× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 94843203eff53af9e00854e220f2bf22c0f6b961ea9e98b417d677d3ca82525d
File name: gIxsWaWu.exe
Detection ratio: 5 / 65
Analysis date: 2018-09-04 15:44:32 UTC ( 8 months, 3 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9983 20180904
Bkav W32.eHeur.Malware08 20180831
Endgame malicious (high confidence) 20180730
Qihoo-360 Win32/Trojan.3fe 20180904
Webroot W32.Adware.Gen 20180904
Ad-Aware 20180904
AegisLab 20180904
AhnLab-V3 20180904
Alibaba 20180713
ALYac 20180904
Antiy-AVL 20180904
Arcabit 20180904
Avast 20180904
Avast-Mobile 20180904
AVG 20180904
Avira (no cloud) 20180904
AVware 20180823
Babable 20180902
BitDefender 20180904
CAT-QuickHeal 20180902
ClamAV 20180904
CMC 20180904
Comodo 20180904
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180904
Cyren 20180904
DrWeb 20180904
eGambit 20180904
Emsisoft 20180904
ESET-NOD32 20180904
F-Prot 20180904
F-Secure 20180904
Fortinet 20180904
GData 20180904
Sophos ML 20180717
Jiangmin 20180904
K7AntiVirus 20180904
K7GW 20180904
Kingsoft 20180904
Malwarebytes 20180904
MAX 20180904
McAfee 20180904
McAfee-GW-Edition 20180904
Microsoft 20180904
eScan 20180904
NANO-Antivirus 20180904
Palo Alto Networks (Known Signatures) 20180904
Panda 20180904
Rising 20180904
SentinelOne (Static ML) 20180830
Sophos AV 20180904
SUPERAntiSpyware 20180903
Symantec 20180904
Symantec Mobile Insight 20180831
TACHYON 20180904
Tencent 20180904
TheHacker 20180904
TrendMicro 20180904
TrendMicro-HouseCall 20180904
Trustlook 20180904
VBA32 20180904
VIPRE 20180904
ViRobot 20180904
Yandex 20180903
Zillya 20180903
ZoneAlarm by Check Point 20180904
Zoner 20180903
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2008 Verizon Communications Money . All rights reserved

Original name earthbuy.exe
Internal name Sixsand
File version 0, 0, 9418, 5663
Description Sixsand
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-08-30 09:30:37
Entry Point 0x00008DFF
Number of sections 5
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FormatMessageW
InitializeCriticalSection
InterlockedDecrement
GetEnvironmentVariableW
SetLastError
GetSystemTime
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
ReadFile
TerminateProcess
WriteConsoleA
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
OpenProcess
GetDateFormatW
GetStartupInfoW
GetProcAddress
GetProcessHeap
GetModuleFileNameW
IsValidLocale
GetUserDefaultLCID
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
SetSystemPowerState
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
VirtualAlloc
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoRegisterSurrogate
CoRegisterClassObject
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 7
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.0.9418.5663

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Sixsand

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
528384

EntryPoint
0x8dff

OriginalFileName
earthbuy.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2008 Verizon Communications Money . All rights reserved

FileVersion
0, 0, 9418, 5663

TimeStamp
2007:08:30 11:30:37+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sixsand

ProductVersion
0, 0, 9418, 5663

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Verizon Communications Money

CodeSize
94208

FileSubtype
0

ProductVersionNumber
0.0.9418.5663

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 991b8851e9e8419e23dc1a4847c984a9
SHA1 33e93cdfb049e505e477cfdbcb8d8fcd30f05fd5
SHA256 94843203eff53af9e00854e220f2bf22c0f6b961ea9e98b417d677d3ca82525d
ssdeep
6144:c8WE+GKsifbyLswZZ1Cni1Ox4AfVzdqsUe2UBCnrEs:c8WED8eLswyi1I4iVk/UBb

authentihash 26e6b22a3b7a40943a1df5c29225f0a1dd7918538ce0af556e80df16a59d99b4
imphash 6a8747d6f1895392b9d544d2357188f5
File size 376.0 KB ( 385024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-04 12:37:12 UTC ( 8 months, 3 weeks ago )
Last submission 2018-11-08 18:01:02 UTC ( 6 months, 2 weeks ago )
File names earthbuy.exe
Sixsand
991b8851e9e8419e23dc1a4847c984a9.ready
block.php2
gIxsWaWu.exe
bitf8ff.tmp
991b8851e9e8419e23dc1a4847c984a9
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Runtime DLLs