× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9fbdb4129a02ffc595f594131e8b3ffcb52786279df3eaf7eff348e8837e142b
File name: jsjd.jpg
Detection ratio: 9 / 71
Analysis date: 2019-01-09 20:52:54 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181023
Cylance Unsafe 20190109
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Microsoft Trojan:Win32/Fuerboos.C!cl 20190109
Rising Trojan.Occamy!8.F1CD/N3#90% (RDM+:cmRtazr3+wYXC+JCqin/4Sj8mG57) 20190109
Symantec Packed.Generic.537 20190109
Trapmine malicious.moderate.ml.score 20190103
VBA32 BScope.Trojan.CoinMiner 20190109
Acronis 20181227
Ad-Aware 20190109
AegisLab 20190109
AhnLab-V3 20190109
Alibaba 20180921
ALYac 20190109
Antiy-AVL 20190109
Arcabit 20190109
Avast 20190109
Avast-Mobile 20190109
AVG 20190109
Avira (no cloud) 20190109
Babable 20180918
Baidu 20190109
BitDefender 20190109
Bkav 20190108
CAT-QuickHeal 20190109
ClamAV 20190109
CMC 20190109
Comodo 20190109
Cybereason 20190109
Cyren 20190109
DrWeb 20190109
eGambit 20190109
Emsisoft 20190109
ESET-NOD32 20190109
F-Prot 20190109
F-Secure 20190109
Fortinet 20190109
GData 20190109
Ikarus 20190109
Jiangmin 20190109
K7AntiVirus 20190109
K7GW 20190109
Kaspersky 20190109
Kingsoft 20190109
Malwarebytes 20190109
MAX 20190109
McAfee 20190109
McAfee-GW-Edition 20190109
eScan 20190109
NANO-Antivirus 20190109
Palo Alto Networks (Known Signatures) 20190109
Panda 20190109
Qihoo-360 20190109
SentinelOne (Static ML) 20181223
Sophos AV 20190109
SUPERAntiSpyware 20190102
TACHYON 20190109
Tencent 20190109
TheHacker 20190106
TotalDefense 20190109
TrendMicro 20190109
TrendMicro-HouseCall 20190109
Trustlook 20190109
VIPRE 20190109
ViRobot 20190109
Webroot 20190109
Yandex 20181229
Zillya 20190109
ZoneAlarm by Check Point 20190109
Zoner 20190109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product PE Cloner
Original name PEC.exe
Internal name PEC.exe
File version 0.1
Description PE Cloner
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 11:25:59
Entry Point 0x000043C4
Number of sections 5
PE sections
PE imports
ImageList_Draw
ImageList_GetImageInfo
GetObjectA
GetCurrentObject
SelectObject
GetTextExtentPoint32A
GetTextColor
CreateFontIndirectA
ExtTextOutA
DeleteObject
SetBkColor
GetBkColor
SetTextColor
VirtualProtect
GetStartupInfoA
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(4710)
Ord(3597)
Ord(3136)
Ord(6383)
Ord(5440)
Ord(6375)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3259)
Ord(3610)
Ord(5290)
Ord(2446)
Ord(6366)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(4353)
Ord(567)
Ord(4465)
Ord(5300)
Ord(5199)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(384)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(2581)
Ord(5307)
Ord(4441)
Ord(4401)
Ord(4424)
Ord(540)
Ord(3639)
Ord(4078)
Ord(2554)
Ord(6376)
Ord(1727)
Ord(3803)
Ord(1776)
Ord(2379)
Ord(2725)
Ord(3874)
Ord(4998)
Ord(823)
Ord(4219)
Ord(800)
Ord(656)
Ord(3749)
Ord(2512)
Ord(470)
Ord(4274)
Ord(5261)
Ord(2413)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2124)
Ord(2621)
Ord(1771)
Ord(3262)
Ord(1576)
Ord(4299)
Ord(2097)
Ord(5065)
Ord(4407)
Ord(4275)
Ord(3663)
Ord(3346)
Ord(2396)
Ord(3831)
Ord(6394)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(4376)
Ord(3402)
Ord(324)
Ord(3830)
Ord(2385)
Ord(3079)
Ord(6880)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(5450)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(686)
Ord(4622)
Ord(561)
Ord(2302)
Ord(4486)
Ord(2024)
Ord(692)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(5731)
__p__fmode
__CxxFrameHandler
memset
__dllonexit
_except_handler3
__p__commode
_onexit
exit
_XcptFilter
__setusermatherr
_controlfp
_acmdln
_ismbcdigit
_adjust_fdiv
_mbsinc
__getmainargs
memcpy
_setmbcp
memmove
_initterm
_exit
__set_app_type
DrawFocusRect
GetSystemMetrics
GetSysColor
LoadIconA
GetWindowRect
EnableWindow
DrawIcon
EnumWindows
SendMessageA
GetClientRect
CopyRect
IsIconic
InvalidateRect
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH UK 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
PE Cloner

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
135168

EntryPoint
0x43c4

OriginalFileName
PEC.exe

MIMEType
application/octet-stream

FileVersion
0.1

TimeStamp
2016:12:06 12:25:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PEC.exe

ProductVersion
0.1

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
16384

ProductName
PE Cloner

ProductVersionNumber
0.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 f84aeba3a379fc4d126e12c7e9386896
SHA1 fbab0a5cb4eba5f34cf517aefdb1cefbed4400db
SHA256 9fbdb4129a02ffc595f594131e8b3ffcb52786279df3eaf7eff348e8837e142b
ssdeep
3072:XOkP3gzPDzPuzPpAHc1Q1spY2wxy+OTV60h:JP3gzPDzPuzPpAHpn2wxy+I

authentihash 25d8264012f6669fe2e8b1c6da41f135706a09c9b572effaf30dee09510c00de
imphash 5fadc051c2af423ff4ab753eacd8b406
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-09 20:52:54 UTC ( 3 months, 2 weeks ago )
Last submission 2019-01-15 19:27:41 UTC ( 3 months, 1 week ago )
File names output.114882375.txt
output.114894233.txt
PEC.exe
gbairtwv.exe
output.114882753.txt
jsjd.jpg
output.114927205.txt
output.114800224.txt
liwx.jpg
snd2.jpg
jsjd.jpg
sair.jpg
jswp.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs