× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8e88dabf8ab275398f5048f337250ac7a52c637a9d435b61b8ec9cbcb6fe4a7e
File name: Order Sample_45335345.bat
Detection ratio: 23 / 69
Analysis date: 2019-01-11 18:41:27 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Arcabit Trojan.Agent.DNDI 20190111
Avast FileRepMalware 20190111
AVG FileRepMalware 20190111
BitDefender Trojan.Agent.DNDI 20190111
Bkav HW32.Packed. 20190108
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181023
Emsisoft Trojan.GenericKD.40934977 (B) 20190111
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.ECTW 20190111
F-Secure Trojan.Agent.DNDI 20190111
Fortinet W32/Injector.ECPC!tr 20190111
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20190111
MAX malware (ai score=85) 20190111
McAfee-GW-Edition BehavesLike.Win32.Generic.bc 20190111
eScan Trojan.Agent.DNDI 20190111
Qihoo-360 HEUR/QVM20.1.7B27.Malware.Gen 20190111
Rising Trojan.Injector!8.C4 (CLOUD) 20190111
SentinelOne (Static ML) static engine - malicious 20181223
Symantec Packed.NSISPacker!g6 20190111
Trapmine malicious.moderate.ml.score 20190103
TrendMicro-HouseCall TROJ_GEN.R002H09AB19 20190111
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190111
Acronis 20190111
Ad-Aware 20190111
AegisLab 20190111
AhnLab-V3 20190111
Alibaba 20180921
ALYac 20190111
Antiy-AVL 20190111
Avast-Mobile 20190111
Avira (no cloud) 20190111
Babable 20180918
Baidu 20190111
CAT-QuickHeal 20190111
ClamAV 20190111
CMC 20190111
Comodo 20190111
Cybereason 20190109
Cylance 20190111
Cyren 20190111
DrWeb 20190111
eGambit 20190111
F-Prot 20190111
Ikarus 20190111
Jiangmin 20190111
K7AntiVirus 20190111
K7GW 20190111
Kingsoft 20190111
Malwarebytes 20190111
McAfee 20190111
Microsoft 20190111
NANO-Antivirus 20190111
Palo Alto Networks (Known Signatures) 20190111
Panda 20190111
Sophos AV 20190111
SUPERAntiSpyware 20190109
TACHYON 20190111
Tencent 20190111
TheHacker 20190106
TotalDefense 20190111
TrendMicro 20190111
Trustlook 20190111
VBA32 20190111
ViRobot 20190111
Webroot 20190111
Yandex 20190111
Zillya 20190110
Zoner 20190111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT NSIS, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-03 20:20:55
Entry Point 0x00003812
Number of sections 5
PE sections
Overlays
MD5 0a32604a2cb6d8ee70244ac33160d1ec
File type data
Offset 42496
Size 729627
Entropy 8.00
PE imports
RegCreateKeyExW
RegEnumValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SelectObject
CreateBrushIndirect
SetBkMode
SetBkColor
DeleteObject
SetTextColor
SetFilePointer
GetLastError
CopyFileW
GetShortPathNameW
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetExitCodeProcess
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrcmpiW
GetCurrentProcess
CompareFileTime
GetWindowsDirectoryW
GetFileSize
SetFileTime
GetCommandLineW
WideCharToMultiByte
SetErrorMode
MultiByteToWideChar
lstrlenW
CreateDirectoryW
DeleteFileW
GlobalLock
ReadFile
lstrcpyA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcpyW
SetFileAttributesW
lstrcmpiA
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
FindNextFileW
GetTempPathW
CloseHandle
FindFirstFileW
lstrcmpW
GetModuleHandleW
lstrcatW
FreeLibrary
SearchPathW
SetCurrentDirectoryW
WriteFile
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
GetFullPathNameW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
SendMessageTimeoutW
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
DestroyWindow
EnableWindow
GetDC
DialogBoxParamW
AppendMenuW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
GetAsyncKeyState
ReleaseDC
BeginPaint
CreatePopupMenu
SendMessageW
ShowWindow
SetWindowTextW
SetClipboardData
wsprintfW
FindWindowExW
IsWindowVisible
SetForegroundWindow
GetClientRect
SetTimer
GetDlgItem
SystemParametersInfoW
DrawTextW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
CreateDialogParamW
wsprintfA
CharNextW
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
IsDlgButtonChecked
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
GetClassInfoW
CreateWindowExW
GetWindowLongW
CloseClipboard
SetCursor
ExitWindowsEx
OpenClipboard
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 4
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:04:03 13:20:55-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
27136

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x3812

InitializedDataSize
152064

SubsystemVersion
4.0

ImageVersion
6.0

OSVersion
4.0

UninitializedDataSize
2048

Execution parents
Compressed bundles
File identification
MD5 8910be64058c92c9463a0ad156bae28c
SHA1 f2a10de1dc58962f3d5cade7f4d03bc40f803325
SHA256 8e88dabf8ab275398f5048f337250ac7a52c637a9d435b61b8ec9cbcb6fe4a7e
ssdeep
12288:TIRNdmLxsjjKqLcGSWlw2kTFZuaZ3IqKzfFs0nhdJIT6T6m1zj6lYeOioII1a8E+:qdmLWjjZLcPIGIEIpzXJqo6m6lYeQIIN

authentihash 7d6eb2b63f3eb659fc29e250e47f1478355bb9b9962bdf3e98098c6c508b6a0f
imphash 91ee5e6bfb97a170f42f9cf6e9a4878d
File size 754.0 KB ( 772123 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2019-01-11 18:41:27 UTC ( 3 months, 1 week ago )
Last submission 2019-01-11 18:41:27 UTC ( 3 months, 1 week ago )
File names chrome.png
chrome.exe
apterium.exe
Order Sample_45335345.bat
apterium.exe
666.png
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created mutexes
Runtime DLLs