× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a16c30231fcc2c4b2e9831a2f2c34ce1055663ac753fff166b5a0fd7b6a50293
File name: done.jpg
Detection ratio: 37 / 69
Analysis date: 2018-09-22 01:11:57 UTC ( 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.83923 20180921
ALYac Gen:Variant.Symmi.83923 20180922
Antiy-AVL Trojan/Win32.Injector 20180922
Arcabit Trojan.Symmi.D147D3 20180922
Avast Win32:Trojan-gen 20180922
AVG Win32:Trojan-gen 20180922
Avira (no cloud) TR/Injector.dzcvo 20180921
BitDefender Gen:Variant.Symmi.83923 20180921
Cylance Unsafe 20180922
Cyren W32/VBKrypt.EK.gen!Eldorado 20180922
Emsisoft Trojan.Injector (A) 20180921
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.EALV 20180922
F-Prot W32/VBKrypt.EK.gen!Eldorado 20180922
F-Secure Gen:Variant.Symmi.83923 20180922
Fortinet W32/GenKryptik.CLES!tr 20180922
GData Gen:Variant.Symmi.83923 20180922
Ikarus Trojan.Win32.Injector 20180921
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053c0f31 ) 20180921
K7GW Trojan ( 0053c0f31 ) 20180921
Kaspersky Trojan-Spy.Win32.Noon.tea 20180921
Malwarebytes Trojan.MalPack.VB 20180921
MAX malware (ai score=99) 20180922
McAfee Trojan-FQCM!F0FA01008B10 20180921
McAfee-GW-Edition BehavesLike.Win32.Fareit.gh 20180921
Microsoft VirTool:Win32/VBInject 20180921
eScan Gen:Variant.Symmi.83923 20180922
Palo Alto Networks (Known Signatures) generic.ml 20180922
Qihoo-360 HEUR/QVM03.0.E08F.Malware.Gen 20180922
Rising Trojan.Injector!8.C4 (CLOUD) 20180922
SentinelOne (Static ML) static engine - malicious 20180830
Symantec Downloader.Ponik 20180921
Tencent Win32.Trojan.Symmi.Edxi 20180922
TrendMicro TrojanSpy.Win32.FAREIT.SMA.hp 20180922
TrendMicro-HouseCall TrojanSpy.Win32.FAREIT.SMA.hp 20180922
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.tea 20180922
AegisLab 20180922
AhnLab-V3 20180921
Alibaba 20180921
Avast-Mobile 20180921
AVware 20180922
Babable 20180918
Baidu 20180914
Bkav 20180921
CAT-QuickHeal 20180921
ClamAV 20180921
CMC 20180921
Comodo 20180921
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
DrWeb 20180921
eGambit 20180922
Jiangmin 20180921
Kingsoft 20180922
NANO-Antivirus 20180922
Panda 20180921
Sophos AV 20180922
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180918
TACHYON 20180922
TheHacker 20180920
TotalDefense 20180920
Trustlook 20180922
VBA32 20180921
VIPRE 20180922
ViRobot 20180921
Webroot 20180922
Yandex 20180920
Zillya 20180920
Zoner 20180921
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product aSUS
Original name Metalcraft3.exe
Internal name Metalcraft3
File version 9.05
Comments STELLAR FTD
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-15 06:30:18
Entry Point 0x00001360
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(645)
_CIcos
EVENT_SINK_QueryInterface
__vbaI4Cy
Ord(516)
_adj_fdivr_m64
Ord(527)
_adj_fprem
Ord(697)
Ord(519)
Ord(525)
_adj_fpatan
EVENT_SINK_AddRef
Ord(650)
__vbaStrComp
Ord(540)
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
Ord(678)
_adj_fdivr_m16i
__vbaStrMove
EVENT_SINK_Release
__vbaRecDestruct
_adj_fdiv_r
Ord(100)
__vbaDerefAry1
__vbaVarAdd
__vbaUI1I2
__vbaFreeVar
__vbaVarTstNe
Ord(618)
__vbaLbound
__vbaVarCat
__vbaObjSetAddref
_CItan
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaVarMul
_allmul
Ord(575)
__vbaLsetFixstr
_adj_fptan
Ord(610)
__vbaI4Var
__vbaR4Sgn
__vbaVarMove
_CIatan
Ord(608)
__vbaNew2
__vbaLateIdCallLd
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
__vbaLenBstr
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFPFix
__vbaFreeStrList
Ord(609)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 10
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
466944

SubsystemVersion
4.0

Comments
STELLAR FTD

InitializedDataSize
32768

ImageVersion
9.5

FileSubtype
0

FileVersionNumber
9.5.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x1360

OriginalFileName
Metalcraft3.exe

MIMEType
application/octet-stream

FileVersion
9.05

TimeStamp
2018:09:14 23:30:18-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Metalcraft3

ProductVersion
9.05

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
THE pidGIN DEveloper COmmunity

LegalTrademarks
BLUESTACk SYSTEMS FNC.

ProductName
aSUS

ProductVersionNumber
9.5.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f0fa01008b10e919b73889f052da848c
SHA1 aba971e940fac47e05961bb5da28384144d9ab30
SHA256 a16c30231fcc2c4b2e9831a2f2c34ce1055663ac753fff166b5a0fd7b6a50293
ssdeep
12288:Q0YwDTpJ8VxRgB8yXoKifdQ7/xDYXSvLYz0:vb8VQSYyx

authentihash fe521369a022601cacf73331c9951588b3ee9764a8dfbc3c17cbe74f2a3c25fe
imphash 8b3bb1601cef3899cfeade84907dfc77
File size 488.0 KB ( 499712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-21 03:50:14 UTC ( 8 months ago )
Last submission 2018-09-21 03:50:14 UTC ( 8 months ago )
File names Metalcraft3.exe
done.jpg
Metalcraft3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.