× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 976e890f3aaa8d3fd9aa23d2b1ef39f7ad2569278c0c0aa7424743a4000ae0f0
File name: nFCFow5EAJHygwvfz3.exe
Detection ratio: 11 / 68
Analysis date: 2017-11-28 20:13:20 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20171128
AVG FileRepMalware 20171128
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171127
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.210b2e 20171103
Cylance Unsafe 20171128
Endgame malicious (moderate confidence) 20171024
Sophos ML heuristic 20170914
Qihoo-360 HEUR/QVM20.1.7DE1.Malware.Gen 20171128
SentinelOne (Static ML) static engine - malicious 20171113
Webroot W32.Trojan.Emotet 20171128
Ad-Aware 20171128
AegisLab 20171128
AhnLab-V3 20171128
Alibaba 20171128
ALYac 20171128
Antiy-AVL 20171128
Arcabit 20171128
Avast-Mobile 20171128
Avira (no cloud) 20171128
AVware 20171128
BitDefender 20171128
Bkav 20171128
CAT-QuickHeal 20171128
ClamAV 20171128
CMC 20171126
Comodo 20171128
Cyren 20171128
DrWeb 20171128
eGambit 20171128
Emsisoft 20171128
ESET-NOD32 20171128
F-Prot 20171128
F-Secure 20171128
Fortinet 20171128
GData 20171128
Ikarus 20171128
Jiangmin 20171128
K7AntiVirus 20171128
K7GW 20171128
Kaspersky 20171128
Kingsoft 20171128
Malwarebytes 20171128
MAX 20171128
McAfee 20171128
McAfee-GW-Edition 20171128
Microsoft 20171128
eScan 20171128
NANO-Antivirus 20171128
nProtect 20171128
Palo Alto Networks (Known Signatures) 20171128
Panda 20171128
Rising 20171128
Sophos AV 20171128
SUPERAntiSpyware 20171128
Symantec 20171128
Symantec Mobile Insight 20171124
Tencent 20171128
TheHacker 20171126
TotalDefense 20171128
TrendMicro 20171128
TrendMicro-HouseCall 20171128
Trustlook 20171128
VBA32 20171128
VIPRE 20171128
ViRobot 20171128
WhiteArmor 20171104
Yandex 20171120
Zillya 20171128
ZoneAlarm by Check Point 20171128
Zoner 20171128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2009

Product Bariston Producter
Original name bar.exe
Internal name bar
File version 1, 0, 0, 0
Description bar
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-01-16 19:05:03
Entry Point 0x00001910
Number of sections 7
PE sections
PE imports
GetUserNameA
CryptEnumProviderTypesW
EnumEnhMetaFile
AddFontResourceExW
BitBlt
OpenMutexA
GetLastError
ConnectNamedPipe
BuildCommDCBAndTimeoutsA
lstrcmpA
GetCurrentProcessId
lstrlenA
lstrcatA
ExitProcess
GetTickCount
CloseHandle
ReadConsoleOutputW
Sleep
GetUserDefaultLangID
GetLocalTime
VerSetConditionMask
acmFormatTagEnumW
SysFreeString
VarI4FromUI1
SysAllocString
UrlEscapeW
wsprintfA
GetSystemMetrics
GetOpenClipboardWindow
CountClipboardFormats
PostThreadMessageW
SetClipboardData
AnyPopup
ReleaseCapture
GetFocus
GetWindowTextA
CharToOemA
ConfigurePortW
Number of PE resources by type
RT_DIALOG 15
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ITALIAN 18
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.11

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.0.0

LanguageCode
Italian

FileFlagsMask
0x003f

FileDescription
bar

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
110592

EntryPoint
0x1910

OriginalFileName
bar.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2009

FileVersion
1, 0, 0, 0

TimeStamp
1999:01:16 20:05:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
bar

ProductVersion
1, 0, 0, 0

SubsystemVersion
4.1

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bariston Prod.

CodeSize
0

ProductName
Bariston Producter

ProductVersionNumber
1.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 e54934ba434a57b0c202db5dd5e768c3
SHA1 5475709210b2e499e61fd8a04e4837ab10a6cac0
SHA256 976e890f3aaa8d3fd9aa23d2b1ef39f7ad2569278c0c0aa7424743a4000ae0f0
ssdeep
1536:rjP4CtcmMT8SpcnbZjoJ68+w6tE9pcbpWKV8LInFG5lFqcbiiKTwr2vGqz9bH:XvtczpcV8pg630pq0nckMMD

authentihash a338f50f4cef53b1f23a30edbdf3725f80911076371024487a03aaaa4c215cf9
imphash 8cfee0c16363fc89fa6f83bdc7216823
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-28 20:13:20 UTC ( 10 months, 3 weeks ago )
Last submission 2018-05-08 03:58:48 UTC ( 5 months, 2 weeks ago )
File names 1002-5475709210b2e499e61fd8a04e4837ab10a6cac0
nFCFow5EAJHygwvfz3.exe
bar
bar.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened mutexes
UDP communications