× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9cc5900b35f5769a723a69cb34ef8a781fbeec7e6a232e83a9d8868ea097447e
File name: .
Detection ratio: 28 / 70
Analysis date: 2019-01-20 18:04:07 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.DNVH 20190120
AhnLab-V3 Trojan/Win32.Emotet.C2926648 20190120
ALYac Trojan.Agent.DNVH 20190120
Antiy-AVL Trojan[Banker]/Win32.IcedID 20190120
Arcabit Trojan.Agent.DNVH 20190120
Avast Win32:Trojan-gen 20190120
AVG Win32:Trojan-gen 20190120
BitDefender Trojan.Agent.DNVH 20190120
Cylance Unsafe 20190120
DrWeb Trojan.Inject3.12194 20190120
Emsisoft Trojan.Agent.DNVH (B) 20190120
ESET-NOD32 a variant of Win32/Kryptik.GORQ 20190120
F-Secure Trojan.Agent.DNVH 20190120
Fortinet W32/Generic.AP.2605AC!tr 20190120
GData Trojan.Agent.DNVH 20190120
Ikarus Trojan-Banker.IcedID 20190120
Malwarebytes Trojan.Banker 20190120
MAX malware (ai score=85) 20190120
McAfee GenericRXGU-VN!0D8FDD17CF16 20190120
McAfee-GW-Edition GenericRXGU-VN!0D8FDD17CF16 20190120
Microsoft Trojan:Win32/Emotet.SK 20190120
eScan Trojan.Agent.DNVH 20190120
NANO-Antivirus Trojan.Win32.Inject3.fmdpjt 20190120
Panda Trj/GdSda.A 20190120
Qihoo-360 HEUR/QVM10.1.AD89.Malware.Gen 20190120
Rising Trojan.GenKryptik!8.AA55 (TFE:dGZlOgXL9cbSW/OiLA) 20190120
Symantec ML.Attribute.HighConfidence 20190119
Webroot W32.Trojan.Gen 20190120
Acronis 20190119
AegisLab 20190120
Alibaba 20180921
Avast-Mobile 20190118
Avira (no cloud) 20190120
Babable 20180918
Baidu 20190118
Bkav 20190119
CAT-QuickHeal 20190120
ClamAV 20190120
CMC 20190120
Comodo 20190120
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190120
eGambit 20190120
Endgame 20181108
F-Prot 20190120
Sophos ML 20181128
Jiangmin 20190120
K7AntiVirus 20190120
K7GW 20190120
Kaspersky 20190120
Kingsoft 20190120
Palo Alto Networks (Known Signatures) 20190120
SentinelOne (Static ML) 20190118
Sophos AV 20190120
SUPERAntiSpyware 20190116
TACHYON 20190120
Tencent 20190120
TheHacker 20190118
TotalDefense 20190120
Trapmine 20190103
TrendMicro 20190120
TrendMicro-HouseCall 20190120
Trustlook 20190120
VBA32 20190118
ViRobot 20190120
Yandex 20190118
Zillya 20190118
ZoneAlarm by Check Point 20190120
Zoner 20190120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2019 Steadboat Timecorrect

Product Skava Lost Spotair
Original name Spotair.exe
Internal name Skava LostWhosight Stickslave
File version 15.8.46.57
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-15 11:35:08
Entry Point 0x00002873
Number of sections 4
PE sections
Overlays
MD5 23524b8e963ad55ef8d7beae4b1507d6
File type data
Offset 275456
Size 12
Entropy 2.86
PE imports
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetLocalTime
FindFirstChangeNotificationW
HeapSetInformation
GetCurrentProcess
GetWindowsDirectoryW
DecodePointer
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
VirtualProtectEx
GetFileType
ExitProcess
GetFileTime
RaiseException
GetCPInfo
LoadLibraryW
MoveFileExW
GetSystemDirectoryW
GetDiskFreeSpaceW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
HeapValidate
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TlsFree
TerminateProcess
FindCloseChangeNotification
InterlockedDecrement
IsValidCodePage
HeapCreate
CreateFileW
DeleteCriticalSection
Sleep
FindNextChangeNotification
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
GetEnvironmentVariableW
SetLastError
InterlockedIncrement
SetupFindFirstLineW
SetupRemoveSectionFromDiskSpaceListW
SetupAddInstallSectionToDiskSpaceListW
SetupInstallFromInfSectionW
SetupFindNextLine
SetupInstallServicesFromInfSectionW
SetupRemoveInstallSectionFromDiskSpaceListW
SetupAddSectionToDiskSpaceListW
ShowWindow
Number of PE resources by type
RT_ICON 8
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
276992

ImageVersion
0.0

ProductName
Skava Lost Spotair

FileVersionNumber
15.8.46.57

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
Spotair.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
15.8.46.57

TimeStamp
2012:01:15 12:35:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Skava LostWhosight Stickslave

ProductVersion
15.8.46.57

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright 2019 Steadboat Timecorrect

MachineType
Intel 386 or later, and compatibles

CompanyName
Skava Lost

CodeSize
75776

FileSubtype
0

ProductVersionNumber
15.8.46.57

EntryPoint
0x2873

ObjectFileType
Executable application

File identification
MD5 0d8fdd17cf161f4f44f594494020781f
SHA1 c00ea12f1548a58e91fa9cf55cbf607ff284e936
SHA256 9cc5900b35f5769a723a69cb34ef8a781fbeec7e6a232e83a9d8868ea097447e
ssdeep
3072:tizkk1XY1PODELBQY55XBV19lH3L39iM3q/O5W1w:tDk1XYoyDXlL3Mvm8C

authentihash 9b6993b6dcfc3e5d90013134aa8d47db6ee9183db713ff43068319f7269e0a40
imphash 4fd63c100c24baad2386672074140630
File size 269.0 KB ( 275468 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-01-20 18:04:07 UTC ( 1 month, 3 weeks ago )
Last submission 2019-01-20 18:04:07 UTC ( 1 month, 3 weeks ago )
File names Skava LostWhosight Stickslave
Spotair.exe
.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.