× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 96be079d5185c0e28d3c4ff7526806099b8a32401ead07633626e0c2e1daad24
File name: 102ceec7532fc62022afbee010237159
Detection ratio: 16 / 68
Analysis date: 2017-12-15 23:05:51 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20171215
AVG Win32:Malware-gen 20171215
Avira (no cloud) TR/Dropper.VB.lbwxi 20171215
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9883 20171215
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.74050d 20171103
Cylance Unsafe 20171216
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Generik.BPOITUU 20171215
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Mansabo.alr 20171215
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.fc 20171215
Qihoo-360 HEUR/QVM03.0.DD81.Malware.Gen 20171216
SentinelOne (Static ML) static engine - malicious 20171207
Webroot W32.Adware.Gen 20171216
ZoneAlarm by Check Point Trojan.Win32.Mansabo.alr 20171216
Ad-Aware 20171215
AegisLab 20171215
AhnLab-V3 20171215
Alibaba 20171215
ALYac 20171215
Antiy-AVL 20171215
Arcabit 20171215
Avast-Mobile 20171215
AVware 20171215
BitDefender 20171215
Bkav 20171215
CAT-QuickHeal 20171215
ClamAV 20171215
CMC 20171215
Comodo 20171215
Cyren 20171215
DrWeb 20171215
eGambit 20171216
Emsisoft 20171215
F-Prot 20171215
F-Secure 20171215
Fortinet 20171215
GData 20171215
Ikarus 20171215
Jiangmin 20171215
K7AntiVirus 20171215
K7GW 20171214
Kingsoft 20171216
Malwarebytes 20171215
MAX 20171215
McAfee 20171215
Microsoft 20171215
eScan 20171215
NANO-Antivirus 20171215
nProtect 20171215
Palo Alto Networks (Known Signatures) 20171216
Panda 20171215
Rising 20171215
Sophos AV 20171215
SUPERAntiSpyware 20171215
Symantec 20171215
Symantec Mobile Insight 20171215
Tencent 20171216
TheHacker 20171210
TotalDefense 20171215
TrendMicro 20171215
TrendMicro-HouseCall 20171215
Trustlook 20171216
VBA32 20171215
VIPRE 20171215
ViRobot 20171215
WhiteArmor 20171204
Yandex 20171214
Zillya 20171214
Zoner 20171215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Ays Hotel 2.5

Product Expansive
Original name elly.exe
Internal name elly
File version 7.00
Description candid photos and videos
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-15 07:36:59
Entry Point 0x00001428
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
Ord(546)
_adj_fpatan
__vbaGenerateBoundsError
_allmul
Ord(516)
EVENT_SINK_Invoke
__vbaAryUnlock
_adj_fprem
Ord(661)
__vbaLenBstr
__vbaAryMove
__vbaObjVar
EVENT_SINK_AddRef
__vbaRedimPreserve
Zombie_GetTypeInfoCount
__vbaDateVar
EVENT_SINK_GetIDsOfNames
_adj_fdiv_m32i
Ord(608)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
__vbaRedim
DllFunctionCall
__vbaFPException
_CIexp
__vbaStrVarMove
__vbaLateMemCall
_adj_fdivr_m16i
__vbaUbound
_CIsin
__vbaR8Var
_adj_fdiv_r
Ord(100)
__vbaAryLock
Zombie_GetTypeInfo
__vbaUI1I2
_adj_fdivr_m64
__vbaFreeVar
__vbaFreeStr
__vbaObjSetAddref
Ord(547)
__vbaVarCopy
__vbaAryConstruct2
__vbaPowerR8
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
__vbaVarSub
_CIlog
Ord(614)
__vbaInStrVar
__vbaStrVarVal
_CIcos
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI2Var
_CItan
__vbaStrCopy
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaI2I4
__vbaNew2
Ord(644)
__vbaVarCat
_adj_fdivr_m32i
__vbaAryDestruct
Ord(541)
__vbaStrMove
Ord(540)
_adj_fprem1
_adj_fdivr_m32
__vbaVar2Vec
__vbaFpR8
__vbaFpI4
Ord(598)
__vbaFpI2
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
RT_VERSION 1
RGB6666581 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
GERMAN LUXEMBOURG 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
7.0

FileSubtype
0

FileVersionNumber
7.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
candid photos and videos

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
282624

EntryPoint
0x1428

OriginalFileName
elly.exe

MIMEType
application/octet-stream

LegalCopyright
Ays Hotel 2.5

FileVersion
7.0

TimeStamp
2017:12:15 08:36:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
elly

ProductVersion
7.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
candid photos and videos

CodeSize
65536

ProductName
Expansive

ProductVersionNumber
7.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 102ceec7532fc62022afbee010237159
SHA1 3181d7274050d40949c5f4f069939979a4b89630
SHA256 96be079d5185c0e28d3c4ff7526806099b8a32401ead07633626e0c2e1daad24
ssdeep
6144:gksj4I7ma1gkJWX6a/H6DfzF9kKYcjBXNTIOMtSkpfNNP3R:S4I7F/JPfzjkoIck9B

authentihash 70edd274cdafad5bb3ea20ba04bcdd718f8d8f606734c85c67462ef8e26b5f3c
imphash 19d73a2dcdf373ca0af7442c106d6d5d
File size 344.0 KB ( 352256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-15 23:05:51 UTC ( 1 year, 2 months ago )
Last submission 2018-05-13 17:42:29 UTC ( 9 months, 1 week ago )
File names elly
elly.exe
102ceec7532fc62022afbee010237159
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!