× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 819488ad24e931eb879b549caef3392616473aa1badd5b961356bc6a141427b9
File name: 5e77b13276b4b2d6d81599677e7f1104
Detection ratio: 9 / 54
Analysis date: 2014-07-18 08:32:56 UTC ( 4 years, 4 months ago )
Antivirus Result Update
AVG Luhe.Gen.C 20140718
ByteHero Virus.Win32.Heur.p 20140718
CMC Heur.Win32.Veebee.1!O 20140717
ESET-NOD32 a variant of Win32/Injector.BIBV 20140718
McAfee Dropper-FHX!C0F569E9A365 20140718
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C 20140717
Microsoft PWS:Win32/Zbot 20140718
Qihoo-360 Malware.QVM18.Gen 20140718
Sophos AV Mal/VB-ALO 20140718
Ad-Aware 20140718
AegisLab 20140718
Yandex 20140716
AhnLab-V3 20140717
AntiVir 20140718
Antiy-AVL 20140718
Avast 20140718
Baidu-International 20140718
BitDefender 20140718
Bkav 20140717
CAT-QuickHeal 20140717
ClamAV 20140717
Commtouch 20140718
Comodo 20140717
DrWeb 20140718
Emsisoft 20140717
F-Prot 20140718
F-Secure 20140718
Fortinet 20140718
GData 20140718
Ikarus 20140718
Jiangmin 20140718
K7AntiVirus 20140717
K7GW 20140717
Kaspersky 20140718
Kingsoft 20140718
Malwarebytes 20140718
eScan 20140718
NANO-Antivirus 20140718
Norman 20140718
nProtect 20140717
Panda 20140718
Rising 20140717
SUPERAntiSpyware 20140718
Symantec 20140718
Tencent 20140718
TheHacker 20140717
TotalDefense 20140717
TrendMicro 20140718
TrendMicro-HouseCall 20140718
VBA32 20140717
VIPRE 20140718
ViRobot 20140718
Zillya 20140716
Zoner 20140714
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher VS Revo Group
Product Hechting
Original name Manifold.exe
Internal name Manifold
File version 1.06.0006
Description Catoptri hazel
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-07-10 05:38:59
Entry Point 0x0004FB00
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(546)
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
12288

ImageVersion
1.6

ProductName
Hechting

FileVersionNumber
1.6.0.6

UninitializedDataSize
106496

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Manifold.exe

MIMEType
application/octet-stream

FileVersion
1.06.0006

TimeStamp
2014:07:10 06:38:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Manifold

FileAccessDate
2014:07:18 09:33:00+01:00

ProductVersion
1.06.0006

FileDescription
Catoptri hazel

OSVersion
4.0

FileCreateDate
2014:07:18 09:33:00+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
VS Revo Group

CodeSize
221184

FileSubtype
0

ProductVersionNumber
1.6.0.6

EntryPoint
0x4fb00

ObjectFileType
Executable application

File identification
MD5 5e77b13276b4b2d6d81599677e7f1104
SHA1 9a972752cc3e7b9337d4af26dacbf49987aa6c89
SHA256 819488ad24e931eb879b549caef3392616473aa1badd5b961356bc6a141427b9
ssdeep
6144:8NK1/tIS4uurs1jIKBfJQGWn+YnBVjapWyTZe6oS8:881/tm4LpWn+YB5aJo6oS8

imphash 9f965e238de315597d990bf81c19377f
File size 226.5 KB ( 231936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2014-07-18 08:32:56 UTC ( 4 years, 4 months ago )
Last submission 2014-07-18 08:32:56 UTC ( 4 years, 4 months ago )
File names Manifold.exe
Manifold
5e77b13276b4b2d6d81599677e7f1104
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.