× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7b1a13e4c0f1afa918332986895f72bd27c63400248eb4d211c122ec519b479a
File name: cur.exe
Detection ratio: 33 / 68
Analysis date: 2018-10-18 16:00:13 UTC ( 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.PonyStealer.8 20181018
AhnLab-V3 Win-Trojan/VBKrypt.RP03 20181018
ALYac Gen:Variant.PonyStealer.8 20181018
Arcabit Trojan.PonyStealer.8 20181018
Avast Win32:Malware-gen 20181018
AVG Win32:Malware-gen 20181018
BitDefender Gen:Variant.PonyStealer.8 20181018
Cyren W32/VBKrypt.EU.gen!Eldorado 20181018
Emsisoft Trojan.Injector (A) 20181018
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.EAWQ 20181018
F-Prot W32/VBKrypt.EU.gen!Eldorado 20181018
F-Secure Gen:Variant.PonyStealer.8 20181018
Fortinet W32/Injector.EASF!tr 20181018
GData Gen:Variant.PonyStealer.8 20181018
Ikarus Trojan.VB.Crypt 20181018
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053e6a71 ) 20181018
K7GW Trojan ( 0053e6a71 ) 20181018
Kaspersky HEUR:Trojan.Win32.Generic 20181018
Malwarebytes Trojan.MalPack.VB 20181018
MAX malware (ai score=80) 20181018
McAfee Packed-FMF!B5B9E9BFBBB7 20181018
McAfee-GW-Edition BehavesLike.Win32.Fareit.hc 20181018
Microsoft Trojan:Win32/Skeeyah.A!rfn 20181018
eScan Gen:Variant.PonyStealer.8 20181018
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/FareitVB-N 20181018
Symantec Packed.Generic.535 20181018
TrendMicro TROJ_GEN.R061C0OJ918 20181018
TrendMicro-HouseCall TROJ_GEN.R061C0OJ918 20181018
Trustlook PE.Malware.General (score:9) 20181018
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181018
AegisLab 20181018
Alibaba 20180921
Antiy-AVL 20181018
Avast-Mobile 20181018
Avira (no cloud) 20181018
Babable 20180918
Baidu 20181018
Bkav 20181018
CAT-QuickHeal 20181018
ClamAV 20181018
CMC 20181018
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20181018
DrWeb 20181018
eGambit 20181018
Jiangmin 20181018
Kingsoft 20181018
NANO-Antivirus 20181018
Palo Alto Networks (Known Signatures) 20181018
Panda 20181018
Qihoo-360 20181018
Rising 20181018
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TACHYON 20181018
Tencent 20181018
TheHacker 20181015
TotalDefense 20181018
VBA32 20181018
VIPRE 20181017
ViRobot 20181018
Webroot 20181018
Yandex 20181017
Zillya 20181018
Zoner 20181017
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product csfa
Original name Dowcet.exe
Internal name Dowcet
File version 1.03
Description AllOymaNYCUTS AllOymaNYCUTS
Comments gtellao STm
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-27 12:43:00
Entry Point 0x00001334
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(712)
DllFunctionCall
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
__vbaR8IntI4
_adj_fdivr_m64
_adj_fprem
__vbaR8ErrVar
Ord(661)
Ord(678)
_adj_fpatan
Ord(594)
Ord(610)
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaStrCopy
Ord(702)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaStrCmp
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
_allmul
__vbaFreeVar
EVENT_SINK_AddRef
__vbaObjSetAddref
_CItan
_adj_fdiv_m64
Ord(537)
__vbaUI1I4
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
Ord(711)
Ord(660)
__vbaVarIdiv
_CIcos
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI4Str
Ord(645)
__vbaFreeObjList
__vbaVarMove
_CIlog
_CIatan
__vbaNew2
__vbaErrorOverflow
__vbaVarCat
__vbaOnError
_adj_fdivr_m32i
__vbaRedim
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFPFix
__vbaFreeStrList
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 5
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
520192

SubsystemVersion
4.0

Comments
gtellao STm

LinkerVersion
6.0

ImageVersion
1.3

FileSubtype
0

FileVersionNumber
1.3.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
AllOymaNYCUTS AllOymaNYCUTS

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
24576

EntryPoint
0x1334

OriginalFileName
Dowcet.exe

MIMEType
application/octet-stream

FileVersion
1.03

TimeStamp
2014:02:27 13:43:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Dowcet

ProductVersion
1.03

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MHJ Pidfio CommuniTY

LegalTrademarks
SYSTemS gZC.

ProductName
csfa

ProductVersionNumber
1.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b5b9e9bfbbb73f15d1e9549b389981d0
SHA1 7071261fbb8b38460273189095168c8b06801e84
SHA256 7b1a13e4c0f1afa918332986895f72bd27c63400248eb4d211c122ec519b479a
ssdeep
12288:p2ooDz5d7V03NnyXA2cEAKzSjN4L27GAC:gooDzni9yh31+jNZC

authentihash d9f75b0b2fea16b0c238840776d8a106ce758bef2f432f20ac211bdf9f3de682
imphash 066349837588009d7f57bde6342f8eb9
File size 536.0 KB ( 548864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-18 16:00:13 UTC ( 5 months ago )
Last submission 2018-11-06 03:46:04 UTC ( 4 months, 2 weeks ago )
File names Dowcet
b5b9e9bfbbb73f15d1e9549b389981d0
cur.exe
Dowcet.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.