× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7d83b9f1dec56f3f6984ff5b1d4ea235c273e6cb760777260fb1ddcd977bf44b
File name: PO.exe
Detection ratio: 40 / 67
Analysis date: 2018-11-12 01:54:34 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40667171 20181111
AhnLab-V3 Trojan/Win32.Agent.R242443 20181111
ALYac Trojan.GenericKD.40667171 20181112
Arcabit Trojan.Generic.D26C8823 20181111
Avast Win32:Malware-gen 20181112
AVG Win32:Malware-gen 20181112
BitDefender Trojan.GenericKD.40667171 20181112
Bkav HW32.Packed. 20181110
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.fc12a4 20180225
Cylance Unsafe 20181112
Cyren W32/VBKrypt.EP.gen!Eldorado 20181112
DrWeb Trojan.Inject1.54688 20181112
Emsisoft Trojan.GenericKD.40667171 (B) 20181112
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CPSV 20181111
F-Prot W32/VBKrypt.EP.gen!Eldorado 20181112
F-Secure Trojan.GenericKD.40667171 20181112
Fortinet W32/Injector.EBEG!tr 20181112
GData Trojan.GenericKD.40667171 20181112
Ikarus Trojan.Win32.Krypt 20181111
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 0054044d1 ) 20181111
K7GW Trojan ( 0054044d1 ) 20181109
Kaspersky Trojan-Spy.Win32.Noon.vls 20181111
Malwarebytes Trojan.MalPack.VB.Generic 20181111
McAfee RDN/Generic.grp 20181112
McAfee-GW-Edition BehavesLike.Win32.Fareit.fh 20181111
Microsoft Trojan:Win32/Dynamer!rfn 20181111
eScan Trojan.GenericKD.40667171 20181112
NANO-Antivirus Trojan.Win32.Inject1.fjwumo 20181111
Palo Alto Networks (Known Signatures) generic.ml 20181112
Panda Trj/GdSda.A 20181111
Rising Backdoor.Androm!8.113 (TFE:dGZlOgVoaWxItZbrEQ) 20181112
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181111
Symantec Trojan.Gen.2 20181111
TrendMicro TROJ_GEN.R004C0DK318 20181112
TrendMicro-HouseCall TROJ_GEN.R004C0DK318 20181111
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.vls 20181111
AegisLab 20181111
Alibaba 20180921
Antiy-AVL 20181112
Avast-Mobile 20181111
Avira (no cloud) 20181111
Babable 20180918
Baidu 20181109
CAT-QuickHeal 20181111
ClamAV 20181111
CMC 20181111
Jiangmin 20181112
Kingsoft 20181112
MAX 20181112
Qihoo-360 20181112
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181112
Tencent 20181112
TheHacker 20181108
TotalDefense 20181111
Trustlook 20181112
VBA32 20181109
VIPRE None
ViRobot 20181111
Webroot 20181112
Yandex 20181109
Zillya 20181109
Zoner 20181112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
TEST-11

Product TEST-11
Original name TEST-11.exe
Internal name TEST-11
File version 1.00
Description TEST-11
Comments TEST-11
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-31 07:03:43
Entry Point 0x000014C4
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaPrintObj
EVENT_SINK_Release
__vbaStrCmp
_allmul
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
__vbaLenBstr
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrToUnicode
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaRedim
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
Ord(618)
_adj_fdiv_r
Ord(100)
_CItan
__vbaFreeVar
__vbaVarTstNe
__vbaAryConstruct2
__vbaFileOpen
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
__vbaStrCopy
__vbaAryLock
_CIcos
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
Ord(515)
__vbaVarDup
Ord(628)
__vbaObjSet
_CIatan
__vbaNew2
Ord(644)
__vbaOnError
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFreeStrList
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
CodeSize
290816

SubsystemVersion
4.0

Comments
TEST-11

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x0000

FileDescription
TEST-11

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
24576

EntryPoint
0x14c4

OriginalFileName
TEST-11.exe

MIMEType
application/octet-stream

LegalCopyright
TEST-11

FileVersion
1.0

TimeStamp
2018:10:31 08:03:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
TEST-11

ProductVersion
1.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SAMSUNg

LegalTrademarks
TEST-11

ProductName
TEST-11

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 92f9798741c185ec65faed65affb16c3
SHA1 b8cf889fc12a48a69c381b584374ff54416a1763
SHA256 7d83b9f1dec56f3f6984ff5b1d4ea235c273e6cb760777260fb1ddcd977bf44b
ssdeep
6144:TrJvxy1FRDKAT6J6qSz/90F0LotRCenSWcccer:TrN0b40FVf0nVr

authentihash aac5fcc4b4d4e2b7d5e16fcc714fccc202b9182d15c8f3c21a27dd8f67876112
imphash 056fa1527455286a3ecc1f04c44222f3
File size 300.0 KB ( 307200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-31 13:11:28 UTC ( 6 months, 3 weeks ago )
Last submission 2018-12-05 20:44:20 UTC ( 5 months, 2 weeks ago )
File names 92f9798741c185ec65faed65affb16c3
PO.exe
PO.exe
TEST-11.exe
PO.exe
output.114578402.txt
TEST-11
gocpwu.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!