× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 82a363d6e60ec002b7d76f05970292b993f9ef72192e1db552b1f32b907cd466
File name: oeloatd4.exe
Detection ratio: 22 / 61
Analysis date: 2017-05-14 23:43:09 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.64628 20170514
Antiy-AVL Trojan/Win32.TSGeneric 20170514
Arcabit Trojan.Mikey.DFC74 20170514
Avast Win32:Rootkit-gen [Rtk] 20170514
AVware Trojan.Win32.Fareit.j (fs) 20170515
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9815 20170503
BitDefender Gen:Variant.Mikey.64628 20170514
CMC Trojan-Downloader.Win32.Gamarue.2!O 20170514
CrowdStrike Falcon (ML) malicious_confidence_98% (D) 20170130
Emsisoft Gen:Variant.Strictor.135317 (B) 20170515
Endgame malicious (high confidence) 20170503
ESET-NOD32 a variant of Win32/Kryptik.FSHG 20170515
F-Secure Gen:Variant.Strictor.135317 20170515
Fortinet W32/Kryptik.FSEZ!tr 20170514
GData Gen:Variant.Mikey.64628 20170514
Sophos ML worm.win32.gamarue.i 20170413
Malwarebytes Ransom.Troldesh 20170514
eScan Gen:Variant.Strictor.135317 20170515
Qihoo-360 HEUR/QVM10.1.2552.Malware.Gen 20170515
Symantec ML.Attribute.HighConfidence 20170514
VIPRE Trojan.Win32.Fareit.j (fs) 20170515
Webroot W32.Trojan.Gen 20170515
AegisLab 20170514
AhnLab-V3 20170514
Alibaba 20170514
ALYac 20170514
AVG 20170514
Avira (no cloud) 20170514
Bkav 20170513
CAT-QuickHeal 20170513
ClamAV 20170514
Comodo 20170514
Cyren 20170515
DrWeb 20170515
F-Prot 20170514
Ikarus 20170514
Jiangmin 20170514
K7AntiVirus 20170514
K7GW 20170514
Kaspersky 20170514
Kingsoft 20170515
McAfee 20170515
McAfee-GW-Edition 20170514
Microsoft 20170515
NANO-Antivirus 20170514
nProtect 20170514
Palo Alto Networks (Known Signatures) 20170515
Panda 20170514
Rising 20170514
SentinelOne (Static ML) 20170330
Sophos AV 20170514
SUPERAntiSpyware 20170514
Symantec Mobile Insight 20170514
Tencent 20170515
TheHacker 20170514
TrendMicro 20170514
TrendMicro-HouseCall 20170514
Trustlook 20170515
VBA32 20170512
ViRobot 20170514
WhiteArmor 20170512
Yandex 20170512
Zillya 20170511
ZoneAlarm by Check Point 20170514
Zoner 20170514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Jufodu sino cogexo roxigemasujo wiruvewova

Original name viwixehe.exe
File version 12, 6, 5, 44
Comments Noziga xidipasedi yemufi bewowebisayeka renu
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-12 08:56:06
Entry Point 0x00001263
Number of sections 4
PE sections
PE imports
GetClipRgn
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetFileAttributesW
RtlUnwind
LoadLibraryA
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
SetStdHandle
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
IsBadStringPtrW
HeapAlloc
TerminateProcess
GetModuleFileNameA
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
IsBadCodePtr
ExitProcess
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_BITMAP 2
RT_ICON 2
RT_ACCELERATOR 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Noziga xidipasedi yemufi bewowebisayeka renu

InitializedDataSize
145920

ImageVersion
0.0

FileVersionNumber
12.6.5.44

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
viwixehe.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
12, 6, 5, 44

TimeStamp
2017:05:12 09:56:06+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
12, 6, 5, 44

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Jufodu sino cogexo roxigemasujo wiruvewova

MachineType
Intel 386 or later, and compatibles

CodeSize
23552

FileSubtype
0

ProductVersionNumber
12.6.5.44

EntryPoint
0x1263

ObjectFileType
Unknown

File identification
MD5 d36dbce11ac1753b7d9366ed03b4280c
SHA1 9fb2aac07e990df1f24e873f30676cb9c21d8e9a
SHA256 82a363d6e60ec002b7d76f05970292b993f9ef72192e1db552b1f32b907cd466
ssdeep
3072:HHGeLtA/n9CK3e9MNCtflYEFKivR5TnQnO9HVS0GPVf:Hm58l6NC9lBFBMmW

authentihash fcd6024bee6a3d22b580e1c42b3edc33f65f9a6a84a6779d870ee979af6f0b27
imphash 2e2c05de379de1b7ccc207633b770eb1
File size 156.5 KB ( 160256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-14 23:43:09 UTC ( 1 year, 10 months ago )
Last submission 2018-02-06 01:16:02 UTC ( 1 year, 1 month ago )
File names viwixehe.exe
oeloatd4.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs