× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 79edd857e8b7efdc81e22f9e65fc257669ed6722c0b9ebb1da4df5628067a2e2
File name: oge.exe
Detection ratio: 44 / 66
Analysis date: 2018-11-08 01:48:21 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40407965 20181107
ALYac Spyware.LokiBot 20181108
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20181108
Arcabit Trojan.Generic.D268939D 20181107
Avast Win32:Trojan-gen 20181107
AVG Win32:Trojan-gen 20181107
Avira (no cloud) HEUR/AGEN.1033347 20181107
BitDefender Trojan.GenericKD.40407965 20181108
CAT-QuickHeal Program.Unwaders 20181105
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cylance Unsafe 20181108
Cyren W32/Trojan.HTQY-2918 20181107
DrWeb Trojan.PWS.Stealer.23680 20181107
Emsisoft Trojan.GenericKD.40407965 (B) 20181107
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKFB 20181108
F-Secure Trojan.GenericKD.40407965 20181107
Fortinet W32/Androm.CIKY!tr.bdr 20181107
GData Trojan.GenericKD.40407965 20181108
Ikarus Trojan-Banker.Ramnit 20181107
Sophos ML heuristic 20180717
K7AntiVirus Riskware ( 0040eff71 ) 20181107
K7GW Riskware ( 0040eff71 ) 20181107
Kaspersky Backdoor.Win32.Androm.qgah 20181107
Malwarebytes Spyware.LokiBot 20181107
McAfee RDN/Generic.dx 20181107
McAfee-GW-Edition BehavesLike.Win32.Injector.ch 20181107
Microsoft Program:Win32/Vigram.A 20181108
eScan Trojan.GenericKD.40407965 20181108
NANO-Antivirus Trojan.Win32.Androm.fhsxmf 20181108
Palo Alto Networks (Known Signatures) generic.ml 20181108
Panda Generic Malware 20181107
Qihoo-360 Win32/Backdoor.0c0 20181108
Sophos AV Mal/Generic-S 20181108
Symantec Trojan Horse 20181107
TACHYON Backdoor/W32.Androm.890880.B 20181108
Tencent Win32.Backdoor.Androm.Hugb 20181108
TrendMicro BKDR_ANDROM.TICOGBQ 20181108
TrendMicro-HouseCall BKDR_ANDROM.TICOGBQ 20181108
VBA32 BScope.TrojanRansom.Purgen 20181106
ViRobot Trojan.Win32.Z.Agent.890880.AV 20181107
Webroot W32.Malware.Gen 20181108
Yandex Backdoor.Androm!KhyT3OYmPFA 20181107
ZoneAlarm by Check Point Backdoor.Win32.Androm.qgah 20181107
AegisLab 20181108
AhnLab-V3 20181107
Alibaba 20180921
Avast-Mobile 20181107
Babable 20180918
Baidu 20181107
Bkav 20181107
ClamAV 20181107
CMC 20181107
eGambit 20181108
F-Prot 20181108
Jiangmin 20181107
Kingsoft 20181108
MAX 20181108
Rising 20181107
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181105
TheHacker 20181107
TotalDefense 20181107
Trustlook 20181108
Zillya 20181107
Zoner 20181108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©.

