× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8fce395d2cb3856bf503b9d12db01afb577192814ba90644ad9bf1e7536f8992
File name: 98de7388af104317e75f003e9726e430.virus
Detection ratio: 36 / 64
Analysis date: 2017-07-19 18:13:11 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12021094 20170719
AhnLab-V3 Win-Trojan/Sagecrypt.Gen 20170719
ALYac Trojan.GenericKD.12021094 20170719
Arcabit Trojan.Generic.DB76D66 20170719
Avast Win32:Malware-gen 20170719
AVG Win32:Malware-gen 20170719
Avira (no cloud) TR/Crypt.Xpack.gwoyf 20170719
AVware Trojan.Win32.Generic!BT 20170719
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20170719
BitDefender Trojan.GenericKD.12021094 20170719
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20170710
Cylance Unsafe 20170719
Cyren W32/Trojan.JCGM-2761 20170719
Emsisoft Trojan.GenericKD.12021094 (B) 20170719
Endgame malicious (high confidence) 20170713
ESET-NOD32 a variant of Win32/Kryptik.FUNI 20170719
F-Secure Trojan.GenericKD.12021094 20170719
Fortinet W32/Kryptik.FUNI!tr 20170719
GData Trojan.GenericKD.12021094 20170719
K7AntiVirus Trojan ( 005127421 ) 20170719
K7GW Trojan ( 005127421 ) 20170719
Kaspersky Trojan.Win32.Yakes.ttqh 20170719
MAX malware (ai score=84) 20170719
McAfee Artemis!98DE7388AF10 20170719
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20170719
eScan Trojan.GenericKD.12021094 20170719
Panda Trj/CI.A 20170719
Rising Trojan.Kryptik!8.8 (cloud:OvpweSjCuMP) 20170719
SentinelOne (Static ML) static engine - malicious 20170718
Sophos AV Mal/Generic-S 20170719
Symantec Trojan.Gen.2 20170719
TrendMicro Ransom_HPLOCKY.SME 20170719
TrendMicro-HouseCall Ransom_HPLOCKY.SME 20170719
VIPRE Trojan.Win32.Generic!BT 20170719
Webroot Trojan.Dropper.Gen 20170719
ZoneAlarm by Check Point Trojan.Win32.Yakes.ttqh 20170719
AegisLab 20170719
Alibaba 20170719
Antiy-AVL 20170719
Bkav 20170719
CAT-QuickHeal 20170719
ClamAV 20170719
CMC 20170719
Comodo 20170719
DrWeb 20170719
F-Prot 20170719
Ikarus 20170719
Sophos ML 20170607
Jiangmin 20170719
Kingsoft 20170719
Malwarebytes 20170719
Microsoft 20170719
NANO-Antivirus 20170719
nProtect 20170719
Palo Alto Networks (Known Signatures) 20170719
Qihoo-360 20170719
SUPERAntiSpyware 20170719
Symantec Mobile Insight 20170719
Tencent 20170719
TheHacker 20170719
TotalDefense 20170719
Trustlook 20170719
VBA32 20170719
ViRobot 20170719
WhiteArmor 20170713
Yandex 20170719
Zillya 20170719
Zoner 20170719
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2015 HEVC video encoder

Product WizardsKeep
Internal name WizardsKeep
File version 9.3.4.3
Description Scene Steer Ninety 12
Comments Scene Steer Ninety 12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-07 14:37:30
Entry Point 0x00007BF8
Number of sections 5
PE sections
PE imports
CloseServiceHandle
LookupPrivilegeValueA
OpenServiceA
OpenProcessToken
ImpersonateSelf
InitiateSystemShutdownA
QueryServiceStatusEx
AdjustTokenPrivileges
ControlService
OpenSCManagerA
EnumDependentServicesA
GetSaveFileNameA
ExtTextOutW
CreatePen
DescribePixelFormat
SelectObject
GetPixelFormat
CreatePalette
GetStockObject
SelectPalette
SetTextAlign
ChoosePixelFormat
SetPixelFormat
SetBkColor
RealizePalette
SetTextColor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
SetLastError
EnumDateFormatsA
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
ExitProcess
WriteConsoleW
InterlockedIncrement
SafeArrayDestroy
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
StrFormatByteSizeW
GetForegroundWindow
GetParent
BeginPaint
HideCaret
DefWindowProcA
DrawTextExA
EndPaint
GetDlgItemTextA
MessageBoxA
IsWindowEnabled
GetWindow
GetSysColor
SendMessageA
GetClientRect
GetDlgItem
EnableMenuItem
SetRect
GetWindowTextLengthA
LoadCursorA
LoadIconA
FillRect
GetWindowTextW
WinHttpOpen
WinHttpOpenRequest
SCardSetAttrib
OleUninitialize
OleInitialize
OleGetClipboard
Number of PE resources by type
RT_GROUP_CURSOR 11
RT_BITMAP 10
UIFILE 8
RT_ICON 6
RT_CURSOR 5
BIN 4
TYPELIB 1
RT_VERSION 1
RT_MANIFEST 1
DXSKINS 1
RT_GROUP_ICON 1
Number of PE resources by language
DANISH DEFAULT 49
PE resources
Debug information
ExifTool file metadata
CodeSize
93696

SubsystemVersion
5.1

Comments
Scene Steer Ninety 12

Languages
English

InitializedDataSize
224768

ImageVersion
0.0

ProductName
WizardsKeep

FileVersionNumber
9.3.4.3

UninitializedDataSize
0

LanguageCode
Danish

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

PrivateBuild
9.3.4.3

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
9.3.4.3

TimeStamp
2017:07:07 15:37:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WizardsKeep

ProductVersion
9.3.4.3

FileDescription
Scene Steer Ninety 12

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2015 HEVC video encoder

MachineType
Intel 386 or later, and compatibles

CompanyName
HEVC video encoder

LegalTrademarks
Copyright 2015 HEVC video encoder

FileSubtype
0

ProductVersionNumber
9.3.4.3

EntryPoint
0x7bf8

ObjectFileType
Executable application

File identification
MD5 98de7388af104317e75f003e9726e430
SHA1 8a7f28bcb715f8f713fdd85a087d16bd18886920
SHA256 8fce395d2cb3856bf503b9d12db01afb577192814ba90644ad9bf1e7536f8992
ssdeep
6144:xLgcLrubpmumcmFAtOH3554/zzzsgGqiqa55ocPuR:lrEmu1Odp54/nzsgWrPuR

authentihash 467272dc48dbc690f7bab505f9ae61827a4c7b09ea06adc6c19ad7339637592e
imphash b939bd6f11c1afee702cb9c9fe98d4cf
File size 312.0 KB ( 319488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
Clipper DOS Executable (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-07-19 18:13:11 UTC ( 1 year, 7 months ago )
Last submission 2017-10-20 22:24:13 UTC ( 1 year, 4 months ago )
File names 98de7388af104317e75f003e9726e430.virus
WizardsKeep
98de7388af104317e75f003e9726e430.virobj
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Runtime DLLs