× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7a0c58e2d2143bd2813682ec0e8758986a9646bd7f57d6a0a9fd35c9f1f1540e
File name: 19927788
Detection ratio: 10 / 67
Analysis date: 2018-11-14 03:32:13 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20181114
AVG FileRepMalware 20181114
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.0610fa 20180225
Cylance Unsafe 20181114
Cyren W32/VBInject.ID.gen!Eldorado 20181114
Endgame malicious (high confidence) 20181108
F-Prot W32/VBInject.ID.gen!Eldorado 20181114
Qihoo-360 HEUR/QVM03.0.311B.Malware.Gen 20181114
SentinelOne (Static ML) static engine - malicious 20181011
Ad-Aware 20181112
AegisLab 20181114
AhnLab-V3 20181114
Alibaba 20180921
ALYac 20181114
Antiy-AVL 20181114
Arcabit 20181114
Avast-Mobile 20181113
Avira (no cloud) 20181114
Babable 20180918
Baidu 20181112
BitDefender 20181114
Bkav 20181113
CAT-QuickHeal 20181113
ClamAV 20181114
CMC 20181114
DrWeb 20181114
eGambit 20181114
Emsisoft 20181114
ESET-NOD32 20181114
F-Secure 20181114
Fortinet 20181114
GData 20181114
Ikarus 20181113
Sophos ML 20181108
Jiangmin 20181114
K7AntiVirus 20181113
K7GW 20181113
Kaspersky 20181114
Kingsoft 20181114
Malwarebytes 20181114
MAX 20181114
McAfee 20181114
McAfee-GW-Edition 20181114
Microsoft 20181114
eScan 20181114
NANO-Antivirus 20181114
Palo Alto Networks (Known Signatures) 20181114
Panda 20181113
Rising 20181114
Sophos AV 20181114
SUPERAntiSpyware 20181114
Symantec 20181114
Symantec Mobile Insight 20181108
TACHYON 20181114
Tencent 20181114
TheHacker 20181113
TotalDefense 20181113
TrendMicro 20181114
TrendMicro-HouseCall 20181114
Trustlook 20181114
VBA32 20181113
ViRobot 20181113
Webroot 20181114
Yandex 20181113
Zillya 20181113
ZoneAlarm by Check Point 20181114
Zoner 20181114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
tos

Product afsgningens
Original name BEOSTRENES.exe
Internal name BEOSTRENES
File version 2.06.0008
Description Forhaanelses
Comments Tearproof6
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-13 21:23:32
Entry Point 0x0000126C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
_CIcos
__vbaStrCmp
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(617)
Ord(710)
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaStrCopy
Ord(666)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
EVENT_SINK_Release
_adj_fdiv_r
Ord(100)
_CItan
__vbaFreeVar
Ord(556)
__vbaAryConstruct2
__vbaFileOpen
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
Ord(606)
__vbaInStrVarB
EVENT_SINK_QueryInterface
_adj_fptan
__vbaVarSub
__vbaVarDup
__vbaI4Var
__vbaVarMove
_CIatan
Ord(608)
__vbaFreeStr
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaFreeStrList
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 13
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
HENLIG

SubsystemVersion
4.0

Comments
Tearproof6

InitializedDataSize
90112

ImageVersion
2.6

ProductName
afsgningens

FileVersionNumber
2.6.0.8

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
BEOSTRENES.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.06.0008

TimeStamp
2018:11:13 13:23:32-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
BEOSTRENES

ProductVersion
2.06.0008

FileDescription
Forhaanelses

OSVersion
4.0

FileOS
Win32

LegalCopyright
tos

MachineType
Intel 386 or later, and compatibles

CompanyName
lOGitEch

CodeSize
757760

FileSubtype
0

ProductVersionNumber
2.6.0.8

EntryPoint
0x126c

ObjectFileType
Executable application

File identification
MD5 cd3b246940add0de598f426f4dd81ea2
SHA1 32f2b260610faabe9a45a7c44ec7078ef0127b4d
SHA256 7a0c58e2d2143bd2813682ec0e8758986a9646bd7f57d6a0a9fd35c9f1f1540e
ssdeep
12288:YMpum2zKWebjo5WqNE9Vj0vywnFbLKAoAy4q4:YQbQMjePNEZAFb2AoAQ4

authentihash 6642a2d0d708a3fabf5ac87429babe950fc86a4c49b591678cb4f1996a6e50ec
imphash 3e32dd7785095c657a0f2853b6a00867
File size 812.0 KB ( 831488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-14 03:32:13 UTC ( 6 months, 1 week ago )
Last submission 2018-11-14 03:32:13 UTC ( 6 months, 1 week ago )
File names 19927788
BEOSTRENES.exe
BEOSTRENES
jey.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.