× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81d1f9cdbd691fa7ab7c1a1ab377b5f557622a9f330b450585d8da674f01f909
File name: 609f7242b99358225b30c587f1186554.virus
Detection ratio: 18 / 67
Analysis date: 2018-05-09 18:00:45 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20180509
AVG FileRepMalware 20180509
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180509
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/GenKryptik.BYLO 20180509
Ikarus Trojan-Dropper.Win32.Dorifel 20180509
Sophos ML heuristic 20180503
K7AntiVirus EmailWorm ( 003c363a1 ) 20180509
K7GW EmailWorm ( 003c363a1 ) 20180509
Kaspersky UDS:DangerousObject.Multi.Generic 20180509
McAfee PWSZbot-FLW!609F7242B993 20180509
McAfee-GW-Edition BehavesLike.Win32.Sality.dc 20180509
Palo Alto Networks (Known Signatures) generic.ml 20180509
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180509
Webroot W32.Adware.Gen 20180509
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180509
Ad-Aware 20180509
AhnLab-V3 20180509
Alibaba 20180509
ALYac 20180509
Antiy-AVL 20180509
Arcabit 20180509
Avast 20180509
Avast-Mobile 20180509
Avira (no cloud) 20180509
AVware 20180428
Babable 20180406
Baidu 20180509
BitDefender 20180509
Bkav 20180509
CAT-QuickHeal 20180509
ClamAV 20180509
CMC 20180509
Comodo 20180509
Cybereason None
Cyren 20180509
DrWeb 20180509
eGambit 20180509
Emsisoft 20180509
F-Prot 20180509
F-Secure 20180509
Fortinet 20180509
GData 20180509
Jiangmin 20180509
Kingsoft 20180509
Malwarebytes 20180509
MAX 20180509
Microsoft 20180509
eScan 20180509
NANO-Antivirus 20180509
nProtect 20180509
Panda 20180509
Qihoo-360 20180509
Rising 20180509
Sophos AV 20180509
SUPERAntiSpyware 20180509
Symantec Mobile Insight 20180509
Tencent 20180509
TheHacker 20180509
TotalDefense 20180509
TrendMicro 20180509
TrendMicro-HouseCall 20180509
Trustlook 20180509
VBA32 20180508
VIPRE 20180509
ViRobot 20180509
Yandex 20180508
Zillya 20180508
Zoner 20180509
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product ZeroCase
Original name ZeroCase.exe
Internal name ZeroCase
File version 1.00
Description steunen door een reclamebord
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-09 13:43:11
Entry Point 0x0000138C
Number of sections 4
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaStrCmp
__vbaVarDup
Ord(516)
__vbaStrMove
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
Ord(697)
EVENT_SINK_AddRef
__vbaLenBstr
__vbaAryMove
_adj_fpatan
__vbaFreeObjList
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
__vbaUbound
__vbaVarAdd
_adj_fdiv_r
Ord(100)
__vbaAryLock
_CItan
__vbaFreeVar
__vbaFreeStr
__vbaLbound
__vbaObjSetAddref
__vbaAryConstruct2
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(660)
_allmul
__vbaStrVarVal
_CIcos
EVENT_SINK_QueryInterface
_adj_fptan
Ord(593)
Ord(581)
__vbaObjSet
_CIatan
__vbaNew2
__vbaOnError
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
__vbaStrI2
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaVar2Vec
__vbaFreeStrList
Ord(598)
__vbaFpI2
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 2
DRAWRESULT 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
GERMAN LUXEMBOURG 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
176128

ImageVersion
1.0

ProductName
ZeroCase

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
ZeroCase.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2018:05:09 14:43:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ZeroCase

ProductVersion
1.0

FileDescription
steunen door een reclamebord

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Kunstrijden

CodeSize
36864

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x138c

ObjectFileType
Executable application

File identification
MD5 609f7242b99358225b30c587f1186554
SHA1 638373bf8ce584b236676e2c434645aa0f2f69e8
SHA256 81d1f9cdbd691fa7ab7c1a1ab377b5f557622a9f330b450585d8da674f01f909
ssdeep
3072:gE8Lrc1LRU5a2L6EZgK8aiItfsUkXLt5ZaunWc5HB5JVuOBaqszwpcXc23G6HJ:gprcjUv6+8otlkXnNW8h5fu2ew+3W6

authentihash ecbafb1d8148715d995aa5860ada2eb004edc9b05f6ae16100d2059d54f58051
imphash c76c3b08039750981edaf66688fcaf15
File size 212.0 KB ( 217088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (64.7%)
Win64 Executable (generic) (21.7%)
Win32 Dynamic Link Library (generic) (5.1%)
Win32 Executable (generic) (3.5%)
OS/2 Executable (generic) (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-09 16:30:59 UTC ( 9 months, 2 weeks ago )
Last submission 2018-05-27 17:52:13 UTC ( 8 months, 3 weeks ago )
File names ccf9c5b919bd90674e0b45f94487b0724c757219
ZeroCase
toler.png
ZeroCase.exe
609f7242b99358225b30c587f1186554.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!