× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9baecf3759025c17c72a4c4a72100dc0adef3c6d38f4fa91b3021c43f756d7f7
File name: viviKjddnnsa.exe
Detection ratio: 14 / 67
Analysis date: 2018-04-17 13:29:17 UTC ( 1 year ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180417
Endgame malicious (high confidence) 20180403
Fortinet W32/Injector.DWNR!tr 20180417
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180417
McAfee Artemis!29D7BF27EF9E 20180417
McAfee-GW-Edition BehavesLike.Win32.Vawtrak.dh 20180417
Palo Alto Networks (Known Signatures) generic.ml 20180417
Qihoo-360 HEUR/QVM10.1.8FEB.Malware.Gen 20180417
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Lethic-L 20180417
Symantec ML.Attribute.HighConfidence 20180417
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180417
Ad-Aware 20180417
AegisLab 20180417
AhnLab-V3 20180417
Alibaba 20180417
ALYac 20180417
Antiy-AVL 20180417
Arcabit 20180417
Avast 20180417
Avast-Mobile 20180417
AVG 20180417
Avira (no cloud) 20180417
AVware 20180417
Baidu 20180417
BitDefender 20180417
Bkav 20180410
CAT-QuickHeal 20180417
ClamAV 20180417
CMC 20180417
Comodo 20180417
Cybereason 20180225
Cyren 20180417
DrWeb 20180417
eGambit 20180417
Emsisoft 20180417
ESET-NOD32 20180417
F-Prot 20180417
F-Secure 20180417
GData 20180417
Ikarus 20180417
Jiangmin 20180417
K7AntiVirus 20180417
K7GW 20180417
Kingsoft 20180417
Malwarebytes 20180417
MAX 20180417
Microsoft 20180417
eScan 20180417
NANO-Antivirus 20180417
nProtect 20180417
Panda 20180417
Rising 20180417
SUPERAntiSpyware 20180417
Symantec Mobile Insight 20180412
Tencent 20180417
TheHacker 20180415
TrendMicro 20180417
TrendMicro-HouseCall 20180417
Trustlook 20180417
VBA32 20180414
VIPRE 20180417
ViRobot 20180417
Webroot 20180417
WhiteArmor 20180408
Yandex 20180417
Zillya 20180417
Zoner 20180416
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Product Optimizer
File version 1.0.0.54
Comments
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-17 09:56:23
Entry Point 0x000097CA
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
EncodePointer
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
GetModuleHandleW
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetConsoleMode
DecodePointer
WaitForSingleObject
GetCommandLineW
CreateThread
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
InterlockedIncrement
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
GetStartupInfoW
SetStdHandle
InterlockedDecrement
GetCPInfo
GetModuleFileNameW
ExitProcess
SetFilePointer
GetSystemTimeAsFileTime
HeapSetInformation
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
ResetEvent
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
WaitForMultipleObjects
SetEvent
TerminateProcess
CreateProcessA
WideCharToMultiByte
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
IsDebuggerPresent
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GetCurrentProcessId
WriteConsoleW
CloseHandle
GetWindowLongA
SetTimer
MessageBoxW
LoadStringA
SetWindowTextA
EndDialog
PostMessageA
SetWindowTextW
DialogBoxParamW
CharUpperW
SendMessageA
LoadStringW
KillTimer
GetDlgItem
SetWindowLongA
DialogBoxParamA
ShowWindow
CharUpperA
DestroyWindow
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_BITMAP 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
CHINESE MACAU 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
323072

ImageVersion
0.0

ProductName
Optimizer

FileVersionNumber
1.0.0.54

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
66.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
1.0.0.54

TimeStamp
2018:04:17 10:56:23+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.54

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
58880

FileSubtype
0

ProductVersionNumber
1.0.0.54

EntryPoint
0x97ca

ObjectFileType
Executable application

File identification
MD5 29d7bf27ef9e2e09c4edd387fb21f78b
SHA1 fc96f3f58f13b1e72dc2519d9cd6cfef11ffbbfe
SHA256 9baecf3759025c17c72a4c4a72100dc0adef3c6d38f4fa91b3021c43f756d7f7
ssdeep
6144:LSYQztYPhtzYchqjKrMQb5JwmmMroke0Zz4DD:mxztYPhichqeR9Jwmwke0Z

authentihash 07a4bbb1fcc6e22fedeae46731056d3a3010ea6222ef388bf851a0d1c54bb307
imphash a3f8ff89fe1020af3726d540b4f8a367
File size 278.5 KB ( 285184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-17 13:29:17 UTC ( 1 year ago )
Last submission 2018-05-24 14:21:04 UTC ( 11 months ago )
File names viviKjddnnsa.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.