× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 75629dd985eb21879276482e8924a9c83f9e4d907478951d5967f633683c0643
File name: output.113053424.txt
Detection ratio: 34 / 66
Analysis date: 2018-04-02 09:42:38 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30497861 20180402
AegisLab Tspy.Ursnif.Ggq!c 20180402
AhnLab-V3 Trojan/Win32.Agent.C2446726 20180402
ALYac Spyware.Ursnif 20180402
Arcabit Trojan.Generic.D1D15C45 20180402
Avast Win32:Malware-gen 20180402
AVG Win32:Malware-gen 20180402
Avira (no cloud) TR/AD.Ursnif.zgxoh 20180402
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9850 20180402
BitDefender Trojan.GenericKD.30497861 20180402
Cyren W32/Trojan.YJSP-7231 20180402
Emsisoft Trojan.GenericKD.30497861 (B) 20180402
Endgame malicious (high confidence) 20180316
ESET-NOD32 Win32/Spy.Ursnif.BO 20180402
F-Secure Trojan.GenericKD.30497861 20180402
Fortinet W32/Gozi.BO!tr 20180402
GData Trojan.GenericKD.30497861 20180402
Ikarus Trojan-Spy.Agent 20180402
K7AntiVirus Spyware ( 0052501a1 ) 20180402
K7GW Spyware ( 0052501a1 ) 20180402
Kaspersky Backdoor.Win32.Androm.plyi 20180402
Malwarebytes Trojan.Ursnif 20180402
McAfee Artemis!D5CF71CF4501 20180402
McAfee-GW-Edition Artemis!Trojan 20180402
Microsoft Trojan:Win32/Bluteal!rfn 20180402
eScan Trojan.GenericKD.30497861 20180402
Panda Trj/GdSda.A 20180402
Sophos AV Troj/Gozi-OF 20180402
Symantec Trojan.Gen.2 20180402
Tencent Win32.Backdoor.Androm.Wstz 20180402
TrendMicro TSPY_URSNIF.GGQ 20180402
TrendMicro-HouseCall TSPY_URSNIF.GGQ 20180402
ViRobot Trojan.Win32.Z.Ursnif.1546752 20180402
ZoneAlarm by Check Point Backdoor.Win32.Androm.plyi 20180402
Alibaba 20180402
Antiy-AVL 20180402
Avast-Mobile 20180401
AVware 20180402
Bkav 20180331
CAT-QuickHeal 20180402
ClamAV 20180402
CMC 20180401
Comodo 20180402
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180402
DrWeb 20180402
eGambit 20180402
F-Prot 20180402
Sophos ML 20180120
Jiangmin 20180402
Kingsoft 20180402
MAX 20180402
NANO-Antivirus 20180402
nProtect 20180402
Palo Alto Networks (Known Signatures) 20180402
Qihoo-360 20180402
Rising 20180402
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180402
Symantec Mobile Insight 20180401
TheHacker 20180330
TotalDefense 20180402
Trustlook 20180402
VBA32 20180330
VIPRE 20180402
WhiteArmor 20180324
Yandex 20180331
Zillya 20180330
Zoner 20180401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2018 Practice Velocity Leg. All rights reserved.

Product Push Operate
Original name Regionbrother.exe
Internal name Push Operate
File version 7, 8, 3834, 6424
Description Push Operate
Comments 66
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-29 15:14:44
Entry Point 0x000774A6
Number of sections 6
PE sections
PE imports
SystemFunction036
AVIFileInit
AVIStreamRelease
AVIStreamTimeToSample
AVIStreamEndStreaming
AVIFileExit
ImageList_DragMove
ImageList_ReplaceIcon
ImageList_DragShowNolock
GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW
CreateSolidBrush
GetBkColor
GetStdHandle
SetEvent
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
FindClose
TlsGetValue
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetVersion
GetModuleHandleExW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetOEMCP
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
GetWindowsDirectoryW
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
FindNextFileW
ResetEvent
IsValidLocale
DuplicateHandle
FindFirstFileExW
GetProcAddress
ReadConsoleW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
WaitForSingleObjectEx
FileTimeToLocalFileTime
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
UnhandledExceptionFilter
TlsFree
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
CreateProcessW
Sleep
RasEnumConnectionsW
RasGetConnectStatusW
StrChrW
PathFindFileNameW
UrlApplySchemeW
SHGetValueW
UrlCreateFromPathW
MapWindowPoints
GetSystemMetrics
GetMessagePos
GetClassNameW
UpdateWindow
RegisterClassExW
BeginPaint
GetWindowTextW
FindWindowW
ValidateRect
SetWindowsHookExW
GetWindowTextLengthW
EnumChildWindows
SystemParametersInfoW
ShowWindow
PostMessageW
OpenClipboard
ClientToScreen
GetDC
InvalidateRect
GetPrinterDataW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
OleSetContainedObject
CoCreateInstance
Number of PE resources by type
RT_ICON 9
RT_RCDATA 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

Comments
66

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.8.3834.6424

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Push Operate

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
952320

EntryPoint
0x774a6

OriginalFileName
Regionbrother.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018 Practice Velocity Leg. All rights reserved.

FileVersion
7, 8, 3834, 6424

TimeStamp
2016:03:29 16:14:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Push Operate

ProductVersion
7, 8, 3834, 6424

UninitializedDataSize
0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Practice Velocity Leg

CodeSize
620544

ProductName
Push Operate

ProductVersionNumber
7.8.3834.6424

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d5cf71cf45017f1a222204020b787cfe
SHA1 ff6bbe4f284b9a268aa9d4da3f6611a5ed83ec4b
SHA256 75629dd985eb21879276482e8924a9c83f9e4d907478951d5967f633683c0643
ssdeep
24576:9i4zTesp28463ZNCJu+iD7oTlVfAt1RU3kJMoDtq7nn:9rzTespvh0Jus5At1Rjtq7n

authentihash c99a028050ad961e970271e3583f3ce6f7884aa9ef6e455da1f2b7ada0cc47f8
imphash 0e4a7f192df1815a833dc17f73654a2c
File size 1.5 MB ( 1546752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-29 18:18:31 UTC ( 1 year ago )
Last submission 2018-07-16 07:20:09 UTC ( 9 months, 1 week ago )
File names krish6.class
Regionbrother.exe
output.113053411.txt
output.113053424.txt
krish7.class
krish8.class
krish3.class
Push Operate
krish4.class
krish10.class
krish5.class
ff6bbe4f284b9a268aa9d4da3f6611a5ed83ec4b
output.113110487.txt
krish1.class
krish2.class
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!