× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7c8a4d4f84bd95014df554734256844fb128ac2042c42e54322173d5591fb8dc
File name: 5fb4ec9f9115fd4b83d508a7a793d197.vir
Detection ratio: 58 / 68
Analysis date: 2018-07-20 22:46:29 UTC ( 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Mresmon.Gen.1 20180720
AegisLab Troj.W32.Generic!c 20180720
AhnLab-V3 Trojan/Win32.MDA.C911024 20180720
ALYac Gen:Trojan.Mresmon.Gen.1 20180720
Antiy-AVL Trojan[Ransom]/Win32.Cryptodef 20180720
Arcabit Trojan.Mresmon.Gen.1 20180720
Avast Win32:Wauchos-D [Trj] 20180720
AVG Win32:Wauchos-D [Trj] 20180720
Avira (no cloud) TR/Crypt.XPACK.5031 20180720
AVware Trojan.Win32.Generic!BT 20180720
Babable Malware.HighConfidence 20180406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180717
BitDefender Gen:Trojan.Mresmon.Gen.1 20180720
CAT-QuickHeal Ransom.Cryptodef.S4 20180720
ClamAV Win.Trojan.Agent-1303367 20180720
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180530
Cybereason malicious.f9115f 20180225
Cylance Unsafe 20180720
Cyren W32/Agent.XL.gen!Eldorado 20180720
DrWeb Win32.HLLW.Autoruner1.14959 20180720
Emsisoft Gen:Trojan.Mresmon.Gen.1 (B) 20180720
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Injector.CEAR 20180720
F-Prot W32/Agent.XL.gen!Eldorado 20180720
F-Secure Gen:Trojan.Mresmon.Gen.1 20180720
Fortinet W32/Injector.CECB!tr 20180720
GData Gen:Trojan.Mresmon.Gen.1 20180720
Ikarus Trojan.Win32.Injector 20180720
Sophos ML heuristic 20180717
Jiangmin Trojan/Generic.bitkk 20180720
K7AntiVirus Trojan ( 004ce5451 ) 20180720
K7GW Trojan ( 004ce5451 ) 20180720
Kaspersky HEUR:Trojan.Win32.Generic 20180720
Malwarebytes Backdoor.Bot 20180720
MAX malware (ai score=100) 20180720
McAfee Generic-FAWO!5FB4EC9F9115 20180720
McAfee-GW-Edition BehavesLike.Win32.Emotet.dh 20180720
Microsoft Ransom:Win32/Crowti!rfn 20180720
eScan Gen:Trojan.Mresmon.Gen.1 20180720
NANO-Antivirus Trojan.Win32.Autoruner1.dtkxhl 20180720
Palo Alto Networks (Known Signatures) generic.ml 20180720
Panda Trj/Genetic.gen 20180720
Qihoo-360 Win32/Trojan.cee 20180720
Rising Ransom.Crowti!8.37D (CLOUD) 20180720
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/Yakes-BV 20180720
SUPERAntiSpyware Trojan.Agent/Gen-Backdoor 20180720
Symantec ML.Attribute.HighConfidence 20180720
Tencent Win32.Trojan.Generic.Tapg 20180720
TheHacker Trojan/Injector.cecb 20180720
TrendMicro TROJ_CRYPWALL.SMYK 20180720
TrendMicro-HouseCall TROJ_CRYPWALL.SMYK 20180720
VBA32 Heur.Malware-Cryptor.Ngrbot 20180720
VIPRE Trojan.Win32.Generic!BT 20180720
Webroot W32.Trojan.Gen 20180720
Yandex Trojan.Injector!oT5jI1yBBEI 20180720
Zillya Trojan.Cryptodef.Win32.431 20180720
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180720
Alibaba 20180713
Avast-Mobile 20180720
Bkav 20180719
CMC 20180720
Comodo 20180720
eGambit 20180720
Kingsoft 20180720
TACHYON 20180719
TotalDefense 20180720
Trustlook 20180720
ViRobot 20180720
Zoner 20180719
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2007, 2013 Oracle and/or its affiliates. All rights reserved.

Product VEGAS VisualVM
Original name vvisualvm.exe
Internal name vvisualvm
File version 7.0.600.0
Description VEGAS VisualVM
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-01 13:18:49
Entry Point 0x0001AF6C
Number of sections 3
PE sections
Overlays
MD5 c913a575840517c5543f319aafe62d96
File type data
Offset 240640
Size 4
Entropy 2.00
PE imports
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_Read
ImageList_DragMove
ImageList_Create
ImageList_GetDragImage
Ord(17)
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_Remove
ImageList_EndDrag
DeviceIoControl
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
ReleaseMutex
SetHandleCount
GetLastError
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetFileType
SetStdHandle
SetFilePointer
RaiseException
LockFileEx
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetFileAttributesA
HeapAlloc
TerminateProcess
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
SetLastError
VirtualFree
TlsGetValue
Sleep
DeleteTimerQueue
ReadConsoleW
TlsSetValue
CreateFileA
GetCurrentThreadId
GetVersion
LeaveCriticalSection
VirtualAlloc
WriteConsoleW
InterlockedIncrement
AnimateWindow
GetDesktopWindow
GetClientRect
CloseWindow
AllowSetForegroundWindow
BringWindowToTop
CascadeWindows
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_MANIFEST 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
LITHUANIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

FileDescription
VEGAS VisualVM

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.600.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FullVersion
1.7.0_60

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
239616

EntryPoint
0x1af6c

OriginalFileName
vvisualvm.exe

MIMEType
application/octet-stream

LegalCopyright
2007, 2013 Oracle and/or its affiliates. All rights reserved.

FileVersion
7.0.600.0

TimeStamp
2015:07:01 14:18:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
vvisualvm

ProductVersion
7.0.600.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Oracle Corporation

CodeSize
0

ProductName
VEGAS VisualVM

ProductVersionNumber
7.0.600.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5fb4ec9f9115fd4b83d508a7a793d197
SHA1 255cf61be4aa4684ca97ca90c6fec95a94b728d8
SHA256 7c8a4d4f84bd95014df554734256844fb128ac2042c42e54322173d5591fb8dc
ssdeep
3072:UX2fEjHFJLQl1ANypO5M4H2ST5ttO1DMjc6uEvZX4pC+D7Y50d:UGfIQYypEaMj5uEvZSC+H

authentihash 5c5126860e2a7c4d135eb75c9aabc81b84bfbc95c6679fc25ea40241b065586e
imphash 08acbac69c716941505b64805d4a7569
File size 235.0 KB ( 240644 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-10-20 06:25:26 UTC ( 1 year, 5 months ago )
Last submission 2018-07-20 22:46:29 UTC ( 8 months ago )
File names vvisualvm
5fb4ec9f9115fd4b83d508a7a793d197.virus
vvisualvm.exe
5fb4ec9f9115fd4b83d508a7a793d197.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs