× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 75629dd985eb21879276482e8924a9c83f9e4d907478951d5967f633683c0643
File name: d5cf71cf45017f1a222204020b787cfe
Detection ratio: 41 / 67
Analysis date: 2018-04-06 05:21:15 UTC ( 10 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30497861 20180406
AegisLab Tspy.Ursnif.Ggq!c 20180406
AhnLab-V3 Trojan/Win32.Agent.C2446726 20180406
ALYac Spyware.Ursnif 20180406
Arcabit Trojan.Generic.D1D15C45 20180406
Avast Win32:Malware-gen 20180406
AVG Win32:Malware-gen 20180406
Avira (no cloud) TR/AD.Ursnif.zgxoh 20180405
AVware Trojan.Win32.Generic!BT 20180406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9850 20180404
BitDefender Trojan.GenericKD.30497861 20180406
CAT-QuickHeal Trojan.IGENERIC 20180405
Cyren W32/Trojan.YJSP-7231 20180406
DrWeb Trojan.PWS.Stealer.23586 20180406
Emsisoft Trojan.GenericKD.30497861 (B) 20180406
Endgame malicious (high confidence) 20180402
ESET-NOD32 Win32/Spy.Ursnif.BO 20180406
F-Secure Trojan.GenericKD.30497861 20180406
Fortinet W32/Gozi.BO!tr 20180406
GData Trojan.GenericKD.30497861 20180406
Ikarus Trojan-Spy.Agent 20180405
K7AntiVirus Spyware ( 0052501a1 ) 20180404
K7GW Spyware ( 0052501a1 ) 20180406
Kaspersky Backdoor.Win32.Androm.plyi 20180406
Malwarebytes Trojan.Ursnif 20180406
McAfee Generic.dre 20180406
McAfee-GW-Edition Artemis!Trojan 20180406
Microsoft Trojan:Win32/Bluteal!rfn 20180405
eScan Trojan.GenericKD.30497861 20180406
NANO-Antivirus Trojan.Win32.Androm.ezhpgg 20180406
Palo Alto Networks (Known Signatures) generic.ml 20180406
Panda Trj/GdSda.A 20180405
Sophos AV Troj/Gozi-OF 20180406
Symantec Trojan.Gen.2 20180405
Tencent Win32.Backdoor.Androm.Wstz 20180406
TrendMicro TSPY_URSNIF.GGQ 20180406
TrendMicro-HouseCall TSPY_URSNIF.GGQ 20180406
VBA32 Backdoor.Androm 20180405
VIPRE Trojan.Win32.Generic!BT 20180406
ViRobot Trojan.Win32.Z.Ursnif.1546752 20180406
ZoneAlarm by Check Point Backdoor.Win32.Androm.plyi 20180406
Alibaba 20180404
Antiy-AVL 20180405
Avast-Mobile 20180405
Bkav 20180406
ClamAV 20180406
CMC 20180405
Comodo 20180406
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180406
eGambit 20180406
F-Prot 20180406
Sophos ML 20180120
Jiangmin 20180406
Kingsoft 20180406
MAX 20180406
nProtect 20180406
Qihoo-360 20180406
Rising 20180406
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180406
Symantec Mobile Insight 20180406
TheHacker 20180404
TotalDefense 20180406
Trustlook 20180406
WhiteArmor 20180405
Yandex 20180405
Zillya 20180405
Zoner 20180405
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2018 Practice Velocity Leg. All rights reserved.

Product Push Operate
Original name Regionbrother.exe
Internal name Push Operate
File version 7, 8, 3834, 6424
Description Push Operate
Comments 66
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-29 15:14:44
Entry Point 0x000774A6
Number of sections 6
PE sections
PE imports
SystemFunction036
AVIFileInit
AVIStreamRelease
AVIStreamTimeToSample
AVIStreamEndStreaming
AVIFileExit
ImageList_DragMove
ImageList_ReplaceIcon
ImageList_DragShowNolock
GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW
CreateSolidBrush
GetBkColor
GetStdHandle
SetEvent
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
FindClose
TlsGetValue
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetVersion
GetModuleHandleExW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetOEMCP
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
GetWindowsDirectoryW
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
FindNextFileW
ResetEvent
IsValidLocale
DuplicateHandle
FindFirstFileExW
GetProcAddress
ReadConsoleW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
WaitForSingleObjectEx
FileTimeToLocalFileTime
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
UnhandledExceptionFilter
TlsFree
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
CreateProcessW
Sleep
RasEnumConnectionsW
RasGetConnectStatusW
StrChrW
PathFindFileNameW
UrlApplySchemeW
SHGetValueW
UrlCreateFromPathW
MapWindowPoints
GetSystemMetrics
GetMessagePos
GetClassNameW
UpdateWindow
RegisterClassExW
BeginPaint
GetWindowTextW
FindWindowW
ValidateRect
SetWindowsHookExW
GetWindowTextLengthW
EnumChildWindows
SystemParametersInfoW
ShowWindow
PostMessageW
OpenClipboard
ClientToScreen
GetDC
InvalidateRect
GetPrinterDataW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
OleSetContainedObject
CoCreateInstance
Number of PE resources by type
RT_ICON 9
RT_RCDATA 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

Comments
66

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.8.3834.6424

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Push Operate

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
952320

EntryPoint
0x774a6

OriginalFileName
Regionbrother.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2018 Practice Velocity Leg. All rights reserved.

FileVersion
7, 8, 3834, 6424

TimeStamp
2016:03:29 17:14:44+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Push Operate

ProductVersion
7, 8, 3834, 6424

UninitializedDataSize
0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Practice Velocity Leg

CodeSize
620544

ProductName
Push Operate

ProductVersionNumber
7.8.3834.6424

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d5cf71cf45017f1a222204020b787cfe
SHA1 ff6bbe4f284b9a268aa9d4da3f6611a5ed83ec4b
SHA256 75629dd985eb21879276482e8924a9c83f9e4d907478951d5967f633683c0643
ssdeep
24576:9i4zTesp28463ZNCJu+iD7oTlVfAt1RU3kJMoDtq7nn:9rzTespvh0Jus5At1Rjtq7n

authentihash c99a028050ad961e970271e3583f3ce6f7884aa9ef6e455da1f2b7ada0cc47f8
imphash 0e4a7f192df1815a833dc17f73654a2c
File size 1.5 MB ( 1546752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-29 18:18:31 UTC ( 10 months, 3 weeks ago )
Last submission 2018-07-16 07:20:09 UTC ( 7 months ago )
File names krish6.class
Regionbrother.exe
output.113053411.txt
output.113053424.txt
krish7.class
krish8.class
krish3.class
Push Operate
krish4.class
krish10.class
krish5.class
ff6bbe4f284b9a268aa9d4da3f6611a5ed83ec4b
output.113110487.txt
krish1.class
krish2.class
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!