× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 76b5c8693c6d0d650dd90b453bea2ea9b0abae6b341282b4f0d6efbc870416ad
File name: lisb.jpg
Detection ratio: 22 / 67
Analysis date: 2019-02-19 05:37:34 UTC ( 3 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190213
Ad-Aware Gen:Variant.Jaik.35783 20190218
ALYac Gen:Variant.Jaik.35783 20190218
Arcabit Trojan.Jaik.D8BC7 20190218
Avast Win32:Evo-gen [Susp] 20190218
AVG Win32:Evo-gen [Susp] 20190218
BitDefender Gen:Variant.Jaik.35783 20190218
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181023
Cylance Unsafe 20190218
Emsisoft Gen:Variant.Jaik.35783 (B) 20190218
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GPLR 20190218
Fortinet W32/Kryptik.GPLR!tr 20190218
GData Gen:Variant.Jaik.35783 20190218
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20190218
Microsoft Trojan:Win32/Fuerboos.C!cl 20190218
eScan Gen:Variant.Jaik.35783 20190218
Rising Backdoor.Remcos!8.B89E/N3#78% (RDM+:cmRtazp7W4ZZEOGP10OmJcL94HNb) 20190218
SentinelOne (Static ML) static engine - malicious 20190203
Trapmine malicious.moderate.ml.score 20190123
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190218
AegisLab 20190218
AhnLab-V3 20190218
Alibaba 20180921
Antiy-AVL 20190218
Avast-Mobile 20190218
Avira (no cloud) 20190218
Babable 20180917
Baidu 20190214
CAT-QuickHeal 20190218
ClamAV 20190218
CMC 20190218
Comodo 20190218
Cybereason 20190109
Cyren 20190218
DrWeb 20190218
eGambit 20190218
F-Prot 20190218
F-Secure 20190218
Ikarus 20190218
Jiangmin 20190218
K7AntiVirus 20190218
K7GW 20190218
Kingsoft 20190218
Malwarebytes 20190218
MAX 20190220
McAfee 20190218
McAfee-GW-Edition 20190218
NANO-Antivirus 20190218
Palo Alto Networks (Known Signatures) 20190218
Panda 20190218
Qihoo-360 20190218
Sophos AV 20190218
SUPERAntiSpyware 20190213
Symantec 20190218
Symantec Mobile Insight 20190206
TACHYON 20190218
Tencent 20190218
TheHacker 20190217
TotalDefense 20190218
Trustlook 20190218
VBA32 20190218
VIPRE 20190217
ViRobot 20190218
Webroot 20190218
Yandex 20190215
Zoner 20190218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 11:28:25
Entry Point 0x0000A06B
Number of sections 6
PE sections
PE imports
CloseServiceHandle
RegCloseKey
OpenServiceA
CreateServiceA
RegSetValueExA
ControlService
StartServiceA
RegCreateKeyExA
DeleteService
RegOpenKeyExA
OpenSCManagerA
GetWindowExtEx
SetMapMode
SetBkMode
PatBlt
SaveDC
TextOutA
LPtoDP
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
SelectObject
DeleteObject
IntersectClipRect
BitBlt
SetTextColor
GetObjectA
CreateBitmap
RectVisible
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
GetTextExtentPointA
CreateCompatibleDC
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
GetTextColor
CreateSolidBrush
DPtoLP
Escape
GetViewportExtEx
GetBkColor
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
HeapDestroy
IsBadCodePtr
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GlobalFindAtomA
ExitProcess
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GetProcAddress
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
CompareStringA
DuplicateHandle
GlobalLock
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
SizeofResource
HeapCreate
VirtualFree
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
SysFreeString
SysAllocStringByteLen
Ord(253)
SetFocus
GetMessagePos
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GetWindowLongA
GrayStringA
CopyRect
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetWindowTextLengthA
CopyAcceleratorTableA
ClientToScreen
GetTopWindow
ExcludeUpdateRgn
GetActiveWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EnumWindows
ShowWindow
GetPropA
GetNextDlgGroupItem
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
GetWindowPlacement
LoadStringW
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetSubMenu
CreateWindowExA
SetWindowContextHelpId
GetSysColorBrush
IsWindowUnicode
ReleaseDC
DestroyWindow
IsChild
IsDialogMessageA
MapWindowPoints
BeginPaint
OffsetRect
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
PostMessageA
DrawIcon
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
DrawFocusRect
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetSystemMenu
GetDC
SetForegroundWindow
PostThreadMessageA
DrawTextA
IntersectRect
EndDialog
HideCaret
CharNextA
GetCapture
MessageBeep
ShowCaret
AppendMenuA
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
GetDesktopWindow
WinHelpA
SetRect
InvalidateRect
wsprintfA
DefDlgProcA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA
OleUninitialize
CLSIDFromString
OleInitialize
StgCreateDocfileOnILockBytes
OleFlushClipboard
CoGetClassObject
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CoTaskMemFree
CreateILockBytesOnHGlobal
CoTaskMemAlloc
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:12:06 12:28:25+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
139264

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

FileTypeExtension
exe

InitializedDataSize
221184

SubsystemVersion
4.0

EntryPoint
0xa06b

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
File identification
MD5 c7229709e8cad979083789fff0fc0e72
SHA1 1c1c3318d7781fb4bce12758670fdf2fbcf450ce
SHA256 76b5c8693c6d0d650dd90b453bea2ea9b0abae6b341282b4f0d6efbc870416ad
ssdeep
6144:vNfE2xGhgxIc2jT7z5Pktg63IWeI5Nzuhy9A1++D:vN82xGIL2jTSIauM9Yv

authentihash ff20c729f20bcae7fbb476ac6e96d59d4f4f4c136e383695cd0f7137334b9523
imphash 67604d0130ea34b2604dd17a7979034e
File size 356.0 KB ( 364544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-19 05:37:34 UTC ( 3 months ago )
Last submission 2019-02-19 20:23:01 UTC ( 3 months ago )
File names lisb.jpg
76b5c8693c6d0d650dd90b453bea2ea9b0abae6b341282b4f0d6efbc870416ad.exe
3.exe
sefuiuhw.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs