× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7dd6766fc4f04dce59eccc4829795d6b402fb35c77db4400c2b8bc788cce73f8
File name: Manually
Detection ratio: 51 / 70
Analysis date: 2018-12-11 10:41:34 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40754099 20181211
AegisLab Trojan.Win32.Androm.4!c 20181211
AhnLab-V3 Trojan/Win32.Kryptik.C2828692 20181210
ALYac Spyware.LokiBot 20181211
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20181210
Arcabit Trojan.Generic.D26DDBB3 20181211
Avast Win32:Malware-gen 20181211
AVG Win32:Malware-gen 20181211
Avira (no cloud) TR/AD.LokiBot.wibti 20181210
BitDefender Trojan.GenericKD.40754099 20181211
Bkav W32.AIDetectVM.malware 20181211
CAT-QuickHeal Trojan.IGENERIC 20181210
Comodo Malware@#2ovl2kifpauav 20181211
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cybereason malicious.077ad9 20180225
Cylance Unsafe 20181211
Cyren W32/Trojan.SXVR-1057 20181211
DrWeb Trojan.PWS.Stealer.24168 20181211
Emsisoft Trojan.GenericKD.40754099 (B) 20181211
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/PSW.Fareit.L 20181211
F-Secure Trojan.GenericKD.40754099 20181211
Fortinet W32/Malicious_Behavior.SBX 20181211
GData Trojan.GenericKD.40754099 20181211
Ikarus Trojan.Inject 20181211
Sophos ML heuristic 20181128
Jiangmin Backdoor.Androm.adyb 20181211
K7AntiVirus Password-Stealer ( 004d5a661 ) 20181211
K7GW Password-Stealer ( 004d5a661 ) 20181211
Kaspersky Backdoor.Win32.Androm.quse 20181211
Malwarebytes Spyware.LokiBot 20181211
MAX malware (ai score=100) 20181211
McAfee RDN/Generic.grp 20181211
McAfee-GW-Edition BehavesLike.Win32.Dropper.hh 20181211
Microsoft Trojan:Win32/Bitrep.B 20181211
eScan Trojan.GenericKD.40754099 20181211
NANO-Antivirus Trojan.Win32.Androm.fkevxy 20181211
Palo Alto Networks (Known Signatures) generic.ml 20181211
Panda Trj/CI.A 20181210
Qihoo-360 HEUR/QVM10.2.2B86.Malware.Gen 20181211
Rising Backdoor.Androm!8.113 (CLOUD) 20181211
Sophos AV Troj/Fareit-GCT 20181211
Symantec Trojan Horse 20181211
Tencent Win32.Backdoor.Lokibot.Auto 20181211
Trapmine suspicious.low.ml.score 20181205
TrendMicro TROJ_GEN.F0C2C00KD18 20181211
TrendMicro-HouseCall TROJ_GEN.F0C2C00KD18 20181211
VBA32 BScope.TrojanSpy.Stealer 20181210
Webroot W32.Malware.Gen 20181211
Zillya Backdoor.Androm.Win32.57811 20181211
ZoneAlarm by Check Point Backdoor.Win32.Androm.quse 20181211
Alibaba 20180921
Avast-Mobile 20181210
Babable 20180918
Baidu 20181207
ClamAV 20181211
CMC 20181210
eGambit 20181211
F-Prot 20181211
Kingsoft 20181211
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181205
Symantec Mobile Insight 20181207
TACHYON 20181211
TheHacker 20181210
TotalDefense 20181211
Trustlook 20181211
VIPRE None
ViRobot 20181211
Yandex 20181207
Zoner 20181211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Shark Labs All rights reserved.

