× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 99d639df944351a1c77279ca0da31d80ce9e9d5a3bde1850a1ffca10dcc0f6c9
File name: kxuepssx.exe
Detection ratio: 10 / 61
Analysis date: 2017-03-23 08:13:11 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Dropper.Gen 20170323
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170323
ESET-NOD32 a variant of Win32/GenKryptik.YXL 20170323
Fortinet W32/Injector.DMWW!tr 20170323
Sophos ML backdoor.win32.tofsee.f 20170203
McAfee Packed-KK!24FD88761446 20170323
Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20170323
SentinelOne (Static ML) static engine - malicious 20170315
TrendMicro Mal_BigTof 20170323
TrendMicro-HouseCall Mal_BigTof 20170323
Ad-Aware 20170323
AegisLab 20170323
AhnLab-V3 20170323
Alibaba 20170323
ALYac 20170323
Antiy-AVL 20170323
Arcabit 20170323
Avast 20170323
AVG 20170323
AVware 20170323
BitDefender 20170323
Bkav 20170322
CAT-QuickHeal 20170322
ClamAV 20170323
CMC 20170317
Comodo 20170322
CrowdStrike Falcon (ML) 20170130
Cyren 20170323
DrWeb 20170323
Emsisoft 20170323
Endgame 20170317
F-Prot 20170323
F-Secure 20170323
GData 20170323
Ikarus 20170322
Jiangmin 20170323
K7AntiVirus 20170323
K7GW 20170323
Kaspersky 20170323
Kingsoft 20170323
Malwarebytes 20170323
McAfee-GW-Edition 20170323
Microsoft 20170323
eScan 20170323
NANO-Antivirus 20170323
nProtect 20170323
Palo Alto Networks (Known Signatures) 20170323
Panda 20170322
Rising 20170323
Sophos AV 20170323
SUPERAntiSpyware 20170323
Symantec 20170322
Symantec Mobile Insight 20170322
Tencent 20170323
TheHacker 20170321
Trustlook 20170323
VBA32 20170322
VIPRE 20170323
ViRobot 20170323
Webroot 20170323
WhiteArmor 20170315
Yandex 20170321
Zillya 20170322
ZoneAlarm by Check Point 20170323
Zoner 20170323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
WARPOLAN

Product Arrrgg1
Original name Carciofo.exe
Internal name Carciofo
File version 6.06.0005
Comments CtarApp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-22 18:39:36
Entry Point 0x000014EC
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
_CIcos
_allmul
Ord(527)
_adj_fprem
Ord(574)
Ord(693)
Ord(651)
_adj_fdiv_r
__vbaError
__vbaObjSetAddref
Ord(547)
_adj_fdiv_m64
__vbaHresultCheckObj
_CIlog
Ord(694)
_adj_fptan
Ord(581)
__vbaI4Var
Ord(661)
__vbaFreeStr
__vbaLateIdCallLd
Ord(588)
__vbaR8FixI4
Ord(609)
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
__vbaInStrB
Ord(695)
Ord(525)
Ord(594)
__vbaFpCDblR8
__vbaInStr
_adj_fdiv_m32i
__vbaR8Sgn
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
Ord(671)
Ord(589)
__vbaFreeVar
Ord(571)
_CIsin
Ord(606)
EVENT_SINK_Release
Ord(677)
Ord(610)
_adj_fdivr_m32i
Ord(541)
__vbaVarDup
__vbaChkstk
Ord(697)
Ord(584)
Ord(674)
Ord(583)
Ord(538)
__vbaFreeVarList
__vbaStrVarMove
Ord(542)
Ord(516)
__vbaFreeObj
_adj_fdivr_m32
Ord(585)
Ord(517)
Ord(713)
__vbaDateVar
Ord(628)
__vbaVarMove
Ord(646)
__vbaNew2
__vbaR8IntI4
__vbaStrComp
__vbaStrMove
_adj_fprem1
Ord(698)
Ord(563)
_adj_fdiv_m32
__vbaEnd
Ord(521)
Ord(586)
EVENT_SINK_AddRef
_adj_fpatan
Ord(663)
Ord(712)
Ord(591)
Ord(632)
__vbaFPException
_adj_fdivr_m16i
Ord(100)
Ord(544)
Ord(519)
__vbaUI1I2
_CIsqrt
Ord(614)
Ord(593)
__vbaStrCopy
_CIatan
Ord(587)
__vbaR8Var
Ord(613)
Ord(672)
Ord(660)
_CIexp
_CItan
__vbaFpI4
Ord(598)
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Tola Eetworks Etd.

SubsystemVersion
4.0

Comments
CtarApp

InitializedDataSize
12288

ImageVersion
6.6

FileSubtype
0

FileVersionNumber
6.6.0.5

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x14ec

OriginalFileName
Carciofo.exe

MIMEType
application/octet-stream

LegalCopyright
WARPOLAN

FileVersion
6.06.0005

TimeStamp
2017:03:22 19:39:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Carciofo

ProductVersion
6.06.0005

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Wrend Bicro Znc.

CodeSize
249856

ProductName
Arrrgg1

ProductVersionNumber
6.6.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 24fd88761446794b7784a7008630e7a8
SHA1 a2c12a364fc05fe8c6c325b46cbf406906369772
SHA256 99d639df944351a1c77279ca0da31d80ce9e9d5a3bde1850a1ffca10dcc0f6c9
ssdeep
12288:IHWQnFNkHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHn:mWA

authentihash 60304635ffacdfb8cf25a4c121d9190316edf7fad4905a3e1dd0964146178801
imphash 5ef6c4c344834c6cc93b4d18e469ee1a
File size 44.7 MB ( 46911488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-03-23 08:13:11 UTC ( 1 year, 10 months ago )
Last submission 2017-03-23 08:13:11 UTC ( 1 year, 10 months ago )
File names Carciofo.exe
Carciofo
kxuepssx.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!