× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8b0434d0a5f7e099621e2fc4fb26120cca8851853dd6c4dc06b054d14ccc91bc
File name: output.114513746.txt
Detection ratio: 32 / 68
Analysis date: 2018-11-17 12:12:35 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31357142 20181117
AegisLab Worm.Win32.WBNA.lD3W 20181117
Arcabit Trojan.Generic.D1620690 20181117
Avast Win32:Malware-gen 20181117
AVG Win32:Malware-gen 20181117
Avira (no cloud) TR/AD.TrickBot.arvsj 20181117
BitDefender Trojan.GenericKD.31357142 20181117
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cylance Unsafe 20181117
Cyren W32/GenBl.B25F6C3A!Olympus 20181117
Emsisoft Trojan.GenericKD.31357142 (B) 20181117
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.EBEO 20181117
F-Secure Trojan.Generic.23201424 20181117
Fortinet Malicious_Behavior.SB 20181117
GData Trojan.GenericKD.31357142 20181117
Ikarus Trojan-Banker.TrickBot 20181117
Kaspersky Trojan.Win32.Mansabo.boz 20181117
McAfee RDN/Generic.com 20181117
McAfee-GW-Edition BehavesLike.Win32.Trojan.hc 20181117
Microsoft Trojan:Win32/MereTam.A 20181117
eScan Trojan.GenericKD.31357142 20181117
Palo Alto Networks (Known Signatures) generic.ml 20181117
Qihoo-360 Win32/Trojan.BO.22f 20181117
Rising Trojan.Injector!8.C4 (TFE:4:fB0lDBL0cxO) 20181117
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Troj/TrickBo-KQ 20181117
Symantec ML.Attribute.HighConfidence 20181116
TrendMicro TROJ_FRS.VSN11K18 20181117
TrendMicro-HouseCall TROJ_FRS.VSN11K18 20181117
Webroot W32.Trojan.Gen 20181117
ZoneAlarm by Check Point Trojan.Win32.Mansabo.boz 20181117
AhnLab-V3 20181117
Alibaba 20180921
ALYac 20181117
Antiy-AVL 20181117
Avast-Mobile 20181117
Babable 20180918
Baidu 20181116
Bkav 20181116
CAT-QuickHeal 20181117
ClamAV 20181117
CMC 20181117
Cybereason 20180225
DrWeb 20181117
eGambit 20181117
F-Prot 20181117
Sophos ML 20181108
Jiangmin 20181117
K7AntiVirus 20181117
K7GW 20181117
Kingsoft 20181117
Malwarebytes 20181117
MAX 20181117
NANO-Antivirus 20181117
Panda 20181117
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
TACHYON 20181117
Tencent 20181117
TheHacker 20181113
TotalDefense 20181117
Trustlook 20181117
VBA32 20181116
VIPRE 20181117
ViRobot 20181116
Yandex 20181116
Zillya 20181116
Zoner 20181117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product StyleButtons
Original name StyleButtons.exe
Internal name StyleButtons
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-14 12:17:04
Entry Point 0x00002240
Number of sections 3
PE sections
PE imports
VirtualProtect
VirtualAlloc
_adj_fdivr_m64
__vbaGenerateBoundsError
__vbaStrFixstr
_allmul
Ord(616)
__vbaGet3
_adj_fprem
__vbaR4Var
__vbaAryMove
__vbaRedim
Ord(537)
__vbaRecDestruct
__vbaCopyBytes
__vbaRaiseEvent
_adj_fdiv_r
__vbaRecAnsiToUni
__vbaObjSetAddref
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaI2Var
__vbaR8Str
_CIlog
__vbaVarMul
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
Ord(581)
__vbaI4Var
__vbaRecUniToAnsi
__vbaFreeStr
__vbaLateIdCallLd
Ord(631)
__vbaStrI2
__vbaStrR8
Ord(588)
__vbaStrR4
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(689)
Ord(516)
__vbaLenBstr
Ord(525)
__vbaRedimPreserve
Ord(681)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaUbound
__vbaFreeVar
__vbaBoolVarNull
__vbaStrI4
__vbaLbound
__vbaFileOpen
_CIsin
__vbaBoolErrVar
Ord(606)
__vbaAryLock
__vbaLsetFixstr
__vbaVarTstEq
Ord(667)
__vbaVarDiv
Ord(711)
__vbaNameFile
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaStrLike
__vbaChkstk
EVENT_SINK_Release
__vbaStrCmp
Ord(570)
__vbaAryUnlock
__vbaBoolVar
__vbaVarLateMemSt
__vbaFreeObjList
__vbaVarIndexLoad
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
Ord(578)
Ord(618)
__vbaExitProc
__vbaCastObj
__vbaLateMemCallLd
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
Ord(690)
_CIcos
__vbaVarMove
__vbaFPInt
__vbaErrorOverflow
__vbaNew2
__vbaR8IntI4
__vbaLateIdSt
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
__vbaPrintObj
Ord(685)
__vbaLateMemSt
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarForInit
__vbaObjIs
__vbaVarVargNofree
__vbaStrCopy
Ord(645)
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
__vbaRecDestructAnsi
__vbaCastObjVar
Ord(519)
__vbaUI1I4
__vbaUI1I2
_CIsqrt
__vbaVarCopy
__vbaLenBstrB
Ord(612)
_CIatan
Ord(587)
__vbaLateMemCall
_CItan
__vbaR8Var
Ord(529)
__vbaPut3
__vbaObjSet
Ord(644)
__vbaVarCat
_CIexp
__vbaStrToAnsi
__vbaFpR4
__vbaFpR8
__vbaFpI4
Ord(598)
__vbaFpI2
LoadStringW
Number of PE resources by type
RT_ICON 11
RT_STRING 5
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 12
ENGLISH US 6
GERMAN LUXEMBOURG 1
PE resources
ExifTool file metadata
CodeSize
311296

UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
278528

EntryPoint
0x2240

OriginalFileName
StyleButtons.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2018:11:14 13:17:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
StyleButtons

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

LegalTrademarks
PlatformIO Core with own GUI

ProductName
StyleButtons

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 b25f6c3a4462cb9064ccb93cbe86bf65
SHA1 b1e4b3e01a6ceb4c64c86b9efeb886956338a285
SHA256 8b0434d0a5f7e099621e2fc4fb26120cca8851853dd6c4dc06b054d14ccc91bc
ssdeep
12288:N0S3WwroioAwIGCnlDVBCRoAwIGCnlDVBCgoAwIGCnlDVBCcoAwIGCnlDVBC/j9b:Owrowj9NrQgE76OzStl

authentihash 4f0ffc9bf332c6c8d00d4bbe901569c5a99d7125ce9bb8b07f8c1ccec3fd20ba
imphash 0750988960615bec4f6e033007b07135
File size 580.0 KB ( 593920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (62.9%)
Win32 Executable MS Visual C++ (generic) (23.9%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
OS/2 Executable (generic) (1.5%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-16 11:39:58 UTC ( 6 months, 1 week ago )
Last submission 2018-11-16 14:06:02 UTC ( 6 months, 1 week ago )
File names ljgxu2oau2zni3d31l29s8nd6b4zpswk0tp279dene3f_uhd6ev8opsk6js33p8y.exe
duns.exe
StyleButtons
table.png
output.114513746.txt
StyleButtons.exe
8b0434d0a5f7e099621e2fc4fb26120cca8851853dd6c4dc06b054d14ccc91bc
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections