× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 75629dd985eb21879276482e8924a9c83f9e4d907478951d5967f633683c0643
Detection ratio: 29 / 65
Analysis date: 2018-03-30 14:43:55 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30497861 20180330
AegisLab Tspy.Ursnif.Ggq!c 20180330
AhnLab-V3 Trojan/Win32.Agent.C2446726 20180330
ALYac Spyware.Ursnif 20180330
Arcabit Trojan.Generic.D1D15C45 20180330
Avast Win32:Malware-gen 20180330
AVG Win32:Malware-gen 20180330
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9850 20180330
BitDefender Trojan.GenericKD.30497861 20180330
Emsisoft Trojan.GenericKD.30497861 (B) 20180330
Endgame malicious (high confidence) 20180316
ESET-NOD32 Win32/Spy.Ursnif.BO 20180330
F-Secure Trojan.GenericKD.30497861 20180330
Fortinet W32/Gozi.BO!tr 20180330
GData Trojan.GenericKD.30497861 20180330
Ikarus Trojan-Spy.Agent 20180330
Sophos ML heuristic 20180121
K7AntiVirus Spyware ( 0052501a1 ) 20180330
K7GW Spyware ( 0052501a1 ) 20180330
Kaspersky UDS:DangerousObject.Multi.Generic 20180330
McAfee Artemis!D5CF71CF4501 20180330
McAfee-GW-Edition Artemis!Trojan 20180330
eScan Trojan.GenericKD.30497861 20180330
Palo Alto Networks (Known Signatures) generic.ml 20180330
Sophos AV Troj/Gozi-OF 20180330
TrendMicro TSPY_URSNIF.GGQ 20180330
TrendMicro-HouseCall TSPY_URSNIF.GGQ 20180330
ViRobot Trojan.Win32.Z.Ursnif.1546752 20180330
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180330
Alibaba 20180330
Antiy-AVL 20180330
Avast-Mobile 20180330
Avira (no cloud) 20180330
AVware 20180330
Bkav 20180330
CAT-QuickHeal 20180330
ClamAV 20180330
CMC 20180330
Comodo 20180330
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180330
Cyren 20180330
DrWeb 20180330
eGambit 20180330
F-Prot 20180330
Jiangmin 20180330
Kingsoft 20180330
Malwarebytes 20180330
MAX 20180330
Microsoft 20180330
NANO-Antivirus 20180330
nProtect 20180330
Panda 20180330
Qihoo-360 20180330
Rising 20180330
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180330
Symantec 20180330
Symantec Mobile Insight 20180311
Tencent 20180330
TheHacker 20180327
Trustlook 20180330
VBA32 20180330
VIPRE 20180330
WhiteArmor 20180324
Yandex 20180329
Zillya 20180329
Zoner 20180329
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2018 Practice Velocity Leg. All rights reserved.

Product Push Operate
Original name Regionbrother.exe
Internal name Push Operate
File version 7, 8, 3834, 6424
Description Push Operate
Comments 66
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-29 15:14:44
Entry Point 0x000774A6
Number of sections 6
PE sections
PE imports
SystemFunction036
AVIFileInit
AVIStreamRelease
AVIStreamTimeToSample
AVIStreamEndStreaming
AVIFileExit
ImageList_DragMove
ImageList_ReplaceIcon
ImageList_DragShowNolock
GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW
CreateSolidBrush
GetBkColor
GetStdHandle
SetEvent
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
FindClose
TlsGetValue
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetVersion
GetModuleHandleExW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetOEMCP
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
GetWindowsDirectoryW
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
FindNextFileW
ResetEvent
IsValidLocale
DuplicateHandle
FindFirstFileExW
GetProcAddress
ReadConsoleW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
WaitForSingleObjectEx
FileTimeToLocalFileTime
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
UnhandledExceptionFilter
TlsFree
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
CreateProcessW
Sleep
RasEnumConnectionsW
RasGetConnectStatusW
StrChrW
PathFindFileNameW
UrlApplySchemeW
SHGetValueW
UrlCreateFromPathW
MapWindowPoints
GetSystemMetrics
GetMessagePos
GetClassNameW
UpdateWindow
RegisterClassExW
BeginPaint
GetWindowTextW
FindWindowW
ValidateRect
SetWindowsHookExW
GetWindowTextLengthW
EnumChildWindows
SystemParametersInfoW
ShowWindow
PostMessageW
OpenClipboard
ClientToScreen
GetDC
InvalidateRect
GetPrinterDataW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
OleSetContainedObject
CoCreateInstance
Number of PE resources by type
RT_ICON 9
RT_RCDATA 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

Comments
66

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.8.3834.6424

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Push Operate

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
952320

EntryPoint
0x774a6

OriginalFileName
Regionbrother.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018 Practice Velocity Leg. All rights reserved.

FileVersion
7, 8, 3834, 6424

TimeStamp
2016:03:29 17:14:44+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Push Operate

ProductVersion
7, 8, 3834, 6424

UninitializedDataSize
0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Practice Velocity Leg

CodeSize
620544

ProductName
Push Operate

ProductVersionNumber
7.8.3834.6424

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d5cf71cf45017f1a222204020b787cfe
SHA1 ff6bbe4f284b9a268aa9d4da3f6611a5ed83ec4b
SHA256 75629dd985eb21879276482e8924a9c83f9e4d907478951d5967f633683c0643
ssdeep
24576:9i4zTesp28463ZNCJu+iD7oTlVfAt1RU3kJMoDtq7nn:9rzTespvh0Jus5At1Rjtq7n

authentihash c99a028050ad961e970271e3583f3ce6f7884aa9ef6e455da1f2b7ada0cc47f8
imphash 0e4a7f192df1815a833dc17f73654a2c
File size 1.5 MB ( 1546752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-29 18:18:31 UTC ( 10 months, 3 weeks ago )
Last submission 2018-07-16 07:20:09 UTC ( 7 months ago )
File names krish6.class
Regionbrother.exe
output.113053411.txt
output.113053424.txt
krish7.class
krish8.class
krish3.class
Push Operate
krish4.class
krish10.class
krish5.class
ff6bbe4f284b9a268aa9d4da3f6611a5ed83ec4b
output.113110487.txt
krish1.class
krish2.class
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!