Product Manually
Original name Manually
File version 4.6.7.20
Description Pid Cas Boatload
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-13 00:55:15
Entry Point 0x00019F20
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
GetUserNameA
EncryptFileW
EqualDomainSid
EncryptionDisable
RegQueryValueExW
capGetDriverDescriptionA
ImageList_Create
Ord(17)
ImageList_Add
DeleteDC
SelectObject
GetTextExtentPoint32A
SetPixelFormat
GetStockObject
TextOutA
GetTextMetricsA
SetWindowOrgEx
CreateEllipticRgnIndirect
CreateEnhMetaFileA
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
Rectangle
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
HeapDestroy
DebugBreak
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
ResumeThread
GetLogicalDriveStringsA
InitializeCriticalSection
OutputDebugStringW
FindClose
EnumSystemGeoID
FormatMessageA
OutputDebugStringA
SetLastError
DeviceIoControl
InterlockedDecrement
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
CreateThread
SetUnhandledExceptionFilter
ExitThread
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
DeleteFileA
GetUserDefaultLCID
GetProcessHeap
FindFirstFileA
lstrcpyA
HeapValidate
CompareStringA
FindNextFileA
IsValidLocale
DuplicateHandle
GetProcAddress
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
WaitForSingleObjectEx
lstrlenW
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
IsValidCodePage
HeapCreate
VirtualFree
IsBadReadPtr
ReadFileEx
VirtualAlloc
GradientFill
NetUserEnum
NetApiBufferFree
wglMakeCurrent
CM_Get_Class_Registry_PropertyA
CM_Get_Depth
SHGetPathFromIDListA
SHBrowseForFolderA
PathFindFileNameW
SetFocus
GetParent
SystemParametersInfoA
OffsetRect
DefWindowProcW
DefWindowProcA
PostQuitMessage
DefMDIChildProcA
ShowWindow
LoadBitmapA
SetWindowPos
GetSystemMetrics
SetScrollPos
PrintWindow
GetWindowRect
ClientToScreen
SetDlgItemTextA
PostMessageA
SetWindowLongA
GetWindow
SendMessageW
GetDC
CopyImage
ReleaseDC
SetWindowTextA
CheckMenuItem
GetMenu
SendMessageA
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
EnableMenuItem
RegisterClassA
SetRect
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
FillRect
IsDlgButtonChecked
GetClientRect
GetDesktopWindow
LoadImageA
GetClassNameA
CreateWindowExW
GetMenuItemInfoA
GetTopWindow
SetForegroundWindow
DestroyWindow
GetProfilesDirectoryA
GetUserProfileDirectoryA
GetDefaultUserProfileDirectoryA
OpenThemeData
GetFileVersionInfoSizeA
HttpQueryInfoA
mmioSeek
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAddCatalog
GetSaveFileNameW
CreateStreamOnHGlobal
RegisterDragDrop
RevokeDragDrop
StgCreateDocfile
StringFromGUID2
CoGetClassObject
CoInternetGetSession
Number of PE resources by type
RT_STRING 14
RT_BITMAP 10
RT_ICON 6
TYPELIB 1
RT_MANIFEST 1
MAD 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 35
PE resources
ExifTool file metadata
CodeSize
266240

SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.6.7.20

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Pid Cas Boatload

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
319488

PrivateBuild
4.6.7.20

EntryPoint
0x19f20

OriginalFileName
Manually

MIMEType
application/octet-stream

LegalCopyright
Shark Labs All rights reserved.

FileVersion
4.6.7.20

TimeStamp
2018:11:13 01:55:15+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
4.6.7.20

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Shark Labs

LegalTrademarks
Shark Labs All rights reserved.

ProductName
Manually

ProductVersionNumber
4.6.7.20

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 93c54e5eca5ac49e078cac753f4a4a35
SHA1 593c4d0077ad951cfc6b97276630b5f05e81287a
SHA256 7dd6766fc4f04dce59eccc4829795d6b402fb35c77db4400c2b8bc788cce73f8
ssdeep
12288:vyziJfpIbZHueJRivJd3plWL81X5AjA5AebuWdya7mpKG:vye/enivJ1plWmRewuWc8G

authentihash 3bdac81c49534547bf68865217aea36da646ad8da05cfb179d44f8410169797a
imphash f8b6585d14b1b8e66cad5263b262e36d
File size 576.0 KB ( 589824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-13 03:52:50 UTC ( 2 months ago )
Last submission 2018-11-20 01:39:59 UTC ( 1 month, 4 weeks ago )
File names LKS SHIP PARTICULARS_pdf.exe
Manually
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections