× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 993c03b02820be8d8128b85ad6423d06341deb964794d032bf867415888f3f67
File name: 34frgegrg.exe
Detection ratio: 4 / 53
Analysis date: 2016-02-03 10:04:42 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.Win32.Sality.fh 20160203
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160203
Rising PE:Malware.RDM.44!5.32 [F] 20160203
Symantec Suspicious.Cloud.7.F 20160201
Ad-Aware 20160202
AegisLab 20160202
Yandex 20160202
AhnLab-V3 20160202
Alibaba 20160202
ALYac 20160203
Antiy-AVL 20160203
Arcabit 20160202
Avast 20160202
AVG 20160203
Avira (no cloud) 20160202
Baidu-International 20160202
BitDefender 20160202
Bkav 20160202
ByteHero 20160203
CAT-QuickHeal 20160202
ClamAV 20160202
Comodo 20160202
Cyren 20160202
DrWeb 20160203
Emsisoft 20160202
ESET-NOD32 20160202
F-Prot 20160129
F-Secure 20160202
Fortinet 20160202
GData 20160202
Ikarus 20160203
Jiangmin 20160202
K7AntiVirus 20160202
K7GW 20160202
Kaspersky 20160202
Malwarebytes 20160203
McAfee 20160202
Microsoft 20160203
eScan 20160202
NANO-Antivirus 20160202
nProtect 20160201
Panda 20160201
Sophos AV 20160203
SUPERAntiSpyware 20160202
Tencent 20160203
TheHacker 20160130
TrendMicro 20160203
TrendMicro-HouseCall 20160203
VBA32 20160202
VIPRE 20160203
ViRobot 20160202
Zillya 20160202
Zoner 20160202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2006-2014

Product LogicalSell
Original name LogicalSell.exe
Description Adding Cautionary Quotation Spec Determine
Comments Adding Cautionary Quotation Spec Determine
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-03 09:50:28
Entry Point 0x00007B05
Number of sections 5
PE sections
PE imports
GetTokenInformation
SetSecurityDescriptorDacl
FreeSid
AccessCheck
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetEntriesInAclA
GetLengthSid
InitCommonControlsEx
ImageList_Destroy
ImageList_Draw
ImageList_Create
ImageList_DragMove
ImageList_DragLeave
ImageList_BeginDrag
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
GetObjectA
DeleteDC
CreateHalftonePalette
BitBlt
GetPaletteEntries
GetDIBits
SelectObject
CreateRectRgnIndirect
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
SetSystemTime
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
LocalFree
SetConsoleWindowInfo
TlsGetValue
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetConsoleScreenBufferSize
QueryPerformanceFrequency
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetUnhandledExceptionFilter
SetPriorityClass
TerminateProcess
WriteConsoleA
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
OpenProcess
GetProcAddress
GetProcessHeap
FindNextFileW
ExpandEnvironmentStringsA
GetConsoleWindow
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
OpenSemaphoreA
VirtualFree
Sleep
VirtualAlloc
DsReplicaGetInfoW
SysFreeString
SysAllocStringLen
GetModuleFileNameExA
GetProcessMemoryInfo
GetModuleBaseNameA
EnumProcessModules
RasGetErrorStringA
RasValidateEntryNameA
lineGetLineDevStatus
EnumDesktopsA
SetWindowRgn
BeginPaint
ReleaseCapture
DestroyMenu
PostQuitMessage
SetWindowPos
GetDesktopWindow
GetSystemMetrics
IsWindow
GetWindowRect
EndPaint
SetCapture
SetMenuItemInfoA
GetWindowDC
SetWindowLongA
GetDC
ReleaseDC
GetIconInfo
wsprintfA
SendMessageA
GetClientRect
RegisterClassA
GetWindowLongA
LoadCursorA
LoadIconA
GetMenuItemInfoA
GetSysColorBrush
LoadImageA
PtInRect
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoCreateActivity
CoInitializeEx
CoCreateInstance
CoUninitialize
PdhOpenLogA
PdhOpenQueryA
PdhCloseLog
PdhCloseQuery
Number of PE resources by type
RT_STRING 8
RT_ICON 6
RT_RCDATA 4
RT_BITMAP 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 24
PE resources
Debug information
ExifTool file metadata
CodeSize
175104

SubsystemVersion
5.0

Comments
Adding Cautionary Quotation Spec Determine

InitializedDataSize
138240

ImageVersion
0.0

ProductName
LogicalSell

FileVersionNumber
7.7.4.5

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

PrivateBuild
7.7.4.5

FileTypeExtension
exe

OriginalFileName
LogicalSell.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2016:02:03 10:50:28+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
7.7.4.5

FileDescription
Adding Cautionary Quotation Spec Determine

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
2006-2014

MachineType
Intel 386 or later, and compatibles

CompanyName
CACE Technologies, Inc.

LegalTrademarks
2006-2014

FileSubtype
0

ProductVersionNumber
7.7.4.5

EntryPoint
0x7b05

ObjectFileType
Executable application

File identification
MD5 f9ea75f082a66a23ea422d2f9412ee9a
SHA1 b35a5a50d34b04cc8599d50f38330f00784c842f
SHA256 993c03b02820be8d8128b85ad6423d06341deb964794d032bf867415888f3f67
ssdeep
6144:Jtzoyb82w53WsGK2YhtfSfVY5t4emDjnw:JFzbFw53NGK2GSNe4eN

authentihash 08def578a47837085a1b77afc8b7f3a81f570fc12b50158e8f9681b8ef830356
imphash 467a98e7c853ed981c187e5441038bff
File size 307.0 KB ( 314368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-03 09:58:14 UTC ( 3 years, 1 month ago )
Last submission 2018-04-30 18:57:38 UTC ( 10 months, 3 weeks ago )
File names 87078264
58c99fe20b348702b936ab9e
vmsk.exe
LogicalSell.exe
pon.exe
34frgegrg.exe
exe.exe
34frgegrg[1].exe
localfile~
output.87078264.txt
vmsk.exe
34frgegrg.exe
993c03b02820be8d8128b85ad6423d06341deb964794d032bf867415888f3f67.exe
34frgegrg[1].exe.2879491346.DROPPED
f9ea75f082a66a23ea422d2f9412ee9a
vmsk.exe
vmsk.exe.142500.DROPPED
34frgegrg_exe
34frgegrg.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened service managers
Opened services
Runtime DLLs
UDP communications