× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 73195d0abc9f098e88fc20be11ae5bd83c3267d4875dbb70f69f551232c51e26
File name: Swift copy_pdf.exe
Detection ratio: 40 / 68
Analysis date: 2018-11-16 12:57:49 UTC ( 3 weeks, 2 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40751211 20181116
AegisLab Trojan.Win32.Androm.4!c 20181116
AhnLab-V3 Trojan/Win32.Agent.C2824432 20181116
ALYac Spyware.Lokibot 20181116
Arcabit Trojan.Generic.D26DD06B 20181116
Avast Win32:Trojan-gen 20181116
AVG Win32:Trojan-gen 20181116
Avira (no cloud) TR/AD.LokiBot.ijytp 20181116
BitDefender Trojan.GenericKD.40751211 20181116
ClamAV Win.Trojan.Agent-6747572-0 20181116
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cylance Unsafe 20181116
Cyren W32/Trojan.RLPG-2675 20181116
Emsisoft Trojan.GenericKD.40751211 (B) 20181116
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CQTS 20181116
Fortinet W32/Androm.CQTS!tr.bdr 20181116
GData Trojan.GenericKD.40751211 20181116
Ikarus Trojan.Inject 20181116
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 0054109e1 ) 20181116
K7GW Trojan ( 0054109e1 ) 20181116
Kaspersky Backdoor.Win32.Androm.qunu 20181116
Malwarebytes Spyware.LokiBot 20181116
MAX malware (ai score=100) 20181116
McAfee RDN/Generic.grp 20181116
McAfee-GW-Edition BehavesLike.Win32.Generic.bc 20181116
Microsoft Trojan:Win32/Occamy.C 20181116
eScan Trojan.GenericKD.40751211 20181116
NANO-Antivirus Trojan.Win32.Androm.fkdxgl 20181116
Palo Alto Networks (Known Signatures) generic.ml 20181116
Panda Trj/CI.A 20181116
Qihoo-360 Win32/Backdoor.0c0 20181116
Sophos AV Mal/Generic-S 20181116
Symantec Trojan Horse 20181116
TrendMicro TROJ_FRS.VSN0CK18 20181116
TrendMicro-HouseCall TROJ_FRS.VSN0CK18 20181116
VBA32 Trojan.Sonbokli 20181116
Webroot W32.Trojan.Gen 20181116
ZoneAlarm by Check Point Backdoor.Win32.Androm.qunu 20181116
Alibaba 20180921
Antiy-AVL 20181116
Avast-Mobile 20181116
Babable 20180918
Baidu 20181116
Bkav 20181116
CAT-QuickHeal 20181115
CMC 20181116
Cybereason 20180225
DrWeb 20181116
eGambit 20181116
F-Prot 20181116
F-Secure 20181116
Jiangmin 20181116
Kingsoft 20181116
Rising 20181116
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
TACHYON 20181116
Tencent 20181116
TheHacker 20181113
TotalDefense 20181116
Trustlook 20181116
VIPRE None
ViRobot 20181116
Yandex 20181115
Zillya 20181115
Zoner 20181116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Incomedia s.r.l. All rights reserved.

Product EmployAdverbs
Description Imagine Revutnalised Pdb
Comments Imagine Revutnalised Pdb
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-11 21:50:57
Entry Point 0x00041FE3
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
OpenProcessToken
RegCreateKeyA
RegQueryValueA
RegQueryValueExA
RegSetValueA
RegSetValueExA
RegDeleteValueA
GetFileSecurityA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
SetFileSecurityA
GetFileTitleA
FindTextW
PageSetupDlgA
SetMapMode
GetWindowOrgEx
GetNearestColor
GetTextMetricsA
CombineRgn
GetROP2
GetViewportOrgEx
GetTextExtentPointA
EndDoc
DeleteObject
IntersectClipRect
StretchDIBits
CreateEllipticRgn
GetPolyFillMode
SetPixelFormat
SetTextAlign
StretchBlt
GetTextFaceA
ScaleViewportExtEx
SetWindowExtEx
SetBkColor
GetBkColor
SetRectRgn
GetClipBox
GetCurrentPositionEx
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
LPtoDP
GetPixel
ExcludeClipRect
OffsetViewportOrgEx
SetBkMode
ChoosePixelFormat
BitBlt
GetObjectA
MoveToEx
SetAbortProc
ScaleWindowExtEx
PtVisible
ExtSelectClipRgn
SetROP2
EndPage
GetTextColor
Escape
SetViewportExtEx
GetWindowExtEx
PatBlt
CreatePen
SetStretchBltMode
Rectangle
GetDeviceCaps
CreateDCA
LineTo
DeleteDC
GetMapMode
StartPage
GetCharWidthA
CreatePatternBrush
CreateBitmap
RectVisible
GetStockObject
GetRgnBox
ExtTextOutA
SelectClipRgn
GetTextAlign
GetTextExtentPoint32A
SetWindowOrgEx
GetViewportExtEx
SetTextCharacterExtra
Polygon
GetBkMode
SaveDC
RestoreDC
CreateSolidBrush
SetTextColor
CreateFontA
SetViewportOrgEx
CreateCompatibleDC
SetBrushOrgEx
CreateRectRgn
SelectObject
StartDocA
SetPolyFillMode
Ellipse
GetStretchBltMode
DPtoLP
AbortDoc
CreateCompatibleBitmap
gluLookAt
DeleteProxyArpEntry
DisableMediaSense
GetTcpTable
DeleteIpNetEntry
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
lstrcmpW
FreeEnvironmentStringsA
DeleteCriticalSection
GetDiskFreeSpaceA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
GetStringTypeExA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
LoadLibraryExA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
GetCurrentProcess
MulDiv
ExitThread
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GetPrivateProfileIntA
DeleteFileA
GetPriorityClass
GetUserDefaultLCID
CompareStringW
GetFileSizeEx
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
IsValidLocale
DuplicateHandle
GlobalLock
GlobalAlloc
GetTimeZoneInformation
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
GetShortPathNameA
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
EnumSystemLocalesA
GetACP
GetModuleHandleW
FreeResource
SizeofResource
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
GetFileAttributesExA
FindResourceA
VirtualAlloc
TransparentBlt
CreateStdAccessibleObject
LresultFromObject
OleCreateFontIndirect
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
VariantChangeType
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
SysAllocStringByteLen
VariantInit
VariantChangeTypeEx
glShadeModel
glEnable
glClearColor
wglCreateContext
glViewport
glMatrixMode
glDepthFunc
glOrtho
glHint
glLoadIdentity
glClearDepth
SHGetFileInfoA
ExtractIconA
DragFinish
DragQueryFileA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
RedrawWindow
RegisterClipboardFormatA
GetForegroundWindow
SetWindowRgn
SetMenuItemBitmaps
SetRectEmpty
DestroyMenu
PostQuitMessage
GetMessagePos
LoadBitmapA
SetWindowPos
GetNextDlgTabItem
IsWindow
SetTimer
DispatchMessageA
EndPaint
GrayStringA
WindowFromPoint
DrawIcon
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
DialogBoxIndirectParamA
GetMenu
CreateWindowExA
EnumWindowStationsW
DefFrameProcA
GetClientRect
SetScrollPos
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
CopyAcceleratorTableA
ClientToScreen
GetTopWindow
LockWindowUpdate
ScrollWindow
GetWindowTextA
InvalidateRgn
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefWindowProcA
CreateCaret
GetClassInfoExA
GetMessageW
ShowWindow
GetPropA
GetNextDlgGroupItem
ValidateRect
TranslateMDISysAccel
GetTabbedTextExtentA
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
InsertMenuItemA
SetParent
IsZoomed
GetWindowPlacement
DrawMenuBar
EnableMenuItem
RegisterClassA
GetMenuItemCount
TabbedTextOutA
GetWindowLongA
GetDCEx
GetActiveWindow
ShowOwnedPopups
FillRect
SetWindowContextHelpId
DeferWindowPos
CreateWindowExW
UnregisterClassA
DestroyWindow
IsChild
IsDialogMessageA
SetFocus
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
CharNextA
RegisterWindowMessageA
DefMDIChildProcA
MapWindowPoints
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
IntersectRect
SetWindowLongA
IsRectEmpty
GetScrollInfo
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
CreateMenu
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ScreenToClient
GetClassLongA
InsertMenuA
GetCapture
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemInfoA
IsDlgButtonChecked
CheckDlgButton
GetMenuState
GetSystemMenu
ReuseDDElParam
GetDC
SetForegroundWindow
PostThreadMessageA
MapDialogRect
GetScrollRange
EndDialog
LoadMenuA
CopyRect
CreateDialogIndirectParamA
SetWindowTextA
MessageBeep
DrawTextExA
RemoveMenu
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
AppendMenuA
RegisterClassExW
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
GetMenuStringA
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
DialogBoxParamA
GetSysColor
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
ShowScrollBar
GetDesktopWindow
UnpackDDElParam
WinHelpA
DispatchMessageW
SetRect
DeleteMenu
InvalidateRect
SendMessageA
DrawTextA
TranslateAcceleratorA
CallWindowProcA
GetClassNameA
GetFocus
IsWindowVisible
ModifyMenuA
SetMenu
SetCursor
GetAppliedGPOListA
FreeGPOListA
GetGPOListA
WinHttpOpen
sndPlaySoundA
GetJobA
DocumentPropertiesA
ClosePrinter
OpenPrinterA
Ord(45)
Ord(88)
Ord(211)
Ord(136)
Ord(200)
Ord(143)
Ord(13)
OleUninitialize
CoUninitialize
OleTranslateAccelerator
OleDestroyMenuDescriptor
StgOpenStorageOnILockBytes
OleFlushClipboard
IsAccelerator
CLSIDFromProgID
RevokeDragDrop
CoRegisterMessageFilter
CLSIDFromString
CreateILockBytesOnHGlobal
CoGetClassObject
OleInitialize
CoLockObjectExternal
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
OleCreateMenuDescriptor
CoRevokeClassObject
CoFreeUnusedLibraries
OleIsCurrentClipboard
CoTaskMemFree
CreateAsyncBindCtx
WriteHitLogging
Number of PE resources by type
RT_BITMAP 14
PNG 7
RT_DIALOG 6
RT_ICON 6
RT_GROUP_CURSOR 2
RT_MENU 2
RT_CURSOR 2
TYPELIB 1
RT_MANIFEST 1
TXT 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 44
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

Comments
Imagine Revutnalised Pdb

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.4.5.3

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Imagine Revutnalised Pdb

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
443904

EntryPoint
0x41fe3

MIMEType
application/octet-stream

LegalCopyright
Incomedia s.r.l. All rights reserved.

TimeStamp
2018:11:11 22:50:57+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.4.5.3

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Incomedia s.r.l.

CodeSize
369152

ProductName
EmployAdverbs

ProductVersionNumber
3.4.5.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1e3f71b1b7516e2d67afb286d4065825
SHA1 1a7722a316993b3a5c9241a985c7cdc603aae861
SHA256 73195d0abc9f098e88fc20be11ae5bd83c3267d4875dbb70f69f551232c51e26
ssdeep
12288:kIMAxDfOXt+PyP9uRdlmDtWSpL5Yp0HNuj8Tk1TX0HHZg6h2p:kIVtA+PyPSmlt540tugTuTu5g6h2p

authentihash d08c3ae8798f348b3f31a0ec5571ba0a5425667a488925eff22c1168220862d8
imphash d81338432619e00a1c434716e848deda
File size 795.0 KB ( 814080 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-12 09:48:34 UTC ( 3 weeks, 6 days ago )
Last submission 2018-11-12 09:48:34 UTC ( 3 weeks, 6 days ago )
File names Swift copy_pdf.exe
swift copy_pdf.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.