× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9358caf963f23a096a63e92f1e059ee3cce069de02b19b7d4f1f9712ed032ae3
File name: 9358caf963f23a096a63e92f1e059ee3cce069de02b19b7d4f1f9712ed032ae3
Detection ratio: 5 / 68
Analysis date: 2018-07-10 07:56:01 UTC ( 10 months, 2 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9746 20180710
Bkav W32.eHeur.Malware14 20180706
Endgame malicious (moderate confidence) 20180612
SentinelOne (Static ML) static engine - malicious 20180701
Symantec ML.Attribute.HighConfidence 20180710
Ad-Aware 20180710
AegisLab 20180710
AhnLab-V3 20180709
ALYac 20180710
Antiy-AVL 20180710
Arcabit 20180710
Avast 20180710
Avast-Mobile 20180710
AVG 20180710
Avira (no cloud) 20180710
AVware 20180710
Babable 20180406
BitDefender 20180710
CAT-QuickHeal 20180710
ClamAV 20180710
CMC 20180710
Comodo 20180710
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180710
Cyren 20180710
DrWeb 20180710
eGambit 20180710
Emsisoft 20180710
ESET-NOD32 20180710
F-Prot 20180710
F-Secure 20180710
Fortinet 20180710
GData 20180710
Ikarus 20180709
Sophos ML 20180601
Jiangmin 20180710
K7AntiVirus 20180710
K7GW 20180710
Kaspersky 20180710
Kingsoft 20180710
Malwarebytes 20180710
MAX 20180710
McAfee 20180710
McAfee-GW-Edition 20180710
Microsoft 20180710
eScan 20180710
NANO-Antivirus 20180710
Palo Alto Networks (Known Signatures) 20180710
Panda 20180709
Qihoo-360 20180710
Rising 20180710
Sophos AV 20180710
SUPERAntiSpyware 20180710
TACHYON 20180710
Tencent 20180710
TheHacker 20180710
TotalDefense 20180710
TrendMicro 20180710
TrendMicro-HouseCall 20180710
Trustlook 20180710
VBA32 20180709
VIPRE 20180710
ViRobot 20180710
Webroot 20180710
Yandex 20180709
Zillya 20180709
ZoneAlarm by Check Point 20180710
Zoner 20180709
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2014 - . All rights reserved.

Product My
Original name My.exe
Internal name My
Description Intranet Reserves Fro
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-10 02:41:44
Entry Point 0x00073D10
Number of sections 3
PE sections
PE imports
RegEnumKeyA
capCreateCaptureWindowA
Ord(413)
GetOpenFileNameA
CertOpenStore
DnsRecordSetCopyEx
Escape
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
NetShareGetInfo
LresultFromObject
SafeArrayPutElement
EnumProcesses
Ord(189)
StrChrA
TcSetFlowW
ClosePrinter
inet_addr
GdipFree
CoInitialize
PdhCollectQueryData
CreateURLMoniker
Number of PE resources by type
RT_ICON 7
Struct(3000) 6
RT_STRING 5
TXT 5
RT_HTML 3
BIN 2
RT_MANIFEST 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 31
PE resources
ExifTool file metadata
CodeSize
204800

SubsystemVersion
5.0

Languages
English

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.3.5.6

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Intranet Reserves Fro

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
24576

EntryPoint
0x73d10

OriginalFileName
My.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2014 - . All rights reserved.

TimeStamp
2018:07:10 04:41:44+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
My

ProductVersion
9.3.5.6

UninitializedDataSize
266240

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SystemTools Software Inc.

LegalTrademarks
Copyright (c) 2014 - . All rights reserved.

ProductName
My

ProductVersionNumber
9.3.5.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 680c672202433085df8970944fa632a1
SHA1 7ba0d313c03e47e0917e9e601aba09688bda64e3
SHA256 9358caf963f23a096a63e92f1e059ee3cce069de02b19b7d4f1f9712ed032ae3
ssdeep
3072:h3Dv3lbj2HXBpu98qU11lT0jw+ldt3ra+pc0EfIwDeYYyE/08VomUyp9nCoP01dI:1fh2Rs98+jfBEg1sE/rVLp0O01dIT

authentihash 02cd2a50bfcc3a2b86954c9d74ddbee4b6ceefd6e92b84ebc45bb2c106241975
imphash 2bfdd2a7fd7ea53e54b2d197118887d7
File size 223.0 KB ( 228352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (28.0%)
UPX compressed Win32 Executable (27.5%)
Win32 EXE Yoda's Crypter (27.0%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-07-10 07:56:01 UTC ( 10 months, 2 weeks ago )
Last submission 2018-09-14 02:48:37 UTC ( 8 months, 1 week ago )
File names My.exe
1 (5)01.exe
My
47253d9de8dd4d68e733f94295187808.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.