× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a1332c9c788d29a2486e953a3f648a049b780e1398fe1f3ffc88968c7fd2a19a
File name: fe99e479244c6dddf0104923d1b52ef0
Detection ratio: 37 / 57
Analysis date: 2016-10-21 16:18:07 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3617293 20161021
AegisLab Uds.Dangerousobject.Multi!c 20161021
AhnLab-V3 Trojan/Win32.Injector.N2135275818 20161021
Arcabit Trojan.Generic.D37320D 20161021
Avast Win32:Malware-gen 20161021
AVG Generic_vb.NGY 20161021
Avira (no cloud) TR/Dropper.VB.uzdqy 20161021
AVware Trojan.Win32.Generic!BT 20161021
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161021
BitDefender Trojan.GenericKD.3617293 20161021
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/Trojan.TQEY-5854 20161021
DrWeb Trojan.KillProc.47182 20161021
Emsisoft Trojan.GenericKD.3617293 (B) 20161021
ESET-NOD32 Win32/TrojanDownloader.Dagozill.A 20161021
F-Secure Trojan.GenericKD.3617293 20161021
Fortinet W32/Dagozill.A!tr.dldr 20161021
GData Trojan.GenericKD.3617293 20161021
Ikarus Trojan.VB.Crypt 20161021
Sophos ML generic.a 20161018
K7AntiVirus Trojan-Downloader ( 004e229d1 ) 20161021
K7GW Trojan-Downloader ( 004e229d1 ) 20161021
Kaspersky Trojan-Downloader.Win32.Dagozill.fp 20161021
Malwarebytes Trojan.TrickBot 20161021
McAfee RDN/Generic.grp 20161021
McAfee-GW-Edition BehavesLike.Win32.Rontokbro.cm 20161021
Microsoft Trojan:Win32/Dynamer!ac 20161021
eScan Trojan.GenericKD.3617293 20161021
Qihoo-360 Win32/Trojan.Multi.daf 20161021
Rising Malware.Undefined!8.C-NZ6nJErzVhB (cloud) 20161021
Sophos AV Troj/VBInj-PX 20161021
Symantec Trojan Horse 20161021
TrendMicro TROJ_INJECT.YMNNR 20161021
TrendMicro-HouseCall TROJ_INJECT.YMNNR 20161021
VIPRE Trojan.Win32.Generic!BT 20161021
ViRobot Trojan.Win32.Agent.138761[h] 20161021
Yandex Trojan.GenKryptik! 20161021
Alibaba 20161021
ALYac 20161021
Antiy-AVL 20161021
Bkav 20161021
CAT-QuickHeal 20161021
ClamAV 20161021
CMC 20161021
Comodo 20161021
F-Prot 20161021
Jiangmin 20161021
Kingsoft 20161021
NANO-Antivirus 20161021
nProtect 20161021
Panda 20161021
SUPERAntiSpyware 20161021
Tencent 20161021
TheHacker 20161020
TotalDefense 20161021
VBA32 20161021
Zillya 20161021
Zoner 20161021
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
be the de p endent outcome variable in a regression p

Product be the de p endent outcome variable in a regression p
Original name Bertiopas.exe
Internal name Bertiopas
File version 1.01.0053
Description be the de p endent outcome variable in a regression p
Comments be the de p endent outcome variable in a regression p
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-19 17:03:16
Entry Point 0x000011A0
Number of sections 3
PE sections
Overlays
MD5 eb710fc33cea24852be579590228a7c0
File type data
Offset 131072
Size 7689
Entropy 7.98
PE imports
EVENT_SINK_QueryInterface
Ord(645)
Ord(537)
Ord(648)
Ord(516)
Ord(616)
Ord(594)
Ord(689)
EVENT_SINK_AddRef
Ord(650)
Ord(300)
Ord(717)
Ord(583)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(100)
Ord(599)
Ord(608)
Ord(570)
Ord(571)
Ord(526)
Ord(573)
ProcCallEngine
Ord(711)
Ord(585)
Ord(690)
EVENT_SINK_Release
Ord(595)
Ord(600)
Ord(617)
Ord(593)
Ord(581)
Ord(582)
Ord(306)
Ord(614)
Ord(606)
Ord(631)
Ord(598)
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
be the de p endent outcome variable in a regression p

SubsystemVersion
4.0

Comments
be the de p endent outcome variable in a regression p

LinkerVersion
6.0

ImageVersion
1.1

FileSubtype
0

FileVersionNumber
1.1.0.53

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
be the de p endent outcome variable in a regression p

CharacterSet
Unicode

InitializedDataSize
28672

EntryPoint
0x11a0

OriginalFileName
Bertiopas.exe

MIMEType
application/octet-stream

LegalCopyright
be the de p endent outcome variable in a regression p

FileVersion
1.01.0053

TimeStamp
2016:10:19 18:03:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Bertiopas

ProductVersion
1.01.0053

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
FlAsH

CodeSize
118784

ProductName
be the de p endent outcome variable in a regression p

ProductVersionNumber
1.1.0.53

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fe99e479244c6dddf0104923d1b52ef0
SHA1 333a9898fa995c76190c5a5614750ae6d6b0f460
SHA256 a1332c9c788d29a2486e953a3f648a049b780e1398fe1f3ffc88968c7fd2a19a
ssdeep
1536:Q9ezHbbn7uSMGTQ959rm959ygyY+z94MEb:VHbb7N+z9a

authentihash 793aed106e67f76da5dd6b2eb7839354a77c8efcb72f28ef30a395e143426198
imphash 4c380ac36cd572d5c59c08d6afd0dfcf
File size 135.5 KB ( 138761 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-10-19 21:56:27 UTC ( 2 years, 6 months ago )
Last submission 2017-02-16 11:50:40 UTC ( 2 years, 2 months ago )
File names CN-81274.scr
Bertiopas.exe
CN-81274.exe
Bertiopas
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications