× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 743e359b45fabae36f8f6dbaff11d57863698e8b44c758ee75347b32c7db0462
File name: 9d58e33355871fd29144e7d1cf0d532179de53a5
Detection ratio: 29 / 57
Analysis date: 2016-04-30 05:38:21 UTC ( 2 years, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3187132 20160430
AhnLab-V3 Trojan/Win32.Agent 20160429
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20160430
Arcabit Trojan.Generic.D30A1BC 20160430
Avast Win32:Malware-gen 20160430
AVG Crypt5.BBTW 20160430
Avira (no cloud) TR/Crypt.Xpack.hhqc 20160430
Baidu Win32.Trojan.WisdomEyes.151026.9950.9998 20160429
BitDefender Trojan.GenericKD.3187132 20160430
DrWeb Trojan.Encoder.4433 20160430
Emsisoft Trojan.GenericKD.3187132 (B) 20160430
ESET-NOD32 a variant of Win32/Kryptik.EVXL 20160429
F-Secure Trojan.GenericKD.3187132 20160430
Fortinet W32/Androm.EVXL!tr.bdr 20160430
GData Trojan.GenericKD.3187132 20160430
Ikarus Trojan.Win32.Crypt 20160429
K7AntiVirus Trojan ( 004ec4d01 ) 20160429
K7GW Trojan ( 004ec4d01 ) 20160430
Kaspersky Backdoor.Win32.Androm.jnzr 20160430
McAfee Artemis!70560599A442 20160430
McAfee-GW-Edition BehavesLike.Win32.Backdoor.hh 20160429
Microsoft Ransom:Win32/Teerac 20160430
eScan Trojan.GenericKD.3187132 20160430
Panda Generic Suspicious 20160429
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20160430
Rising Backdoor.Androm!8.113-u3PiQmL3qkS (Cloud) 20160430
Sophos AV Mal/Generic-S 20160430
TrendMicro Ransom_CRILOCK.CBQ164T 20160430
TrendMicro-HouseCall Ransom_CRILOCK.CBQ164T 20160430
AegisLab 20160430
Alibaba 20160429
ALYac 20160430
AVware 20160430
Baidu-International 20160429
Bkav 20160429
CAT-QuickHeal 20160430
ClamAV 20160429
CMC 20160429
Comodo 20160429
Cyren 20160430
F-Prot 20160430
Jiangmin 20160430
Kingsoft 20160430
Malwarebytes 20160430
NANO-Antivirus 20160430
nProtect 20160429
SUPERAntiSpyware 20160430
Symantec 20160430
Tencent 20160430
TheHacker 20160429
TotalDefense 20160426
VBA32 20160429
VIPRE 20160430
ViRobot 20160430
Yandex 20160429
Zillya 20160429
Zoner 20160430
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2015 Lamantine Software a.s.

Internal name spLauncher
File version 8.0.4.34
Description Sticky Password
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-29 10:27:11
Entry Point 0x00001370
Number of sections 4
PE sections
PE imports
RegOpenKeyW
RegQueryValueExW
CreatePatternBrush
SetMetaRgn
CreateHalftonePalette
DeleteColorSpace
GetTextCharset
EndPath
VirtualAlloc
GetModuleHandleW
GetDlgCtrlID
LoadIconA
IsGUIThread
CloseWindow
IsCharAlphaNumericW
GetKeyState
WindowFromDC
Number of PE resources by type
RT_ICON 7
RT_STRING 5
RT_RCDATA 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
NEUTRAL 2
PE resources
ExifTool file metadata
LegalTrademarks
> OriginalFilename

assexe
@ProductName

LinkerVersion
9.0

ImageVersion
0.0

ckyPassword
6 ProductVersion

FileVersionNumber
8.0.4.34

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Sticky Password

CharacterSet
Windows, Latin1

InitializedDataSize
197120

Tag434
THomepage

EntryPoint
0x1370

MIMEType
application/octet-stream

LegalCopyright
Copyright 2015 Lamantine Software a.s.

FileVersion
8.0.4.34

TimeStamp
2016:04:29 11:27:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
spLauncher

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Lam antine Software a.s.

CodeSize
410112

FileSubtype
0

ProductVersionNumber
8.0.4.34

FileTypeExtension
exe

ObjectFileType
Executable application

pwwwstickypasswordcom
D

Compressed bundles
File identification
MD5 70560599a442a469b64b023d47122f24
SHA1 a0f6e1bd35dee915e8c622aca6cf1b8c93a2c657
SHA256 743e359b45fabae36f8f6dbaff11d57863698e8b44c758ee75347b32c7db0462
ssdeep
12288:OIfAuw6s3+K54dyjEfGeddDnud0waAdKd:OIfAuw6sOKtwfGeHudiAd

authentihash cd702f223287b4706c63a960f36f441dbb59b09e022020a8581f0ae3a1df525b
imphash a851c2db0a8041b7c64ab6ff11aa3a7a
File size 593.5 KB ( 607744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-29 04:01:47 UTC ( 2 years, 10 months ago )
Last submission 2016-04-30 05:38:21 UTC ( 2 years, 10 months ago )
File names 9d58e33355871fd29144e7d1cf0d532179de53a5
spLauncher
Adres_Form_PTT.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications