× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 877fe232b98e1105a897f129560127753ece2d6907d80167cb13a942154196a8
File name: mike.exe
Detection ratio: 19 / 71
Analysis date: 2019-02-21 10:19:44 UTC ( 3 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190221
AhnLab-V3 Trojan/Win32.Agent.C3027495 20190221
AVG FileRepMetagen [Malware] 20190221
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190211
Cybereason malicious.2c1d0a 20190109
Cylance Unsafe 20190221
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Injector.EDSB 20190221
Fortinet W32/GenKryptik.CZZT!tr 20190220
Ikarus Trojan.Crypt.Malcert 20190221
Sophos ML heuristic 20181128
McAfee Fareit-FNV!12F12142F668 20190221
Microsoft Trojan:Win32/Fuerboos.E!cl 20190221
Palo Alto Networks (Known Signatures) generic.ml 20190221
Qihoo-360 HEUR/QVM03.0.5FCB.Malware.Gen 20190221
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/FareitVB-N 20190221
Symantec ML.Attribute.HighConfidence 20190221
Trapmine malicious.high.ml.score 20190123
Ad-Aware 20190221
AegisLab 20190221
Alibaba 20180921
ALYac 20190221
Antiy-AVL 20190221
Arcabit 20190220
Avast 20190221
Avast-Mobile 20190221
Avira (no cloud) 20190221
Babable 20180918
Baidu 20190215
BitDefender 20190221
Bkav 20190220
CAT-QuickHeal 20190220
ClamAV 20190220
CMC 20190221
Comodo 20190221
Cyren 20190221
DrWeb 20190221
eGambit 20190221
Emsisoft 20190221
F-Prot 20190221
F-Secure 20190221
GData 20190221
Jiangmin 20190221
K7AntiVirus 20190221
K7GW 20190221
Kaspersky 20190221
Kingsoft 20190221
Malwarebytes 20190221
MAX 20190221
McAfee-GW-Edition 20190221
eScan 20190221
NANO-Antivirus 20190221
Panda 20190220
Rising 20190221
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
TACHYON 20190221
Tencent 20190221
TheHacker 20190217
TotalDefense 20190221
TrendMicro 20190221
TrendMicro-HouseCall 20190221
Trustlook 20190221
VBA32 20190221
VIPRE 20190221
ViRobot 20190221
Webroot 20190221
Yandex 20190221
Zillya 20190220
ZoneAlarm by Check Point 20190221
Zoner 20190220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product PLEUROPNEUMONIA
Original name Trypsinogen.exe
Internal name Trypsinogen
File version 1.01.0009
Description MOSELLE1
Comments NGWACI2
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 6:28 PM 3/8/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-01 11:42:38
Entry Point 0x000010B0
Number of sections 3
PE sections
Overlays
MD5 976febfde9020a7495311c12b112c33a
File type data
Offset 565248
Size 6088
Entropy 7.33
PE imports
EVENT_SINK_QueryInterface
Ord(616)
Ord(519)
Ord(619)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(685)
ProcCallEngine
Ord(572)
Ord(100)
Ord(525)
EVENT_SINK_Release
Ord(595)
EVENT_SINK_AddRef
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
NGWACI2

LinkerVersion
6.0

ImageVersion
1.1

FileSubtype
0

FileVersionNumber
1.1.0.9

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
MOSELLE1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x10b0

OriginalFileName
Trypsinogen.exe

MIMEType
application/octet-stream

FileVersion
1.01.0009

TimeStamp
2014:02:01 03:42:38-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
Trypsinogen

ProductVersion
1.01.0009

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
557056

ProductName
PLEUROPNEUMONIA

ProductVersionNumber
1.1.0.9

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 12f12142f668eed513d9d9fa412fb72a
SHA1 5e765472c1d0a6660fd932bd177c0e4f6f2bb449
SHA256 877fe232b98e1105a897f129560127753ece2d6907d80167cb13a942154196a8
ssdeep
12288:crsM1YDSkpFGiGxAbQhTGG4tJxkaDC03c:cTeekI2bQ6g/

authentihash af8f2cceab493ed5696302db2489b2c223076f3fc69b6a3303efe6032eb26661
imphash 587ba3bdb575b42339fc298af243f730
File size 557.9 KB ( 571336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-02-21 10:19:44 UTC ( 3 months ago )
Last submission 2019-02-25 07:44:03 UTC ( 2 months, 3 weeks ago )
File names 877fe232b98e1105a897f129560127753ece2d6907d80167cb13a942154196a8.exe
Trypsinogen.exe
mike.exe
Trypsinogen
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.