× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 75d846c690c188a3cc6a2e226fdd42af8a1351b07fb56795106285178b0a0aa7
File name: 13ffe10e12298a4e8dc1ee7a0b003b93
Detection ratio: 6 / 67
Analysis date: 2018-05-09 03:47:28 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
AVware Trojan.Win32.Zbot.ata (v) 20180428
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20180508
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180418
Endgame malicious (high confidence) 20180507
Symantec Packed.Generic.523 20180509
VIPRE Trojan.Win32.Zbot.ata (v) 20180509
Ad-Aware 20180509
AegisLab 20180509
AhnLab-V3 20180508
Alibaba 20180509
ALYac 20180509
Antiy-AVL 20180508
Arcabit 20180509
Avast 20180509
Avast-Mobile 20180508
AVG 20180509
Avira (no cloud) 20180508
Babable 20180406
BitDefender 20180509
Bkav 20180508
CAT-QuickHeal 20180508
ClamAV 20180508
CMC 20180508
Comodo 20180509
Cybereason None
Cylance 20180509
Cyren 20180509
DrWeb 20180509
eGambit 20180509
Emsisoft 20180509
ESET-NOD32 20180509
F-Prot 20180509
F-Secure 20180509
Fortinet 20180509
GData 20180509
Ikarus 20180508
Sophos ML 20180503
Jiangmin 20180509
K7AntiVirus 20180508
K7GW 20180508
Kaspersky 20180509
Kingsoft 20180509
Malwarebytes 20180509
MAX 20180509
McAfee 20180509
McAfee-GW-Edition 20180508
Microsoft 20180509
eScan 20180509
NANO-Antivirus 20180509
nProtect 20180509
Palo Alto Networks (Known Signatures) 20180509
Panda 20180508
Qihoo-360 20180509
Rising 20180509
SentinelOne (Static ML) 20180225
Sophos AV 20180509
SUPERAntiSpyware 20180509
Symantec Mobile Insight 20180509
Tencent 20180509
TheHacker 20180504
TotalDefense 20180508
TrendMicro 20180509
TrendMicro-HouseCall 20180509
Trustlook 20180509
VBA32 20180508
ViRobot 20180508
Webroot 20180509
Yandex 20180508
Zillya 20180508
ZoneAlarm by Check Point 20180509
Zoner 20180508
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Strange Present
Original name Strange Present.exe
File version 2, 0, 8981, 7758
Description Strange Present
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-08 16:19:06
Entry Point 0x0008477B
Number of sections 4
PE sections
PE imports
CreateToolbarEx
ImageList_SetOverlayImage
CreateStatusWindowW
DestroyPropertySheetPage
Ord(17)
PropertySheetW
FindTextW
GetSaveFileNameW
GetOpenFileNameW
GetFileTitleW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
FindFirstChangeNotificationW
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetWindowsDirectoryW
GetConsoleMode
HeapSize
GetFileSize
GetUserDefaultLCID
GetCommandLineW
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
SetStdHandle
FreeEnvironmentStringsW
GetProcAddress
TlsFree
GetFileType
ExitProcess
GetFileTime
GetStringTypeW
RaiseException
WideCharToMultiByte
GetModuleFileNameW
MoveFileExW
SetFilePointer
GetSystemTimeAsFileTime
GetDiskFreeSpaceW
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
TlsSetValue
CloseHandle
IsProcessorFeaturePresent
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
FindCloseChangeNotification
InitializeCriticalSection
HeapCreate
SetLastError
CreateFileW
GetLocaleInfoA
InterlockedDecrement
Sleep
FindNextChangeNotification
GetTickCount
HeapSetInformation
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
GetCurrentProcessId
WriteConsoleW
InterlockedIncrement
OleSetContainedObject
OleUninitialize
OleInitialize
Number of PE resources by type
RT_ICON 11
RT_MANIFEST 1
RT_STRING 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
PE resources
Debug information
ExifTool file metadata
CodeSize
607232

UninitializedDataSize
0

InitializedDataSize
930816

ImageVersion
0.0

ProductName
Strange Present

FileVersionNumber
2.0.8981.7758

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
Strange Present.exe

MIMEType
application/octet-stream

FileVersion
2, 0, 8981, 7758

TimeStamp
2011:05:08 18:19:06+02:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

ProductVersion
2, 0, 8981, 7758

FileDescription
Strange Present

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

LegalTrademarks
Strange Present

FileSubtype
0

ProductVersionNumber
2.0.8981.7758

EntryPoint
0x8477b

ObjectFileType
Executable application

File identification
MD5 13ffe10e12298a4e8dc1ee7a0b003b93
SHA1 9da4bb1b1c6730231924047266624ba439ad9d91
SHA256 75d846c690c188a3cc6a2e226fdd42af8a1351b07fb56795106285178b0a0aa7
ssdeep
24576:Ba0Dsfmd18SjLFDC+HI25EhlAeLwSfkDg:Ba/mdWQNfShlmusg

authentihash 0c5813cca4f020f16720c98467e5c480c8affe82bf22fc114ba4d745f332d54b
imphash 83955d577c0acff6d00a275f697b1a99
File size 1.4 MB ( 1460224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-09 03:47:28 UTC ( 9 months, 2 weeks ago )
Last submission 2018-09-10 06:35:24 UTC ( 5 months, 1 week ago )
File names Strange Present.exe
agree2.yarn
browkmgr(19).gxe
output.113278453.txt
agree11.yarn
agree15.yarn
crypt_0001_1063a.exe
agree5.yarn
agree6.yarn
agree14.yarn
agree3.yarn
agree12.yarn
agree1.yarn
agree7.yarn
agree13.yarn
crypt_0001_1063a.exe
agree8.yarn
agree9.yarn
agree10.yarn
agree4.yarn
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Runtime DLLs