× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9f3cca63365e646140eacac2144c90bf48555e3e254dca8b4cc833d83ba911b8
File name: batthyper.exe
Detection ratio: 19 / 66
Analysis date: 2018-05-25 03:07:29 UTC ( 9 months ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20180525
Avast FileRepMalware 20180525
AVG FileRepMalware 20180525
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180524
Comodo CloudScanner.Trojan.Gen 20180525
Cylance Unsafe 20180525
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Kryptik.GHBV 20180525
Sophos ML heuristic 20180503
Kaspersky UDS:DangerousObject.Multi.Generic 20180525
Malwarebytes Spyware.PasswordStealer 20180525
McAfee Artemis!35FF9D9D808B 20180524
McAfee-GW-Edition Artemis!Trojan 20180524
Palo Alto Networks (Known Signatures) generic.ml 20180525
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANX 20180525
Symantec ML.Attribute.HighConfidence 20180524
Webroot W32.Trojan.Emotet 20180525
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180525
Ad-Aware 20180525
AhnLab-V3 20180525
Alibaba 20180525
ALYac 20180525
Antiy-AVL 20180525
Arcabit 20180525
Avast-Mobile 20180524
Avira (no cloud) 20180524
AVware 20180525
Babable 20180406
BitDefender 20180525
Bkav 20180524
CAT-QuickHeal 20180524
ClamAV 20180521
CMC 20180524
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cyren 20180525
DrWeb 20180525
eGambit 20180525
Emsisoft 20180525
F-Prot 20180525
F-Secure 20180525
Fortinet 20180525
GData 20180525
Ikarus 20180524
Jiangmin 20180525
K7AntiVirus 20180524
K7GW 20180525
Kingsoft 20180525
MAX 20180525
Microsoft 20180525
eScan 20180525
NANO-Antivirus 20180525
nProtect 20180525
Panda 20180524
Qihoo-360 20180525
Rising 20180525
SUPERAntiSpyware 20180525
Symantec Mobile Insight 20180525
Tencent 20180525
TheHacker 20180524
TotalDefense 20180524
TrendMicro 20180525
TrendMicro-HouseCall 20180524
Trustlook 20180525
VBA32 20180524
VIPRE 20180525
ViRobot 20180524
Yandex 20180524
Zillya 20180524
Zoner 20180524
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2028-12-25 04:27:37
Entry Point 0x00001BEF
Number of sections 4
PE sections
PE imports
GetUserNameA
CertOpenSystemStoreA
CertGetCertificateChain
CreateWaitableTimerW
GetNumberFormatA
LocalHandle
FlsGetValue
GetComputerNameExW
FindVolumeMountPointClose
FlsFree
FindFirstVolumeW
LZSeek
VarUI4FromUI8
SetActivePwrScheme
SetupDiGetDeviceInstanceIdW
StrCpyNW
SHSetValueW
SHCopyKeyW
GetAncestor
waveOutGetErrorTextW
GetPrinterDataExW
WintrustRemoveActionID
SCardForgetCardTypeW
SCardDisconnect
STGMEDIUM_UserMarshal
OleConvertOLESTREAMToIStorage
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.164

ImageVersion
0.0

FileVersionNumber
1.0.124.0

LanguageCode
Japanese

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
188416

EntryPoint
0x1bef

MIMEType
application/octet-stream

TimeStamp
2028:12:24 20:27:37-08:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
25 4 3

CodeSize
0

FileSubtype
0

ProductVersionNumber
24.0.55.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 35ff9d9d808b385ced6beee556df9d3a
SHA1 f97870c0b06a0d96f837800e10c8a8472a6f721a
SHA256 9f3cca63365e646140eacac2144c90bf48555e3e254dca8b4cc833d83ba911b8
ssdeep
1536:FzTlGlalyIa6x6Drpgtbd4fNKUQSt4MVaXSVyitx7T9uG:Fs8lyIpx6Dr+tbd4FKgp3VRPT9uG

authentihash 47f5e29dbc49c0413b903fb1c3664e7c9eae06d3c3c6afdee051705dc98dd8c0
imphash 26353d151d5b338829192eea15bd1b88
File size 196.0 KB ( 200704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-24 23:10:15 UTC ( 9 months ago )
Last submission 2018-05-27 19:34:44 UTC ( 8 months, 4 weeks ago )
File names batthyper.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!