× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 85dd0225d5e3b9c77cee9fd7c845ebe661998f89d46bfb6aca82f14258ee2fb3
File name: .
Detection ratio: 41 / 70
Analysis date: 2019-01-11 18:53:32 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.DLJC 20190111
AhnLab-V3 Trojan/Win32.Fuerboos.C2889405 20190111
ALYac Trojan.Agent.DLJC 20190111
Antiy-AVL Trojan[Banker]/Win32.IcedID 20190111
Arcabit Trojan.Agent.DLJC 20190111
Avast Win32:Trojan-gen 20190111
AVG Win32:Trojan-gen 20190111
BitDefender Trojan.Agent.DLJC 20190111
ClamAV Win.Malware.Icedid-6804224-0 20190111
Comodo TrojWare.Win32.IcedID.GN@7zy1rw 20190111
Cybereason malicious.24929e 20190109
Cyren W32/S-fc243f0b!Eldorado 20190111
DrWeb Trojan.IcedID.15 20190111
Emsisoft Trojan.Agent.DLJC (B) 20190111
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOGQ 20190111
F-Prot W32/S-fc243f0b!Eldorado 20190111
F-Secure Trojan.Agent.DLJC 20190111
Fortinet W32/Kryptik.GNRO!tr 20190111
GData Trojan.Agent.DLJC 20190111
Ikarus Trojan-Banker.IcedID 20190111
Sophos ML heuristic 20181128
Jiangmin Trojan.Banker.IcedID.em 20190111
Kaspersky HEUR:Trojan.Win32.Generic 20190111
Malwarebytes Trojan.IcedID 20190111
MAX malware (ai score=81) 20190111
McAfee Ursnif-FQLY!F6CCC9C24929 20190111
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20190111
Microsoft Trojan:Win32/Emotet.DD 20190111
eScan Trojan.Agent.DLJC 20190111
NANO-Antivirus Trojan.Win32.IcedID.flatoi 20190111
Panda Trj/GdSda.A 20190111
Qihoo-360 HEUR/QVM10.1.7B27.Malware.Gen 20190111
Rising Trojan.Kryptik!8.8 (RDM+:cmRtazqAsKfIH501VtkSwmx9nNC1) 20190111
SUPERAntiSpyware Trojan.Agent/Gen-IcedID 20190109
Symantec ML.Attribute.HighConfidence 20190111
VBA32 Trojan.Azden 20190111
Webroot W32.Trojan.Gen 20190111
Yandex Trojan.PWS.IcedID! 20190111
Zillya Trojan.Generic.Win32.404402 20190110
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190111
Acronis 20190111
AegisLab 20190111
Alibaba 20180921
Avast-Mobile 20190111
Avira (no cloud) 20190111
Babable 20180918
Baidu 20190111
Bkav 20190108
CAT-QuickHeal 20190111
CMC 20190111
CrowdStrike Falcon (ML) 20181023
Cylance 20190111
eGambit 20190111
K7AntiVirus 20190111
K7GW 20190111
Kingsoft 20190111
Palo Alto Networks (Known Signatures) 20190111
SentinelOne (Static ML) 20181223
Sophos AV 20190111
TACHYON 20190111
Tencent 20190111
TheHacker 20190106
TotalDefense 20190111
Trapmine 20190103
TrendMicro 20190111
TrendMicro-HouseCall 20190111
Trustlook 20190111
ViRobot 20190111
Zoner 20190111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2001 Formstack Round. All rights reserved.

Product Rosestudent
Original name greatvalley.exe
File version 7.8.81.32
Description Rosestudent
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-12-10 12:00:58
Entry Point 0x00018F05
Number of sections 4
PE sections
PE imports
SelectClipRgn
CreateFontA
GetPixel
GetStockObject
CreateRectRgn
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetFileSize
LCMapStringW
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
SetStdHandle
GetModuleHandleA
WideCharToMultiByte
TlsFree
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
GetCurrentProcessId
SetLastError
LeaveCriticalSection
ReleaseDC
GetWindowLongA
EnumWindows
GetClassInfoExA
DefWindowProcA
CallNextHookEx
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_DIALOG 13
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.8.81.32

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Rosestudent

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
78336

EntryPoint
0x18f05

OriginalFileName
greatvalley.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2001 Formstack Round. All rights reserved.

FileVersion
7.8.81.32

TimeStamp
2010:12:10 13:00:58+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
7.8.81.32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Formstack Round

CodeSize
148992

ProductName
Rosestudent

ProductVersionNumber
7.8.81.32

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f6ccc9c24929e34c0878bd61e5b4b487
SHA1 796f6af8abc0353b1a6dfa854a7142f282666ed7
SHA256 85dd0225d5e3b9c77cee9fd7c845ebe661998f89d46bfb6aca82f14258ee2fb3
ssdeep
3072:dDsf+gV8NCBjUkthKg4k8PiRJq9ydxBBGNQ9/nt/VYVZXjQGxj+U:WfyNejU+hKDkxRJEydYeJBViu

authentihash 4dcfbdc1e605d223d0e2fca9f27066f46da07db32f3ad7b2461e8d86ae756a6f
imphash 77da906dafc5e296e25c317d128165c2
File size 177.0 KB ( 181248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-11 18:53:32 UTC ( 1 month, 1 week ago )
Last submission 2019-01-11 18:53:32 UTC ( 1 month, 1 week ago )
File names greatvalley.exe
.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.