× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 95a895275d30e67c18a0d7c03eb8f72cd851bae9623cfc76480f4a901b558717
File name: .
Detection ratio: 27 / 68
Analysis date: 2019-03-06 18:48:20 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
AhnLab-V3 Malware/Win32.Generic.C2824826 20190306
Antiy-AVL Trojan/Win32.Yakes 20190306
Avast Win32:Malware-gen 20190306
AVG Win32:Malware-gen 20190306
CrowdStrike Falcon (ML) win/malicious_confidence_60% (D) 20190212
Cybereason malicious.2a59ee 20190109
DrWeb Trojan.IcedID.13 20190306
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/GenKryptik.COVD 20190306
Fortinet W32/Kryptik.4BCD!tr 20190306
Sophos ML heuristic 20181128
Jiangmin Trojan.Yakes.ablh 20190306
Kaspersky HEUR:Trojan.Win32.Generic 20190306
Malwarebytes Trojan.Crypt 20190306
McAfee GenericR-ORR!021E33C57B54 20190306
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fh 20190306
NANO-Antivirus Trojan.Win32.Yakes.fjqluh 20190306
Panda Trj/GdSda.A 20190306
Rising Trojan.GenKryptik!8.AA55 (TFE:dGZlOgUjV40Xxar0cA) 20190306
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190306
Trapmine suspicious.low.ml.score 20190301
VBA32 Trojan.Yakes 20190306
Webroot W32.Trojan.Gen 20190306
Yandex Trojan.Yakes!nuqV4+KMf+Q 20190306
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190306
Ad-Aware 20190306
AegisLab 20190306
Alibaba 20190306
ALYac 20190306
Arcabit 20190306
Avast-Mobile 20190306
Avira (no cloud) 20190306
Babable 20180918
Baidu 20190306
BitDefender 20190306
Bkav 20190306
CAT-QuickHeal 20190306
ClamAV 20190306
CMC 20190306
Comodo 20190306
Cyren 20190306
eGambit 20190306
Emsisoft 20190306
F-Prot 20190306
F-Secure 20190306
GData 20190306
Ikarus 20190306
K7AntiVirus 20190306
K7GW 20190306
Kingsoft 20190306
MAX 20190306
Microsoft 20190306
eScan 20190306
Palo Alto Networks (Known Signatures) 20190306
Qihoo-360 20190306
Sophos AV 20190306
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TACHYON 20190306
Tencent 20190306
TheHacker 20190304
TotalDefense 20190306
TrendMicro-HouseCall 20190306
Trustlook 20190306
VIPRE 20190304
ViRobot 20190306
Zoner 20190306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-23 09:54:51
Entry Point 0x00001A84
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
OpenServiceW
ControlService
LookupPrivilegeValueW
RegDeleteKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
QueryServiceStatus
RegOpenKeyExW
SystemFunction036
CreateServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenThreadToken
SetEntriesInAclW
FreeSid
OpenSCManagerW
AllocateAndInitializeSid
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
DeleteDC
CreateDCW
CreatePen
DPtoLP
GetObjectW
BitBlt
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
HeapReAlloc
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
GetLocalTime
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetWindowsDirectoryW
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
HeapWalk
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
TlsFree
FindNextFileW
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
FindFirstFileExW
DecodePointer
GetModuleHandleW
FreeLibrary
GetFileType
TerminateProcess
GetModuleHandleExW
IsValidCodePage
CreateFileW
FindClose
TlsGetValue
Sleep
SetLastError
TlsSetValue
ExitProcess
GetCurrentThreadId
WriteConsoleW
LeaveCriticalSection
GetAsyncKeyState
GetForegroundWindow
GetClassNameW
CreateDialogIndirectParamW
UpdateWindow
DialogBoxIndirectParamW
GetWindowRect
GetWindowTextW
FindWindowW
GetSysColorBrush
GetClientRect
EnumChildWindows
CreatePopupMenu
GetMessagePos
DispatchMessageW
GetDC
DocumentPropertiesW
OpenPrinterW
ClosePrinter
EnumPrintersW
GetPrinterW
OleUninitialize
OleCreate
OleInitialize
Number of PE resources by type
RT_DIALOG 11
RT_ICON 9
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 23
PE resources
Debug information
ExifTool file metadata
CodeSize
117760

UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
0.0

FileVersionNumber
14.5.53.40

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Emerald Data Solutions Hole

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unknown (04E0)

InitializedDataSize
355840

EntryPoint
0x1a84

OriginalFileName
trueflow.exe

MIMEType
application/octet-stream

TimeStamp
2017:10:23 09:54:51+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
Emerald Data Solutions Hole

ProductVersion
14.5.53.40

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Give_law

LegalTrademarks
Fair watch Viewdoctor interest life

FileSubtype
0

ProductVersionNumber
14.5.53.40

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 021e33c57b54a42c79ca2bc55dbb6ea4
SHA1 07c36392a59ee10806b9faa4ca099332cb9520b3
SHA256 95a895275d30e67c18a0d7c03eb8f72cd851bae9623cfc76480f4a901b558717
ssdeep
6144:dWoAzn78bQdM6uVaPI+9YRwP1BARrcAkAE96xcF9lPsEF3NK2:jk8cdM6uMWRq8reAaD9lZ5o

authentihash 8dc9455a4ca2e8df21cf8b2dd31025e1beef56c87de62fc3e62bd78c153af40e
imphash 85d473773ec5a1ca0d91513d044719ff
File size 394.5 KB ( 403968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-06 18:48:20 UTC ( 2 months, 2 weeks ago )
Last submission 2019-03-06 18:48:20 UTC ( 2 months, 2 weeks ago )
File names .
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!