× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9d3fac012d1f7a6cf3c7c381e6ef4b2c73d4d8d5a3f6a597d2b2837e115c90a0
File name: hack_facebook_pro_v6.9.exe
Detection ratio: 47 / 64
Analysis date: 2017-12-30 19:31:43 UTC ( 3 months, 3 weeks ago )
Antivirus Result Update
AegisLab Troj.W32.Genome.aepvs!c 20171230
AhnLab-V3 Trojan/Win32.Breut.C230199 20171230
Antiy-AVL Trojan/Win32.Genome 20171230
Arcabit Trojan.Kazy.DD6E1 20171230
Avast Win32:Malware-gen 20171230
AVG Win32:Malware-gen 20171230
Avira (no cloud) BDS/Fynloski.A.12199 20171230
AVware Trojan.Win32.Generic.pak!cobra 20171230
BitDefender Gen:Variant.Kazy.55009 20171230
CAT-QuickHeal Udsdangerousobject.Multi 20171230
ClamAV Win.Trojan.FaceHack-1 20171230
Comodo UnclassifiedMalware 20171230
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171230
Cyren W32/Trojan.YAXB-5063 20171230
DrWeb Trojan.Siggen3.39429 20171230
Emsisoft Gen:Variant.Kazy.55009 (B) 20171230
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/Agent.PAB 20171230
F-Secure Gen:Variant.Kazy.55009 20171230
Fortinet W32/WBNA.IPA!worm 20171230
GData Gen:Variant.Kazy.55009 20171230
Sophos ML heuristic 20170914
Jiangmin Trojan/Genome.csmk 20171230
K7AntiVirus Backdoor ( 04c502b11 ) 20171230
K7GW Backdoor ( 04c502b11 ) 20171230
Kaspersky UDS:DangerousObject.Multi.Generic 20171230
Kingsoft Win32.Troj.Genome.(kcloud) 20171230
MAX malware (ai score=100) 20171230
McAfee Generic.dx!229AF3E4F9DC 20171230
McAfee-GW-Edition Generic.dx!229AF3E4F9DC 20171230
eScan Gen:Variant.Kazy.55009 20171230
NANO-Antivirus Trojan.Win32.TrjGen.ktouq 20171230
Palo Alto Networks (Known Signatures) generic.ml 20171230
Panda Trj/CI.A 20171230
Qihoo-360 Win32/Trojan.e43 20171230
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Troj/Agent-UYX 20171230
Symantec Backdoor.Breut 20171229
Tencent Win32.Trojan.Zapchast.Hqby 20171230
TrendMicro BKDR_ZAPCHAST.SG 20171230
VBA32 Trojan.Genome.ae 20171229
VIPRE Trojan.Win32.Generic.pak!cobra 20171230
Webroot W32.Trojan.Gen 20171230
Yandex Trojan.Genome!dAt9gmt+Yuw 20171229
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171230
Ad-Aware 20171225
Alibaba 20171229
ALYac 20171230
Avast-Mobile 20171229
Baidu 20171227
Bkav 20171229
CMC 20171229
eGambit 20171230
F-Prot 20171230
Malwarebytes 20171230
Microsoft 20171230
nProtect 20171230
Rising 20171230
SUPERAntiSpyware 20171230
Symantec Mobile Insight 20171230
TheHacker 20171229
Trustlook 20171230
ViRobot 20171230
WhiteArmor 20171226
Zoner 20171230
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-07 06:40:20
Entry Point 0x0000B3C1
Number of sections 5
PE sections
Overlays
MD5 1573e7f3ba3967188a83cf39f7d1c8fc
File type application/x-rar
Offset 194560
Size 265388
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
GetClientRect
OemToCharA
EnableWindow
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 6
RT_ICON 5
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
NEUTRAL DEFAULT 6
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:12:07 07:40:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
9.0

EntryPoint
0xb3c1

InitializedDataSize
120832

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 229af3e4f9dccc0497e7546c09790d50
SHA1 5a35ec46be8f551ed572ab2fb675f7c09ae7beaf
SHA256 9d3fac012d1f7a6cf3c7c381e6ef4b2c73d4d8d5a3f6a597d2b2837e115c90a0
ssdeep
12288:gxaVAh64U5lygx6Ep8wSMvKviU8rxEAxDUtsT8:gxaVxr5BwE9B9C28T

authentihash 909bd6d6d4d24bded9938926478482fd8745e62975c63f8b5c54b4bc26de677b
imphash 2b8c9d9ab6fefc247adaf927e83dcea6
File size 449.2 KB ( 459948 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (4.x-5.x) (91.6%)
Win32 Executable MS Visual C++ (generic) (3.5%)
Win64 Executable (generic) (3.1%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-02-06 19:03:28 UTC ( 6 years, 2 months ago )
Last submission 2017-12-30 19:31:43 UTC ( 3 months, 3 weeks ago )
File names hack_facebook_pro_v6.9.exe
229af3e4f9dccc0497e7546c09790d50.vxe
0534
9d3fac012d1f7a6cf3c7c381e6ef4b2c73d4d8d5a3f6a597d2b2837e115c90a0.log
8_NOT_DETECTED.exe
hack_facebook_pro_v6.9.bin
hack_facebook_pro_v6.9.exe
axe
8a3f2dba-1dd1-4086-9fba-f44af57b4c19
bad.exe
229af3e4f9dccc0497e7546c09790d50.exe
file-3830615_
5a35ec46be8f551ed572ab2fb675f7c09ae7beaf.bin
229af3e4f9dccc0497e7546c09790d50
229af3e4f9dccc0497e7546c09790d50.virobj
dee536a4-50de-4dc1-87e4-b4aca997a773
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!