× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7199fb2ed59ddd47792822fc3936224a04ce19ebe1eb79439e062fd22043566d
File name: outurg.bin
Detection ratio: 4 / 65
Analysis date: 2018-05-29 17:25:11 UTC ( 9 months, 3 weeks ago ) View latest
Antivirus Result Update
DrWeb Trojan.PWS.Banker1.27687 20180529
Endgame malicious (high confidence) 20180507
Sophos ML heuristic 20180503
Webroot W32.Adware.Gen 20180529
Ad-Aware 20180529
AegisLab 20180529
AhnLab-V3 20180529
Alibaba 20180529
ALYac 20180529
Antiy-AVL 20180529
Arcabit 20180529
Avast 20180529
Avast-Mobile 20180529
AVG 20180529
Avira (no cloud) 20180529
AVware 20180529
Babable 20180406
Baidu 20180529
BitDefender 20180529
Bkav 20180529
CAT-QuickHeal 20180529
ClamAV 20180529
CMC 20180529
Comodo 20180529
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cylance 20180529
Cyren 20180529
eGambit 20180529
Emsisoft 20180529
ESET-NOD32 20180529
F-Prot 20180529
F-Secure 20180529
Fortinet 20180529
GData 20180529
Ikarus 20180529
Jiangmin 20180529
K7AntiVirus 20180529
K7GW 20180529
Kaspersky 20180529
Kingsoft 20180529
Malwarebytes 20180529
MAX 20180529
McAfee 20180529
McAfee-GW-Edition 20180529
Microsoft 20180529
eScan 20180529
NANO-Antivirus 20180529
nProtect 20180529
Palo Alto Networks (Known Signatures) 20180529
Panda 20180529
Qihoo-360 20180529
Rising 20180529
SentinelOne (Static ML) 20180225
Sophos AV 20180529
SUPERAntiSpyware 20180529
Symantec 20180529
Symantec Mobile Insight 20180525
Tencent 20180529
TheHacker 20180524
TrendMicro 20180529
TrendMicro-HouseCall 20180529
Trustlook 20180529
VBA32 20180529
VIPRE 20180529
ViRobot 20180529
Yandex 20180529
Zillya 20180528
ZoneAlarm by Check Point 20180529
Zoner 20180528
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Product Dapox
Original name Prorektorlar.exe
Internal name Prorektorlar
File version 1.00
Description Dapoxetine-Priligy
Signature verification Signed file, verified signature
Signing date 6:59 AM 3/1/2019
Signers
[+] LINKB2P LTD
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 11:00 PM 05/27/2018
Valid to 10:59 PM 05/28/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint AA0FCA7FFC3F84A7E1C7377089BC9CBCA3174663
Serial number 14 65 E1 1E 06 2A AC 2D CD 59 14 F0 4E 03 51 BB
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 11:00 PM 05/08/2013
Valid to 10:59 PM 05/08/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 12:00 AM 01/19/2010
Valid to 11:59 PM 01/18/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-29 09:58:35
Entry Point 0x00001808
Number of sections 3
PE sections
Overlays
MD5 394591bb50b5cdf7c32fb64fd5f34f6a
File type data
Offset 290816
Size 3576
Entropy 7.40
PE imports
_adj_fdivr_m64
Ord(518)
__vbaInputFile
__vbaStrMove
_adj_fprem
__vbaAryMove
__vbaCopyBytes
__vbaCyMul
_adj_fdiv_r
_allmul
__vbaObjSetAddref
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaI2Var
_CIlog
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
Ord(581)
__vbaFpCmpCy
__vbaI4Var
Ord(608)
__vbaFreeStr
__vbaLateIdCallLd
__vbaStrI2
__vbaStrI4
Ord(709)
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
Ord(516)
__vbaR8Cy
Ord(607)
__vbaLenBstr
__vbaRedimPreserve
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
Ord(589)
__vbaCySgn
__vbaFreeVar
_adj_fprem1
__vbaFileOpen
Ord(711)
__vbaInStrVar
__vbaAryLock
EVENT_SINK_Release
__vbaVarTstEq
Ord(593)
__vbaOnError
_adj_fdivr_m32i
__vbaFpCy
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaStrCmp
Ord(570)
__vbaAryUnlock
__vbaVarLateMemSt
__vbaFreeObjList
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
__vbaCastObj
__vbaExitProc
__vbaVarTstNe
__vbaLateMemCallLd
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
_CIcos
__vbaVarMove
__vbaFPInt
__vbaNew2
__vbaR8IntI4
__vbaAryDestruct
__vbaAryCopy
Ord(621)
Ord(619)
Ord(588)
_adj_fdiv_m32
Ord(535)
__vbaCyI2
__vbaEnd
__vbaLateMemSt
_adj_fpatan
Ord(712)
__vbaStrCopy
Ord(632)
Ord(594)
Ord(645)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
EVENT_SINK_AddRef
_CIsin
_CIsqrt
_CIatan
__vbaVarDiv
Ord(617)
__vbaObjSet
Ord(644)
__vbaVarCat
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI4
Ord(598)
__vbaFpI2
Number of PE resources by type
CDROM 2
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
172032

ImageVersion
1.0

ProductName
Dapox

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Prorektorlar.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2018:05:29 11:58:35+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Prorektorlar

ProductVersion
1.0

FileDescription
Dapoxetine-Priligy

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Prorektorlar

CodeSize
114688

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1808

ObjectFileType
Executable application

Execution parents
File identification
MD5 f0370f160bfa8338f386a0bdf4d1b481
SHA1 4a3babbe311e7367059e7876704f519609da5c00
SHA256 7199fb2ed59ddd47792822fc3936224a04ce19ebe1eb79439e062fd22043566d
ssdeep
3072:swC6by9EewToo+K2czZPIKjnG23Gu5XmlJmII94iOuX8477Swa7nrRHYsWnVG:XyC5+KxzJjG22SXthLd7Gwa79WE

authentihash 506d3ca7c53ab8a0040b6a13f64e41a5d8522e2f15c8848ce85269c16473af8b
imphash ab96b9947ac3539e14f8acba94f640be
File size 287.5 KB ( 294392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-05-29 17:25:11 UTC ( 9 months, 3 weeks ago )
Last submission 2018-05-29 17:25:11 UTC ( 9 months, 3 weeks ago )
File names Rwidazbzztfg.exe
gwoehftvyy.exe
Prorektorlar
outurg.bin
Prorektorlar.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.