Product Lexicography
Description Semaphres Srgs Uint32 Brien Cheery Mixture
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-16 19:06:12
Entry Point 0x00067290
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
CryptHashData
RegOpenKeyA
RegCloseKey
CryptAcquireContextA
RegQueryValueA
RegEnumValueA
CryptGetHashParam
RegQueryValueExA
CryptReleaseContext
RegSetValueA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
GetFileSecurityA
RegCreateKeyExA
SetFileSecurityA
RegOpenKeyExA
RegCreateKeyA
CryptDestroyHash
CryptCreateHash
AVIStreamStart
ImageList_Create
ImageList_GetIconSize
GetFileTitleA
ChooseColorA
ChooseFontA
CertFreeCertificateContext
CertCreateCertificateContext
CryptImportPublicKeyInfo
SetMapMode
GetWindowOrgEx
CreateMetaFileA
GetNearestColor
GetTextMetricsA
CombineRgn
GetROP2
GetViewportOrgEx
GetTextExtentPointA
EndDoc
DeleteObject
IntersectClipRect
StretchDIBits
CreateEllipticRgn
GetPolyFillMode
SetTextAlign
GetTextFaceA
ScaleViewportExtEx
CloseMetaFile
Arc
SetBkColor
GetBkColor
SetRectRgn
GetClipBox
GetCurrentPositionEx
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
LPtoDP
GetPixel
ExcludeClipRect
OffsetViewportOrgEx
SetBkMode
BitBlt
GetDeviceCaps
MoveToEx
SetAbortProc
ScaleWindowExtEx
PtVisible
ExtSelectClipRgn
SetROP2
EndPage
GetTextColor
Escape
SetWindowExtEx
SetViewportExtEx
GetWindowExtEx
PatBlt
CreatePen
SetStretchBltMode
Rectangle
GetObjectA
CreateDCA
LineTo
DeleteDC
GetMapMode
StartPage
GetCharWidthA
CreatePatternBrush
CreateBitmap
RectVisible
GetStockObject
GetBkMode
ExtTextOutA
UnrealizeObject
SelectClipRgn
GetTextAlign
GetTextExtentPoint32A
SetWindowOrgEx
GetViewportExtEx
GetRgnBox
SaveDC
RestoreDC
CreateSolidBrush
SetTextColor
CreateFontA
SetViewportOrgEx
CreateCompatibleDC
SetBrushOrgEx
CreateRectRgn
SelectObject
StartDocA
SetPolyFillMode
Ellipse
SetDCPenColor
GetStretchBltMode
DPtoLP
CopyMetaFileA
AbortDoc
CreateCompatibleBitmap
DeleteMetaFile
GetTcpTable
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
lstrcmpW
FreeEnvironmentStringsA
DeleteCriticalSection
GetDiskFreeSpaceA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
MultiByteToWideChar
SetStdHandle
GetFileTime
FindResourceExA
GetCPInfo
GetStringTypeA
InterlockedExchange
GetTempPathW
_lopen
GetSystemTimeAsFileTime
EnumResourceLanguagesA
Module32NextW
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
GetProfileIntA
GetStringTypeExA
SetLastError
GetUserDefaultLangID
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
FlushFileBuffers
GetModuleFileNameA
GetVolumeInformationA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
GlobalFindAtomA
FormatMessageA
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
GetCurrentProcess
MulDiv
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
VirtualQuery
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GetPrivateProfileIntA
DeleteFileA
DeleteFileW
GlobalLock
CompareStringW
GetFileSizeEx
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
DuplicateHandle
GetProcAddress
GlobalAlloc
GetTimeZoneInformation
SetCommState
CreateFileW
GetConsoleWindow
AllocateUserPhysicalPages
CopyFileA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
GetShortPathNameA
Module32FirstW
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
GetCompressedFileSizeW
MapUserPhysicalPages
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GetCommState
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetFileAttributesExW
SizeofResource
WideCharToMultiByte
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
GetFileAttributesExA
FindResourceA
VirtualAlloc
CreateStdAccessibleObject
LresultFromObject
OleCreateFontIndirect
VariantTimeToSystemTime
SysStringLen
SystemTimeToVariantTime
SysStringByteLen
SysAllocStringLen
OleTranslateColor
VariantChangeType
VariantClear
SysAllocString
SafeArrayDestroy
VariantCopy
SysFreeString
SysAllocStringByteLen
VariantInit
wglMakeCurrent
wglCreateContext
UuidToStringA
UuidCreate
SHGetFileInfoA
ExtractIconA
DragFinish
DragQueryFileA
PathFindExtensionA
PathIsUNCA
ColorRGBToHLS
PathRemoveFileSpecW
PathStripToRootA
UrlIsNoHistoryA
PathFindFileNameA
UrlIsOpaqueA
SetFocus
RegisterClipboardFormatA
GetMessagePos
SetWindowRgn
RedrawWindow
SetMenuItemBitmaps
MoveWindow
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
SetScrollPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
WindowFromPoint
CopyRect
DrawIcon
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
InSendMessage
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
CopyAcceleratorTableA
ClientToScreen
GetActiveWindow
LockWindowUpdate
GetMenuItemInfoA
ScrollWindow
GetWindowTextA
InvalidateRgn
RegisterClassExA
PtInRect
IsRectEmpty
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
GetClassInfoExA
ShowWindow
GetPropA
GetNextDlgGroupItem
ValidateRect
GetTabbedTextExtentA
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
InsertMenuItemA
SetParent
IsZoomed
GetWindowPlacement
DrawMenuBar
IsIconic
RegisterClassA
TabbedTextOutA
GetWindowLongA
SetTimer
ShowOwnedPopups
FillRect
SetWindowContextHelpId
DeferWindowPos
ReleaseDC
CreateMenu
DestroyWindow
IsChild
IsDialogMessageA
MapWindowPoints
CreateWindowExA
GetMessageA
PostMessageA
BeginPaint
OffsetRect
GetScrollPos
KillTimer
ClipCursor
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
GetScrollRange
SetWindowLongA
GetScrollInfo
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
GetDCEx
GetDlgItem
GetMenuCheckMarkDimensions
CreateDialogParamA
BringWindowToTop
ScreenToClient
GetClassLongA
InsertMenuA
GetCapture
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetSystemMenu
ReuseDDElParam
GetDC
SetForegroundWindow
PostThreadMessageA
WindowFromDC
MapDialogRect
IntersectRect
EndDialog
LoadMenuA
CharNextA
CreateDialogIndirectParamA
SetWindowTextA
MessageBeep
DrawTextExA
RemoveMenu
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
AppendMenuA
UnhookWindowsHookEx
SetDlgItemTextA
SetRectEmpty
GetMenuStringA
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
DialogBoxParamA
GetSysColor
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
GetTopWindow
ShowScrollBar
GetDesktopWindow
UnpackDDElParam
WinHelpA
SetRect
DeleteMenu
InvalidateRect
TranslateAcceleratorA
CallWindowProcA
GetClassNameA
GetFocus
wsprintfW
IsWindowVisible
ModifyMenuA
SetMenu
SetCursor
DrawThemeBackground
PrivacySetZonePreferenceW
PrivacyGetZonePreferenceW
ReadUrlCacheEntryStream
GetJobA
DocumentPropertiesA
ClosePrinter
OpenPrinterA
inet_ntoa
htons
OleLockRunning
OleCreateMenuDescriptor
OleTranslateAccelerator
OleUninitialize
OleDestroyMenuDescriptor
StgOpenStorageOnILockBytes
CreateFileMoniker
CoInitialize
OleSaveToStream
CreateStreamOnHGlobal
CreateItemMoniker
OleFlushClipboard
IsAccelerator
OleRegGetMiscStatus
RegisterDragDrop
StringFromCLSID
CoRegisterMessageFilter
OleDuplicateData
CLSIDFromString
CreateOleAdviseHolder
CreateILockBytesOnHGlobal
CoGetClassObject
CoRegisterClassObject
OleRegGetUserType
OleInitialize
CoLockObjectExternal
CoDisconnectObject
CoCreateInstance
OleRegEnumVerbs
StgOpenStorage
OleRun
StgIsStorageFile
CoTaskMemAlloc
CoInitializeEx
StgCreateDocfile
CreateDataAdviseHolder
CoRevokeClassObject
StgCreateDocfileOnILockBytes
CoUninitialize
GetRunningObjectTable
CLSIDFromProgID
WriteClassStg
CoFreeUnusedLibraries
ReleaseStgMedium
OleIsRunning
RevokeDragDrop
CoGetMalloc
OleIsCurrentClipboard
WriteClassStm
CoTaskMemFree
CreateGenericComposite
CreateBindCtx
PdhGetFormattedCounterValue
Number of PE resources by type
RT_MENU 11
Struct(3000) 10
BINDATA 10
RT_ICON 6
RCDATA 3
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 44
PE resources
ExifTool file metadata
CodeSize
525312

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.2.3.852

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Semaphres Srgs Uint32 Brien Cheery Mixture

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
364544

EntryPoint
0x67290

MIMEType
application/octet-stream

LegalCopyright
Copyright .

TimeStamp
2018:08:16 20:06:12+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5.2.3.852

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MediaGet LLC

LegalTrademarks
Copyright .

ProductName
Lexicography

ProductVersionNumber
5.2.3.852

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 29d501b976d67a35dd0068ca0d186932
SHA1 55457cf011aeaa4e079bc4462f2a858345bc6732
SHA256 79edd857e8b7efdc81e22f9e65fc257669ed6722c0b9ebb1da4df5628067a2e2
ssdeep
12288:N85Ty+Kbcvee0lu9aQrvmheJTK57qin3yEYWowpkBss6o9FgUrTDh:2p9Kbcveel9XTLJTK593yxWowpkXV+8h

authentihash e185b3a39bebe1af8736686dd9e7faa51417ca936bf8e782c3557f1786724962
imphash 599da21945b268a1805292bb0e04987e
File size 870.0 KB ( 890880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-17 09:16:47 UTC ( 3 months, 3 weeks ago )
Last submission 2018-08-17 09:16:47 UTC ( 3 months, 3 weeks ago )
File names oge.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.