
ImageList_GetImageCount
PropertySheetA
InitCommonControlsEx
ImageList_Destroy
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Draw
DestroyPropertySheetPage
ImageList_Create
ImageList_DrawIndirect
Ord(6)
CreatePropertySheetPageA
Ord(8)
ImageList_LoadImageA
PrintDlgA
GetOpenFileNameA
ChooseColorA
PageSetupDlgA
GetSaveFileNameA
DeleteEnhMetaFile
PatBlt
CreatePen
SaveDC
CreateFontIndirectA
CreateRectRgnIndirect
CombineRgn
Rectangle
GetObjectA
CreateDCA
DeleteDC
RestoreDC
SetBkMode
EndDoc
StartPage
BitBlt
CreateDIBSection
SetTextColor
OffsetWindowOrgEx
CreatePatternBrush
GetDeviceCaps
GetCurrentObject
FillRgn
CreateBitmap
GetStockObject
PlayEnhMetaFile
CreateEnhMetaFileA
SelectClipRgn
CreateCompatibleDC
StretchBlt
CloseEnhMetaFile
SetBrushOrgEx
EndPage
AbortDoc
StartDocA
ResetDCA
GetEnhMetaFileHeader
CreateSolidBrush
SelectObject
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
InterlockedPopEntrySList
WaitForSingleObject
EncodePointer
SystemTimeToTzSpecificLocalTime
CreatePipe
HeapReAlloc
GetConsoleMode
lstrcatA
FreeEnvironmentStringsW
InitializeSListHead
FileTimeToSystemTime
SetStdHandle
GetFileTime
GetCPInfo
LoadLibraryW
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetExitCodeProcess
InterlockedPushEntrySList
OutputDebugStringW
FindClose
TlsGetValue
SetLastError
GetSystemTime
InterlockedDecrement
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
RaiseException
FreeLibrary
GetPriorityClass
LoadLibraryExA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
GetModuleHandleA
CreateThread
DeleteCriticalSection
SetUnhandledExceptionFilter
GetCurrentProcess
MulDiv
IsProcessorFeaturePresent
GetSystemTimes
ExitThread
SetHandleInformation
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
VirtualQuery
ReadConsoleW
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
OpenProcess
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
Process32Next
GetStartupInfoA
GetDateFormatA
DecodePointer
GetFileSize
Process32First
GetStartupInfoW
GlobalLock
GetProcessHeap
CompareStringW
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
GetTimeFormatA
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
GlobalAlloc
OpenFile
SizeofResource
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
HeapSize
GetCommandLineA
InterlockedCompareExchange
SetEndOfFile
TlsFree
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetVolumeInformationA
GetACP
GetModuleHandleW
GetFileAttributesExW
CreateProcessA
WideCharToMultiByte
IsValidCodePage
FindResourceW
VirtualFree
Sleep
FindResourceA
VirtualAlloc
NetWkstaGetInfo
Ord(75)
VarUI4FromStr
SHCreateShellItem
SHGetSpecialFolderLocation
Shell_NotifyIconA
SHGetDesktopFolder
PathUnquoteSpacesA
SetFocus
GetMessagePos
MoveWindow
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
ClientToScreen
SetMenuItemInfoA
WindowFromPoint
GetDC
GetCursorPos
ReleaseDC
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
SetMenuDefaultItem
CallNextHookEx
LoadAcceleratorsA
IsClipboardFormatAvailable
GetActiveWindow
GetWindowTextW
LoadImageA
GetMenuItemCount
EnumWindowStationsW
GetKeyState
PtInRect
GetMessageA
GetParent
UpdateWindow
RegisterWindowMessageA
GetClassInfoExA
RegisterClassExA
ShowWindow
DrawFrameControl
EnumDisplayMonitors
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
LoadStringA
SetClipboardData
CharLowerA
LoadStringW
EnableMenuItem
TrackPopupMenuEx
GetSubMenu
SetTimer
FillRect
MonitorFromPoint
CharNextA
GetSysColorBrush
GetDialogBaseUnits
EndPaint
DestroyWindow
MapWindowPoints
DrawEdge
BeginPaint
OffsetRect
KillTimer
GetMonitorInfoA
GetMenuItemInfoA
DefWindowProcA
CheckMenuRadioItem
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
InflateRect
PostMessageA
DrawIcon
SetWindowLongA
CreatePopupMenu
GetWindowLongA
CreateWindowExA
GetDlgItem
ScreenToClient
InsertMenuA
FindWindowExA
LoadCursorA
SetWindowsHookExA
GetMenuStringA
SetDlgItemInt
FindWindowExW
GetMenuItemID
OpenClipboard
DrawTextA
EndDialog
LoadMenuA
FindWindowA
MessageBeep
RemoveMenu
GetWindowThreadProcessId
AppendMenuA
UnhookWindowsHookEx
SetDlgItemTextA
SetRectEmpty
MessageBoxA
IsMenu
GetWindowDC
AdjustWindowRectEx
DialogBoxParamA
GetSysColor
CopyImage
SystemParametersInfoA
OemKeyScan
IsWindowVisible
MonitorFromWindow
FrameRect
SetRect
DeleteMenu
InvalidateRect
wsprintfA
SetWindowTextA
TranslateAcceleratorA
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
ModifyMenuA
SetMenu
OpenPrinterA
GetPrinterA
ClosePrinter
gethostbyname
htons
socket
WSAGetLastError
SymGetSymFromAddr
SymGetSearchPath
SymInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
WriteClassStg
StgCreateDocfile
CoTaskMemFree
RevokeFormatEnumerator
Ord(600)
Ord(602)
Number of PE resources by type
RT_ICON 6
RT_STRING 5
RCDATA 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
CodeSize
203776

SubsystemVersion
5.1

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.6.3.8

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Schoolers Possessed Reassembling Harnessed

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
197120

PrivateBuild
7.6.3.8

EntryPoint
0x1fe82

MIMEType
application/octet-stream

LegalCopyright
(C)Beepa Pty Ltd

FileVersion
7.6.3.8

TimeStamp
2018:11:24 14:48:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Presidency

ProductVersion
7.6.3.8

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Beepa Pty Ltd

LegalTrademarks
(C)Beepa Pty Ltd

ProductName
Presidency

ProductVersionNumber
7.6.3.8

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 dac96a0b7f57c11e86c3189af70d60ef
SHA1 366d6b22768dc6a38f50758e2c3c9f62a7f46042
SHA256 70900b5777ea48f4c635f78b597605e9bdbbee469b3052f1bd0088a1d18f85d3
ssdeep
6144:LPKVDs/Oy3gWZ2c3gU6HC7Ck0Low+VaYdKt6QXI+JtKIPT8qNnpK4x:mVDsWy3z2cwU6HUCFLW3d/+DHb8qNpjx

authentihash 7968dd56754c77f77d5b13eb11eda6be818add13a451aa6f4e98657c26975f03
imphash 8c3a6abf52dba35c50533e49a51ca3b2
File size 392.5 KB ( 401920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-26 02:01:25 UTC ( 3 months, 3 weeks ago )
Last submission 2018-11-26 02:01:25 UTC ( 3 months, 3 weeks ago )
File names 1.exe
Presidency
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications