× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 95e51b5d947069131dade59274935045a6377a30e3839d96ab05f2f8c7cc4c4c
File name: 95E51B5D947069131DADE59274935045A6377A30E3839D96AB05F2F8C7CC4C4C
Detection ratio: 10 / 70
Analysis date: 2018-12-01 17:40:26 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181022
Cylance Unsafe 20181201
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CSSC 20181201
Sophos ML heuristic 20181128
Kaspersky Trojan-Spy.Win32.Noon.xhd 20181201
Palo Alto Networks (Known Signatures) generic.ml 20181201
Qihoo-360 HEUR/QVM03.0.9422.Malware.Gen 20181201
Trapmine malicious.moderate.ml.score 20181128
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.xhd 20181201
Ad-Aware 20181201
AegisLab 20181201
AhnLab-V3 20181201
Alibaba 20180921
ALYac 20181201
Antiy-AVL 20181201
Arcabit 20181201
Avast 20181201
Avast-Mobile 20181201
AVG 20181201
Avira (no cloud) 20181201
Babable 20180918
Baidu 20181130
BitDefender 20181201
Bkav 20181129
CAT-QuickHeal 20181201
ClamAV 20181201
CMC 20181201
Comodo 20181201
Cybereason 20180225
Cyren 20181201
DrWeb 20181201
eGambit 20181201
Emsisoft 20181201
F-Prot 20181201
F-Secure 20181201
Fortinet 20181201
GData 20181201
Ikarus 20181201
Jiangmin 20181201
K7AntiVirus 20181201
K7GW 20181201
Kingsoft 20181201
Malwarebytes 20181201
MAX 20181201
McAfee 20181201
McAfee-GW-Edition 20181201
Microsoft 20181201
eScan 20181201
NANO-Antivirus 20181201
Panda 20181201
Rising 20181201
SentinelOne (Static ML) 20181011
Sophos AV 20181201
SUPERAntiSpyware 20181128
Symantec 20181201
Symantec Mobile Insight 20181121
TACHYON 20181201
Tencent 20181201
TheHacker 20181129
TotalDefense 20181201
TrendMicro 20181201
TrendMicro-HouseCall 20181201
Trustlook 20181201
VBA32 20181130
VIPRE 20181201
ViRobot 20181201
Webroot 20181201
Yandex 20181130
Zillya 20181130
Zoner 20181201
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Emelda6

Product nonspecific2
Original name Hoosegows.exe
Internal name Hoosegows
File version 4.04.0004
Description ribbonfishes0
Comments reengraving10
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 10:42 PM 3/12/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-11-09 21:12:43
Entry Point 0x0000143C
Number of sections 3
PE sections
Overlays
MD5 387ea32504141f01cb1fee2f9d7c7087
File type data
Offset 970752
Size 4072
Entropy 7.61
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(645)
_CIcos
__vbaEnd
EVENT_SINK_QueryInterface
Ord(521)
_allmul
Ord(516)
_adj_fdivr_m64
_adj_fprem
Ord(607)
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrToUnicode
Ord(617)
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
EVENT_SINK_Release
Ord(618)
_adj_fdiv_r
Ord(100)
__vbaUI1I2
__vbaFreeVar
__vbaCastObjVar
__vbaLateMemCallLd
__vbaObjSetAddref
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaInStrVarB
__vbaVarTstEq
_adj_fptan
__vbaVarSub
__vbaVarDup
__vbaObjSet
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
Ord(608)
__vbaNew2
_adj_fdivr_m32i
_CItan
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaVarCopy
__vbaFpR8
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
589824

SubsystemVersion
4.0

Comments
reengraving10

LinkerVersion
6.0

ImageVersion
4.4

FileSubtype
0

FileVersionNumber
4.4.0.4

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
ribbonfishes0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
376832

EntryPoint
0x143c

OriginalFileName
Hoosegows.exe

MIMEType
application/octet-stream

LegalCopyright
Emelda6

FileVersion
4.04.0004

TimeStamp
2006:11:09 22:12:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Hoosegows

ProductVersion
4.04.0004

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
usherless

LegalTrademarks
Fullsphered7

ProductName
nonspecific2

ProductVersionNumber
4.4.0.4

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c491afb76481048162a84486c22abf65
SHA1 b3f51a2a37923b36629993d0ddb5e64ca0ddcfac
SHA256 95e51b5d947069131dade59274935045a6377a30e3839d96ab05f2f8c7cc4c4c
ssdeep
24576:LRx0EmskhLtBKHXQ+VMqCykkPzhxeKy9BKYhMkr+:dxns1E

authentihash 5be7e870c529dcde667d806c832bc7f54bf59a79eba622e51bf04555116dbbca
imphash 152a658251b79fd5dbaee5ca1665955d
File size 952.0 KB ( 974824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-01 17:40:13 UTC ( 5 months, 3 weeks ago )
Last submission 2018-12-21 19:28:06 UTC ( 5 months ago )
File names Hoosegows
emma001.exe
Hoosegows.exe
c491afb76481048162a84486c22abf65
c491afb76481048162a84486c22abf65
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.