× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 87903ed887433e1b0a168df146979aac2f85cd1a7fc55dd8198c705aacb4c7ae
File name: 666.exe
Detection ratio: 21 / 70
Analysis date: 2018-12-27 09:42:34 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20181227
AhnLab-V3 Malware/Win32.Generic.C2903089 20181226
Avast FileRepMalware 20181227
AVG FileRepMalware 20181227
Bkav HW32.Packed. 20181224
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181022
Cybereason malicious.138d95 20180225
Cyren W32/Injector.UHWW-7298 20181227
Endgame malicious (high confidence) 20181108
F-Prot W32/Injector.HHW 20181227
Fortinet W32/Injector.ECFS!tr.ransom 20181227
GData Win32.Trojan.Kryptik.LO 20181227
Ikarus Trojan.Win32.Injector 20181226
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20181227
Malwarebytes Trojan.MalPack.NSIS 20181227
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20181227
Microsoft Trojan:Win32/Fuerboos.C!cl 20181227
Qihoo-360 HEUR/QVM20.1.2481.Malware.Gen 20181227
Trapmine malicious.moderate.ml.score 20181205
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181227
Ad-Aware 20181227
AegisLab 20181227
Alibaba 20180921
ALYac 20181227
Antiy-AVL 20181227
Arcabit 20181227
Avast-Mobile 20181227
Avira (no cloud) 20181226
Babable 20180918
Baidu 20181207
BitDefender 20181227
CAT-QuickHeal 20181226
ClamAV 20181227
CMC 20181226
Comodo 20181227
Cylance 20181227
DrWeb 20181227
eGambit 20181227
Emsisoft 20181227
ESET-NOD32 20181227
F-Secure 20181227
Jiangmin 20181226
K7AntiVirus 20181226
K7GW 20181226
Kingsoft 20181227
MAX 20181227
McAfee 20181227
eScan 20181227
NANO-Antivirus 20181227
Palo Alto Networks (Known Signatures) 20181227
Panda 20181226
Rising 20181227
SentinelOne (Static ML) 20181223
Sophos AV 20181227
SUPERAntiSpyware 20181226
Symantec 20181226
Symantec Mobile Insight 20181225
TACHYON 20181227
Tencent 20181227
TheHacker 20181225
TrendMicro 20181227
TrendMicro-HouseCall 20181227
Trustlook 20181227
VBA32 20181226
VIPRE None
ViRobot 20181227
Webroot 20181227
Yandex 20181226
Zillya 20181227
Zoner 20181227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-03 20:20:42
Entry Point 0x00003815
Number of sections 5
PE sections
Overlays
MD5 22ea5acbdad0e7901588b01bfae45a44
File type data
Offset 44032
Size 225746
Entropy 8.00
PE imports
RegCreateKeyExW
RegEnumValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SelectObject
CreateBrushIndirect
SetBkMode
SetBkColor
DeleteObject
SetTextColor
SetFilePointer
GetLastError
CopyFileW
GetShortPathNameW
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetExitCodeProcess
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrcmpiW
GetCurrentProcess
CompareFileTime
GetWindowsDirectoryW
GetFileSize
SetFileTime
GetCommandLineW
WideCharToMultiByte
SetErrorMode
MultiByteToWideChar
lstrlenW
CreateDirectoryW
DeleteFileW
GlobalLock
ReadFile
lstrcpyA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcpyW
SetFileAttributesW
lstrcmpiA
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
FindNextFileW
GetTempPathW
CloseHandle
FindFirstFileW
lstrcmpW
GetModuleHandleW
lstrcatW
FreeLibrary
SearchPathW
SetCurrentDirectoryW
WriteFile
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
GetFullPathNameW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
SendMessageTimeoutW
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
DestroyWindow
EnableWindow
GetDC
DialogBoxParamW
AppendMenuW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
GetAsyncKeyState
ReleaseDC
BeginPaint
CreatePopupMenu
SendMessageW
ShowWindow
SetWindowTextW
SetClipboardData
wsprintfW
FindWindowExW
IsWindowVisible
SetForegroundWindow
GetClientRect
SetTimer
GetDlgItem
SystemParametersInfoW
DrawTextW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
CreateDialogParamW
wsprintfA
CharNextW
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
IsDlgButtonChecked
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
GetClassInfoW
CreateWindowExW
GetWindowLongW
CloseClipboard
SetCursor
ExitWindowsEx
OpenClipboard
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 6
RT_BITMAP 1
RT_GROUP_ICON 1
RT_MANIFEST 1
RT_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:04:03 22:20:42+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
27136

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
3815936

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x3815

OSVersion
4.0

ImageVersion
6.0

UninitializedDataSize
2048

File identification
MD5 0d4f6e47e744466d35b4ff446020486e
SHA1 a1ec3d5138d95bc0f9a7b7a73b6a10f8d63fe34a
SHA256 87903ed887433e1b0a168df146979aac2f85cd1a7fc55dd8198c705aacb4c7ae
ssdeep
6144:acpnM51pGFnDZQzrvucLJ1++TzI0OONzd8pUTpl9NDkM706aE8wpHT:acNCQDG3xDbTE09X8pC9JZQ6aE/

authentihash 21ce61aaef65d66f20d7df6ea4479723eb04608dfdf3dfe7f4de560ee3fcf59a
imphash 91ee5e6bfb97a170f42f9cf6e9a4878d
File size 263.5 KB ( 269778 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-27 09:42:34 UTC ( 1 month, 3 weeks ago )
Last submission 2018-12-27 09:42:34 UTC ( 1 month, 3 weeks ago )
File names 666.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Runtime DLLs