× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8e7bf3663d25a1e2d9f1cda19de536ae927cbea2cd15aca67c26f6eb2325a7a9
File name: out
Detection ratio: 38 / 66
Analysis date: 2018-05-03 00:04:44 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.77256 20180502
AhnLab-V3 Trojan/Win32.Cryptos.C2084972 20180502
ALYac Gen:Variant.Symmi.77256 20180502
Arcabit Trojan.Symmi.D12DC8 20180502
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9995 20180502
BitDefender Gen:Variant.Symmi.77256 20180502
Bkav W32.CloundnetPS.Trojan 20180502
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180503
Cyren W32/S-7cb6aed1!Eldorado 20180502
DrWeb Trojan.Proxy2.1312 20180502
Emsisoft Gen:Variant.Symmi.77256 (B) 20180502
Endgame malicious (high confidence) 20180402
ESET-NOD32 a variant of Win32/Glupteba.AY 20180502
F-Prot W32/S-7cb6aed1!Eldorado 20180502
F-Secure Gen:Variant.Symmi.77256 20180502
Fortinet W32/Generic.AP.128842!tr 20180502
GData Gen:Variant.Symmi.77256 20180502
Ikarus Trojan.Win32.Glupteba 20180502
Sophos ML heuristic 20180120
K7AntiVirus Trojan ( 005115a11 ) 20180502
K7GW Trojan ( 005115a11 ) 20180502
Kaspersky HEUR:Trojan-Proxy.Win32.Glupteba.gen 20180502
Malwarebytes Trojan.BitCoinMiner 20180502
MAX malware (ai score=80) 20180503
McAfee GenericRXCI-JU!F3CCA1FD5AAD 20180502
McAfee-GW-Edition BehavesLike.Win32.Generic.jc 20180502
Microsoft Trojan:Win32/Tiggre!rfn 20180502
eScan Gen:Variant.Symmi.77256 20180502
Palo Alto Networks (Known Signatures) generic.ml 20180503
Qihoo-360 Win32/Trojan.Proxy.6bb 20180503
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/Glupteba-M 20180502
SUPERAntiSpyware Hack.Tool/Gen-BitCoinMiner 20180502
Symantec ML.Attribute.HighConfidence 20180502
VBA32 Trojan.SmearPasse 20180502
Webroot W32.Trojan.Gen 20180503
ZoneAlarm by Check Point HEUR:Trojan-Proxy.Win32.Glupteba.gen 20180502
AegisLab 20180502
Alibaba 20180502
Antiy-AVL 20180502
Avast 20180502
Avast-Mobile 20180502
AVG 20180502
Avira (no cloud) 20180502
AVware 20180428
Babable 20180406
CAT-QuickHeal 20180502
ClamAV 20180502
CMC 20180502
Comodo 20180502
Cybereason None
eGambit 20180503
Jiangmin 20180502
Kingsoft 20180503
NANO-Antivirus 20180502
nProtect 20180502
Panda 20180502
Rising 20180502
Symantec Mobile Insight 20180501
Tencent 20180503
TheHacker 20180430
TotalDefense 20180502
TrendMicro 20180502
TrendMicro-HouseCall 20180502
Trustlook 20180503
VIPRE 20180502
ViRobot 20180502
Yandex 20180428
Zoner 20180502
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product EpicNet Cloud Office
Original name cloudnet.exe
Internal name cloudnet.exe
File version 7.2.1.1
Description Cloud Net
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-03 00:00:37
Entry Point 0x000250D0
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
GetTokenInformation
RegDeleteValueW
CryptReleaseContext
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteTreeW
CryptGenRandom
RegOpenKeyExW
CryptAcquireContextW
RegQueryValueExW
GetStdHandle
InterlockedPopEntrySList
WaitForSingleObject
EncodePointer
CreateTimerQueue
QueueUserAPC
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
SetThreadAffinityMask
GetThreadTimes
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
GetThreadPriority
FreeLibraryAndExitThread
CreateEventW
FindClose
TlsGetValue
FormatMessageA
SignalObjectAndWait
GetEnvironmentVariableW
SetLastError
DeviceIoControl
InitializeCriticalSection
CopyFileW
RemoveDirectoryW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
ReadConsoleInputW
GetFileAttributesW
VerSetConditionMask
SetThreadPriority
AllocConsole
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
SetFilePointerEx
DeleteTimerQueueTimer
CreateMutexA
RegisterWaitForSingleObject
CreateThread
MoveFileExW
InterlockedFlushSList
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
ChangeTimerQueueTimer
ReadConsoleW
SetWaitableTimer
GetProcAddress
SleepEx
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
SetConsoleTextAttribute
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
FreeLibrary
GetWindowsDirectoryW
GetDateFormatW
CreateTimerQueueTimer
GetStartupInfoW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
GetTempFileNameW
QueryDepthSList
GetTimeFormatW
GetModuleFileNameW
FindNextFileW
GetCurrentThreadId
ResetEvent
FreeConsole
IsValidLocale
DuplicateHandle
FindFirstFileExW
GetUserDefaultLCID
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
lstrcmp
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
InterlockedPushEntrySList
LCMapStringW
GetConsoleCP
UnregisterWaitEx
CompareStringW
GetEnvironmentStringsW
WaitForSingleObjectEx
lstrlenW
VirtualFree
GetQueuedCompletionStatus
SwitchToThread
UnregisterWait
GetCurrentProcessId
CreateIoCompletionPort
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
GetTickCount64
RaiseException
ReleaseSemaphore
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLogicalProcessorInformation
GetNumaHighestNodeNumber
IsValidCodePage
OpenEventW
PostQueuedCompletionStatus
CreateProcessW
Sleep
VirtualAlloc
NetWkstaGetInfo
NetApiBufferFree
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathAndSubDirW
StrCpyNW
InternetCheckConnectionW
getaddrinfo
htonl
WSARecv
WSACreateEvent
WSAStartup
freeaddrinfo
connect
shutdown
htons
select
getsockopt
WSACloseEvent
ntohl
WSASend
ioctlsocket
WSAGetLastError
WSAEventSelect
WSASetLastError
WSACleanup
closesocket
setsockopt
WSASocketW
CoInitializeEx
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
StringFromGUID2
Number of PE resources by type
RT_ICON 4
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 7
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.2.1.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Cloud Net

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
172032

EntryPoint
0x250d0

OriginalFileName
cloudnet.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
7.2.1.1

TimeStamp
2018:05:02 17:00:37-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
cloudnet.exe

ProductVersion
7.2.1.1

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
EpicNet Inc.

CodeSize
515584

ProductName
EpicNet Cloud Office

ProductVersionNumber
7.2.1.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f3cca1fd5aad6d7012e26e220bd7bf74
SHA1 93cce26617f2b1e423954bd01e945c5154095ed0
SHA256 8e7bf3663d25a1e2d9f1cda19de536ae927cbea2cd15aca67c26f6eb2325a7a9
ssdeep
12288:Sz7oGZpmt4qWGw5op2eMeQaAiiuRSSOwPe64ipK7v:Sz7hZMCqWXpeMgEuRSgPBK7

authentihash 3f8a23c117329029ccd23fd98dab0f597b6d42d2a31e1a1b458e5526d735355a
imphash 054c63bf911413ee56613b2c4ef635b3
File size 665.0 KB ( 680960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-03 00:04:44 UTC ( 9 months, 2 weeks ago )
Last submission 2018-06-04 04:31:10 UTC ( 8 months, 2 weeks ago )
File names cloudnet.exe
cloudnet.exe
cloudnet.exe
cloudnet.exe
f3cca1fd5aad6d7012e26e220bd7bf74.dat
cloudnet.exe
cloudnet.exe
cloudnet.exe
C$~Users~test~AppData~Local~Temp~csrss~cloudnet.exe
cloudnet.exe
a62102d0a1ad709d0dad49bf41786cfbc495bd9c
C$~Users~test~AppData~Roaming~EpicNet Inc~CloudNet~cloudnet.exe
cloudnet.exe
cloudnet.exe
cloudnet.exe
out
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!