× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9838c5ef03c75b07f8b9c143f40fa7b2e96078c6c6664d1acc3defb18a1a3603
File name: 9838c5ef03c75b07f8b9c143f40fa7b2e96078c6c6664d1acc3defb18a1a3603
Detection ratio: 45 / 70
Analysis date: 2018-12-14 07:31:03 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.60075 20181214
AhnLab-V3 Win-Trojan/VBKrypt.RP05 20181213
ALYac Gen:Variant.Barys.60075 20181214
Antiy-AVL Trojan/Win32.AGeneric 20181214
Arcabit Trojan.Barys.DEAAB 20181214
Avast Win32:Trojan-gen 20181214
AVG Win32:Trojan-gen 20181214
Avira (no cloud) TR/Crypt.ZPACK.jlp 20181214
BitDefender Gen:Variant.Barys.60075 20181214
CAT-QuickHeal Trojan.Fuerboos 20181213
Comodo Malware@#20yhu9627empg 20181214
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181022
Cylance Unsafe 20181214
Cyren W32/Trojan.PDUS-0238 20181214
Emsisoft Gen:Variant.Barys.60075 (B) 20181214
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.ECDQ 20181214
F-Secure Gen:Variant.Barys.60075 20181214
Fortinet W32/Generic.ECDQ!tr 20181214
GData Gen:Variant.Barys.60075 20181214
Ikarus Trojan.Crypt.Malcert 20181214
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0054308b1 ) 20181213
K7GW Trojan ( 0054308b1 ) 20181213
Kaspersky HEUR:Trojan.Win32.Generic 20181213
MAX malware (ai score=87) 20181214
McAfee Fareit-FNA!80F094432798 20181214
McAfee-GW-Edition Fareit-FNA!80F094432798 20181214
Microsoft VirTool:Win32/VBInject 20181214
eScan Gen:Variant.Barys.60075 20181214
NANO-Antivirus Trojan.Win32.Barys.fkwnnj 20181214
Palo Alto Networks (Known Signatures) generic.ml 20181214
Panda Trj/GdSda.A 20181213
Qihoo-360 Win32/Trojan.c6d 20181214
Rising Trojan.Injector!1.B459 (CLOUD) 20181214
Sophos AV Mal/FareitVB-N 20181214
Symantec Downloader.Ponik 20181214
Tencent Win32.Trojan.Falsesign.Ebgq 20181214
Trapmine malicious.moderate.ml.score 20181205
TrendMicro Trojan.Win32.MALREP.THABOGAH 20181214
TrendMicro-HouseCall Trojan.Win32.MALREP.THABOGAH 20181214
VBA32 BScope.Trojan.Fuerboos 20181213
VIPRE Trojan.Win32.Generic!BT 20181213
ViRobot Trojan.Win32.Z.Barys.745192 20181214
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181214
AegisLab 20181213
Alibaba 20180921
Avast-Mobile 20181213
Babable 20180918
Baidu 20181207
Bkav 20181213
ClamAV 20181214
CMC 20181213
Cybereason 20180225
DrWeb 20181214
eGambit 20181214
F-Prot 20181214
Jiangmin 20181214
Kingsoft 20181214
Malwarebytes 20181214
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181212
TACHYON 20181214
TheHacker 20181213
TotalDefense 20181213
Trustlook 20181214
Webroot 20181214
Yandex 20181213
Zillya 20181213
Zoner 20181214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product teotitla
Original name Ichthyism5.exe
Internal name Ichthyism5
File version 6.08.0009
Description ANEMOGRAM8
Comments VALDINE
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 8:10 AM 2/15/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-12-19 05:20:50
Entry Point 0x0000189C
Number of sections 3
PE sections
Overlays
MD5 98a3af9386a810e6442864efb64350fb
File type data
Offset 741376
Size 3816
Entropy 7.64
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaEnd
__vbaStrCmp
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(525)
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(650)
Ord(526)
__vbaStrToUnicode
EVENT_SINK_QueryInterface
__vbaStrCopy
Ord(673)
__vbaSetSystemError
__vbaFreeVarList
_adj_fdivr_m32
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaStrMove
__vbaVarAdd
Ord(618)
_adj_fdiv_r
Ord(517)
__vbaFreeVar
__vbaVarTstNe
Ord(100)
__vbaObjSetAddref
_CItan
_adj_fdiv_m64
Ord(574)
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
Ord(660)
_CIcos
Ord(616)
__vbaVarTstEq
_adj_fptan
__vbaVarDup
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaOnError
_adj_fdivr_m32i
__vbaRedim
_CIexp
__vbaStrI2
__vbaStrToAnsi
_adj_fprem1
__vbaFpR4
__vbaStrCat
__vbaFreeStrList
__vbaFreeStr
_adj_fdiv_m16i
__vbaExceptHandler
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
VALDINE

LinkerVersion
6.0

ImageVersion
6.8

FileSubtype
0

FileVersionNumber
6.8.0.9

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
ANEMOGRAM8

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
110592

EntryPoint
0x189c

OriginalFileName
Ichthyism5.exe

MIMEType
application/octet-stream

FileVersion
6.08.0009

TimeStamp
2005:12:19 06:20:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Ichthyism5

ProductVersion
6.08.0009

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
INDEFINITELY3

CodeSize
626688

ProductName
teotitla

ProductVersionNumber
6.8.0.9

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 80f094432798b35bac277921e4a3ac2b
SHA1 c5a0f44a5489b0020bca931142511e8922117bcf
SHA256 9838c5ef03c75b07f8b9c143f40fa7b2e96078c6c6664d1acc3defb18a1a3603
ssdeep
12288:t15qopoHqXbKU/wmqPswbrU4F69wlHg/GJgzcwx:v5qcoKXbKU/Nqzg4F69wVgwg4wx

authentihash a6b0ed7740407ef7bb7043c59d493aa49d8cc519d62d67500b71a149ee4cdeef
imphash 461a8c3407cfe8ed1bcb2c8be466e9b3
File size 727.7 KB ( 745192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-06 11:20:58 UTC ( 3 months, 2 weeks ago )
Last submission 2018-12-22 00:48:44 UTC ( 3 months ago )
File names 80f094432798b35bac277921e4a3ac2b
nw.exe
taskmgr.exe
Ichthyism5
Ichthyism5.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.