× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 845c387763d2aa5ec87e5e3c46a3edffdd2db80f98f797c06d4f879304ff354c
File name: 845c387763d2aa5ec87e5e3c46a3edffdd2db80f98f797c06d4f879304ff354c
Detection ratio: 3 / 68
Analysis date: 2018-03-07 06:21:15 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Endgame malicious (high confidence) 20180303
Kaspersky HEUR:Trojan.Win32.Generic 20180307
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180307
Ad-Aware 20180307
AegisLab 20180307
AhnLab-V3 20180307
Alibaba 20180307
ALYac 20180307
Antiy-AVL 20180307
Arcabit 20180306
Avast 20180307
Avast-Mobile 20180306
AVG 20180307
Avira (no cloud) 20180306
AVware 20180307
Baidu 20180305
BitDefender 20180307
Bkav 20180306
CAT-QuickHeal 20180307
ClamAV 20180307
CMC 20180307
Comodo 20180307
CrowdStrike Falcon (ML) 20170201
Cybereason 20180225
Cylance 20180307
Cyren 20180307
DrWeb 20180307
eGambit 20180307
Emsisoft 20180307
ESET-NOD32 20180307
F-Prot 20180307
F-Secure 20180307
Fortinet 20180307
GData 20180307
Ikarus 20180306
Sophos ML 20180121
Jiangmin 20180307
K7AntiVirus 20180307
K7GW 20180307
Kingsoft 20180307
Malwarebytes 20180307
MAX 20180307
McAfee 20180307
McAfee-GW-Edition 20180307
Microsoft 20180307
eScan 20180307
NANO-Antivirus 20180307
nProtect 20180307
Palo Alto Networks (Known Signatures) 20180307
Panda 20180306
Qihoo-360 20180307
Rising 20180307
SentinelOne (Static ML) 20180225
Sophos AV 20180307
SUPERAntiSpyware 20180307
Symantec 20180307
Symantec Mobile Insight 20180306
Tencent 20180307
TheHacker 20180307
TotalDefense 20180307
TrendMicro 20180307
TrendMicro-HouseCall 20180307
Trustlook 20180307
VBA32 20180306
VIPRE 20180307
ViRobot 20180307
Webroot 20180307
WhiteArmor 20180223
Yandex 20180306
Zillya 20180306
Zoner 20180307
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©Blazevideo 1995-Present

Product EventAgileret
Original name EventAgileret.exe
Description Constrained Handling Transmission
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-06 19:06:02
Entry Point 0x0001AA8F
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
SetSecurityDescriptorOwner
RegCloseKey
RegDeleteValueA
RegQueryValueExA
AdjustTokenPrivileges
InitializeAcl
RegCreateKeyExA
SetSecurityDescriptorDacl
RegOpenKeyA
OpenProcessToken
RegQueryValueA
DuplicateToken
AddAccessAllowedAce
GetNamedSecurityInfoA
RegEnumKeyA
SetFileSecurityA
GetTokenInformation
RegOpenKeyExA
GetLengthSid
ReadEventLogA
FreeSid
ImpersonateLoggedOnUser
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
LogonUserA
RegEnumValueA
OpenSCManagerA
SetSecurityDescriptorGroup
InitCommonControlsEx
PrintDlgA
GetFileTitleA
ChooseFontA
CryptSIPLoad
SetMapMode
PatBlt
CreatePen
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
GetClipBox
GetPixel
CreateDCA
Rectangle
GetObjectA
GetDeviceCaps
ExcludeClipRect
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
EndDoc
SetPixelV
SelectObject
StartPage
DeleteObject
BitBlt
SetTextColor
ChoosePixelFormat
StartDocA
GetCurrentObject
CreateFontA
DescribePixelFormat
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
SetPixelFormat
SetTextAlign
SelectClipRgn
CreateCompatibleDC
ScaleViewportExtEx
EndPage
LineTo
GetTextExtentPoint32A
SetWindowExtEx
SetTextJustification
CreateSolidBrush
Escape
SetBkColor
SetViewportExtEx
CreateCompatibleBitmap
gluOrtho2D
GetAdaptersAddresses
GetAdapterIndex
FlushIpNetTable
GetStdHandle
GetConsoleOutputCP
WaitForSingleObject
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
GetStringTypeExA
OutputDebugStringA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
GetPrivateProfileStringA
GetUserDefaultLCID
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
OpenProcess
GetPrivateProfileIntA
GlobalLock
GlobalReAlloc
lstrcmpA
FindFirstFileA
CompareStringA
FindNextFileA
lstrcmpW
GetProcAddress
GetConsoleWindow
CreateEventA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
SetConsoleTitleA
CloseHandle
GetACP
GetModuleHandleW
FreeResource
OpenEventA
SizeofResource
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
acmMetrics
acmFormatEnumA
NetGroupGetUsers
NetSessionEnum
NetApiBufferFree
CreateStdAccessibleObject
LresultFromObject
OleSavePictureFile
VariantChangeType
OleTranslateColor
VariantInit
VariantClear
glLightfv
glFlush
glVertex2d
glColor3f
glClearColor
glVertex3f
glMatrixMode
glShadeModel
glClear
glPointSize
glVertex2i
glEnd
glEnable
glBegin
glLoadIdentity
UuidToStringA
RpcStringFreeA
UuidCreate
ShellExecuteA
DragQueryFileA
PathFindFileNameA
PathIsNetworkPathW
PathFindExtensionA
PathIsUNCA
PathStripToRootA
SetFocus
GetMessagePos
SetMenuItemBitmaps
DrawStateA
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
SetScrollPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetDC
GetAsyncKeyState
DrawTextA
GetDlgCtrlID
GetClassInfoA
SendMessageW
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
GetThreadDesktop
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
ClientToScreen
GetActiveWindow
ShowCursor
GetSubMenu
LoadImageA
GetTopWindow
GetWindowTextA
GetKeyState
DestroyWindow
GetMessageA
GetParent
GetCursorInfo
SetPropA
GetClassInfoExA
ShowWindow
GetPropA
GetDesktopWindow
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
InsertMenuItemA
GetIconInfo
LoadStringA
GetWindowPlacement
EnableMenuItem
RegisterClassA
TrackPopupMenuEx
TabbedTextOutA
DrawFocusRect
CreateWindowExA
FillRect
CopyRect
GetSysColorBrush
CreateWindowExW
PtInRect
IsDialogMessageA
MapWindowPoints
BeginPaint
DefWindowProcW
RegisterWindowMessageA
DefWindowProcA
CheckMenuRadioItem
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
UpdateWindow
PostMessageA
DrawIcon
GetMessageExtraInfo
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
CreateIconIndirect
ScreenToClient
GetClassLongA
InsertMenuA
GetCapture
FindWindowExA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
IsDlgButtonChecked
GetMenuState
GetSystemMenu
GetMenuItemID
SetForegroundWindow
GetCursorPos
ReleaseDC
EndDialog
SendInput
CreateDialogIndirectParamA
FindWindowA
DrawTextExA
GetWindowThreadProcessId
GetMenu
DrawFrameControl
UnhookWindowsHookEx
SetDlgItemTextA
GetMenuStringA
MessageBoxA
AdjustWindowRectEx
mouse_event
DialogBoxParamA
GetSysColor
RegisterClassExA
SystemParametersInfoA
OemKeyScan
IsWindowVisible
SetCursorPos
WinHelpA
SetRect
DeleteMenu
InvalidateRect
wsprintfA
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetMenu
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GdiplusShutdown
GdipDisposeImage
GdipCreateBitmapFromFile
GdipAlloc
GdipFree
GdipCloneImage
GdiplusStartup
GetColorDirectoryW
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoCreateInstance
CreateBindCtx
PdhGetFormattedCounterValue
SnmpUtilIdsToA
Number of PE resources by type
RT_GROUP_CURSOR 10
RT_CURSOR 9
RT_DIALOG 8
RT_ICON 7
Struct(3000) 6
BINARY 5
RT_RCDATA 3
Struct(998) 3
RT_HTML 2
RT_MANIFEST 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 56
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Languages
English

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.2.5.5

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Constrained Handling Transmission

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
231936

EntryPoint
0x1aa8f

OriginalFileName
EventAgileret.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Blazevideo 1995-Present

TimeStamp
2018:03:06 20:06:02+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
6.2.5.5

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Blazevideo

CodeSize
205312

ProductName
EventAgileret

ProductVersionNumber
6.2.5.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6a55d59da003fed44e19a2c17edd54d9
SHA1 1d1156aaf81b6ede5132f1b247834184f813329b
SHA256 845c387763d2aa5ec87e5e3c46a3edffdd2db80f98f797c06d4f879304ff354c
ssdeep
6144:46DMh0Yh6C8QQTyINexpsZzaayVYk1Lw32gv1c4OaO6OmSHYcalA6Nhc:42MhsTy/QZz2VYk1kmg9ak5b

authentihash 49a412627992b455c8ad435b58580acf79405f0f4806db07f6280e0fcd6d5dad
imphash a1e58a69aebc2499b0a4a9a3b17d352f
File size 428.0 KB ( 438272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-07 06:21:15 UTC ( 1 year, 2 months ago )
Last submission 2018-05-24 21:14:03 UTC ( 12 months ago )
File names pax.exe
output.112904076.txt
845c387763d2aa5ec87e5e3c46a3edffdd2db80f98f797c06d4f879304ff354c
EventAgileret.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.