× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9eea084105447f005758627cab888fa3a50cf86c234f65536032fa00d9928d99
File name: viviKjddnnsa.exe
Detection ratio: 18 / 67
Analysis date: 2018-05-03 05:30:48 UTC ( 11 months, 2 weeks ago ) View latest
Antivirus Result Update
Avast Win32:Evo-gen [Susp] 20180503
AVG Win32:Evo-gen [Susp] 20180503
AVware LooksLike.Win32.Crowti.b (v) 20180428
Babable Malware.HighConfidence 20180406
Bkav W32.FamVT.RazyNHmC.Trojan 20180502
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180503
Endgame malicious (high confidence) 20180403
Fortinet W32/Kryptik.GEVM!tr 20180503
Sophos ML heuristic 20180121
Palo Alto Networks (Known Signatures) generic.ml 20180503
Qihoo-360 HEUR/QVM10.1.E89F.Malware.Gen 20180503
Sophos AV Mal/Lethic-L 20180502
Symantec ML.Attribute.HighConfidence 20180503
TrendMicro Mal_Swizzor 20180503
TrendMicro-HouseCall Mal_Swizzor 20180503
VIPRE LooksLike.Win32.Crowti.b (v) 20180503
Webroot W32.Trojan.Gen 20180503
Ad-Aware 20180503
AegisLab 20180503
AhnLab-V3 20180503
Alibaba 20180503
ALYac 20180503
Antiy-AVL 20180503
Arcabit 20180503
Avast-Mobile 20180502
Avira (no cloud) 20180502
Baidu 20180503
BitDefender 20180503
CAT-QuickHeal 20180502
ClamAV 20180503
CMC 20180502
Comodo 20180503
Cybereason None
Cyren 20180503
DrWeb 20180503
eGambit 20180503
Emsisoft 20180503
ESET-NOD32 20180503
F-Prot 20180503
F-Secure 20180503
GData 20180503
Ikarus 20180502
Jiangmin 20180503
K7AntiVirus 20180502
K7GW 20180503
Kaspersky 20180503
Kingsoft 20180503
Malwarebytes 20180503
MAX 20180503
McAfee 20180503
McAfee-GW-Edition 20180503
Microsoft 20180503
eScan 20180503
NANO-Antivirus 20180503
nProtect 20180503
Panda 20180502
Rising 20180503
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180503
Symantec Mobile Insight 20180501
Tencent 20180503
TheHacker 20180430
TotalDefense 20180502
Trustlook 20180503
VBA32 20180502
ViRobot 20180503
Yandex 20180428
Zillya 20180502
ZoneAlarm by Check Point 20180503
Zoner 20180502
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2345.com

Product HaoZip
File version 5.9.1.10697
Description HaoZip 5.9.1.10697
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-03 04:21:05
Entry Point 0x00009293
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
GetFileAttributesA
GetOEMCP
LCMapStringA
CopyFileA
ExitProcess
CreateDirectoryA
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetShortPathNameA
GetStdHandle
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetDateFormatA
GetEnvironmentStrings
CompareFileTime
GetLocaleInfoA
GetCurrentProcessId
GetTimeZoneInformation
SetFileTime
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
SetFileAttributesA
CompareStringW
GetTempPathA
GetCPInfo
GetStringTypeA
GetModuleHandleA
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CompareStringA
GetTimeFormatA
lstrcpynA
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
GetFullPathNameA
HeapAlloc
MoveFileA
TerminateProcess
QueryPerformanceCounter
InterlockedDecrement
WideCharToMultiByte
IsValidCodePage
HeapCreate
TlsGetValue
SetCurrentDirectoryA
VirtualFree
SearchPathA
IsDebuggerPresent
Sleep
GetFileType
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
DrawTextA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
IsWindow
GetWindowRect
EnableWindow
SetWindowLongA
DialogBoxParamA
GetDC
SystemParametersInfoA
SetWindowTextA
ShowWindow
FindWindowExA
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
SendMessageTimeoutA
SetTimer
FillRect
CharNextA
LoadImageA
EndPaint
SetForegroundWindow
ExitWindowsEx
OpenClipboard
Number of PE resources by type
RT_ICON 3
RT_BITMAP 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 6
RUSSIAN 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
69.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.9.1.10697

LanguageCode
Russian

FileFlagsMask
0x0000

FileDescription
HaoZip 5.9.1.10697

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Cyrillic

InitializedDataSize
331264

EntryPoint
0x9293

MIMEType
application/octet-stream

LegalCopyright
2345.com

FileVersion
5.9.1.10697

TimeStamp
2018:05:02 21:21:05-07:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5.9.1.10697

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
2345.com

CodeSize
77824

ProductName
HaoZip

ProductVersionNumber
5.9.1.10697

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d8664ef912c088917aea3d772a4eefaf
SHA1 f2340998659f539a26d2e537fe2c484709c6c762
SHA256 9eea084105447f005758627cab888fa3a50cf86c234f65536032fa00d9928d99
ssdeep
6144:Rzx+o3764JN1SZcrrgBS+kH2ZqdKi1KkxmQVOLYzA1yBhJ/G:RAO6CyZcrrT7dKxzQVPzAQF/

authentihash 040e1d5a98289c06862bc9207d8956204e790922af387a11182a5e6f332ac4b2
imphash 91e907a43ef19115852a6f37e252f08f
File size 309.5 KB ( 316928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-03 05:30:48 UTC ( 11 months, 2 weeks ago )
Last submission 2018-05-28 09:46:48 UTC ( 10 months, 3 weeks ago )
File names viviKjddnnsa.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.