× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 93f02967df565cd39b90ada4d6893578dd36ca9d8de7d0644e2e3a8421908b10
File name: 93F02967DF565CD39B90ADA4D6893578DD36CA9D8DE7D0644E2E3A8421908B10
Detection ratio: 17 / 68
Analysis date: 2018-11-22 08:03:12 UTC ( 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.60075 20181122
AhnLab-V3 Win-Trojan/VBKrypt.RP05 20181122
ALYac Gen:Variant.Barys.60075 20181122
Arcabit Trojan.Barys.DEAAB 20181121
BitDefender Gen:Variant.Barys.60075 20181122
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181022
Cylance Unsafe 20181122
Emsisoft Gen:Variant.Barys.60075 (B) 20181122
Endgame malicious (high confidence) 20181108
F-Secure Gen:Variant.Barys.60075 20181122
GData Gen:Variant.Barys.60075 20181122
Sophos ML heuristic 20181108
MAX malware (ai score=94) 20181122
McAfee Packed-FOL!1613E9B20C43 20181122
Microsoft Trojan:Win32/Fuerboos.C!cl 20181122
eScan Gen:Variant.Barys.60075 20181122
Qihoo-360 HEUR/QVM03.0.5F30.Malware.Gen 20181122
AegisLab 20181122
Alibaba 20180921
Antiy-AVL 20181122
Avast 20181122
Avast-Mobile 20181122
AVG 20181122
Avira (no cloud) 20181121
Babable 20180918
Baidu 20181122
Bkav 20181121
CAT-QuickHeal 20181121
ClamAV 20181122
CMC 20181121
Comodo 20181122
Cybereason 20180225
Cyren 20181122
DrWeb 20181122
eGambit 20181122
ESET-NOD32 20181122
F-Prot 20181122
Fortinet 20181122
Ikarus 20181121
Jiangmin 20181122
K7AntiVirus 20181122
K7GW 20181122
Kaspersky 20181122
Kingsoft 20181122
Malwarebytes 20181122
McAfee-GW-Edition 20181122
NANO-Antivirus 20181122
Panda 20181121
Rising 20181122
SentinelOne (Static ML) 20181011
Sophos AV 20181122
SUPERAntiSpyware 20181121
Symantec 20181122
Symantec Mobile Insight 20181121
TACHYON 20181122
Tencent 20181122
TheHacker 20181118
TotalDefense 20181122
TrendMicro 20181122
TrendMicro-HouseCall 20181122
Trustlook 20181122
VBA32 20181122
VIPRE 20181121
ViRobot 20181122
Webroot 20181122
Yandex 20181122
Zillya 20181122
ZoneAlarm by Check Point 20181122
Zoner 20181122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Sulphohydrate
Original name CREOLIZING5.exe
Internal name CREOLIZING5
File version 1.07
Comments subcurrent
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 7:24 AM 2/15/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-03-30 09:59:28
Entry Point 0x00001478
Number of sections 3
PE sections
Overlays
MD5 e3dcd10cdc7233f2992f4434ea2e3fb7
File type data
Offset 950272
Size 6120
Entropy 7.50
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(523)
EVENT_SINK_Release
__vbaStrCmp
_allmul
Ord(616)
_adj_fdivr_m64
_adj_fprem
Ord(607)
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(650)
Ord(526)
__vbaStrToUnicode
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
__vbaLateMemCall
_adj_fdivr_m16i
Ord(618)
Ord(589)
Ord(517)
_CItan
__vbaFreeVar
__vbaLateMemCallLd
Ord(100)
__vbaObjSetAddref
_adj_fdiv_r
__vbaAryConstruct2
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaInStrVar
__vbaStrVarVal
_CIcos
Ord(595)
__vbaVarTstEq
_adj_fptan
__vbaVarSub
Ord(571)
__vbaVarDup
__vbaI4Var
__vbaVarMove
Ord(646)
__vbaErrorOverflow
_CIatan
Ord(608)
__vbaNew2
__vbaR8IntI4
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaVarCopy
__vbaFreeStrList
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
subcurrent

InitializedDataSize
376832

ImageVersion
1.7

FileSubtype
0

FileVersionNumber
1.7.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x1478

OriginalFileName
CREOLIZING5.exe

MIMEType
application/octet-stream

FileVersion
1.07

TimeStamp
2005:03:30 11:59:28+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
CREOLIZING5

ProductVersion
1.07

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
569344

ProductName
Sulphohydrate

ProductVersionNumber
1.7.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1613e9b20c439a6edc5030daa574f1b1
SHA1 97b8d4c61498a81604f062ceb3eed3c971f395be
SHA256 93f02967df565cd39b90ada4d6893578dd36ca9d8de7d0644e2e3a8421908b10
ssdeep
6144:3h07fy+hzIA5B2zY0yA87Zn2EXkfzY2ZWDAnutJRLltSpnSay04/tcnMHL2nL6k9:+q+uIKy57ZnkEwnm7ozBL

authentihash b8a1f15543c4c58783b4e265bf78d1dfda5a9923944d3a105445a0f352d6975a
imphash 36076bd38056d3046e071f66ca0d6c02
File size 934.0 KB ( 956392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-11-22 08:03:12 UTC ( 6 months ago )
Last submission 2018-11-28 08:22:26 UTC ( 6 months ago )
File names CREOLIZING5.exe
1613e9b20c439a6edc5030daa574f1b1
CREOLIZING5
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.