× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a296b4ffbb424f5aa11d62bcb295c798c32322c85daf9337b1d2e63f4b5f6b15
File name: jeta-aaalogo
Detection ratio: 53 / 63
Analysis date: 2017-07-20 14:10:01 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.2097322 20170720
AegisLab Troj.Ransom.W32.Foreign!c 20170720
AhnLab-V3 Trojan/Win32.Agent.R132407 20170720
ALYac Trojan.GenericKD.2097322 20170720
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20170720
Arcabit Trojan.Generic.D2000AA 20170720
Avast Win32:Malware-gen 20170720
AVG Win32:Malware-gen 20170720
Avira (no cloud) TR/Crypt.ZPACK.117752 20170720
AVware Trojan.Win32.Generic!BT 20170720
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170720
BitDefender Trojan.GenericKD.2097322 20170720
CAT-QuickHeal Trojan.Generic.B4 20170720
Comodo UnclassifiedMalware 20170720
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20170710
Cylance Unsafe 20170720
Cyren W32/Ransom.DLZC-3815 20170720
DrWeb Trojan.DownLoader11.32458 20170720
Emsisoft Trojan.GenericKD.2097322 (B) 20170720
Endgame malicious (high confidence) 20170713
ESET-NOD32 Win32/TrojanDownloader.Zurgop.BK 20170720
F-Prot W32/Ransom.GJ 20170720
F-Secure Trojan.GenericKD.2097322 20170720
Fortinet W32/FOREIGN.DSA!tr 20170720
GData Win32.Trojan.Agent.263A23 20170720
Ikarus Trojan-Spy.Agent 20170720
Jiangmin Trojan/Foreign.wxv 20170720
K7AntiVirus Trojan-Downloader ( 004973061 ) 20170720
K7GW Trojan-Downloader ( 004973061 ) 20170720
Kaspersky Trojan.Win32.Saguaro.w 20170720
Malwarebytes Trojan.Agent.ED 20170720
MAX malware (ai score=85) 20170720
McAfee RDN/Ransom!eo 20170720
McAfee-GW-Edition RDN/Ransom!eo 20170720
Microsoft TrojanDownloader:Win32/Dofoil.T 20170720
eScan Trojan.GenericKD.2097322 20170720
NANO-Antivirus Trojan.Win32.RiskGen.efhhbn 20170720
Palo Alto Networks (Known Signatures) generic.ml 20170720
Panda Trj/Chgt.O 20170720
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20170720
Rising Trojan.Win32.Foreign.bn (ktse) 20170720
Sophos AV Mal/Tinba-C 20170720
Symantec Trojan.Gen 20170720
Tencent Win32.Trojan.Agent.Ts 20170720
TrendMicro TROJ_FOREIGN.DSA 20170720
TrendMicro-HouseCall TROJ_FOREIGN.DSA 20170720
VBA32 Hoax.Foreign 20170720
VIPRE Trojan.Win32.Generic!BT 20170720
ViRobot Trojan.Win32.S.Agent.201728.CT 20170720
Webroot W32.Trojan.Gen 20170720
Yandex Trojan.Foreign!XHhsoTx3r0g 20170719
Zillya Trojan.Foreign.Win32.48915 20170720
ZoneAlarm by Check Point Trojan.Win32.Saguaro.w 20170720
Alibaba 20170720
Bkav 20170720
ClamAV 20170720
CMC 20170720
Sophos ML 20170607
Kingsoft 20170720
nProtect 20170720
SentinelOne (Static ML) 20170718
SUPERAntiSpyware 20170720
Symantec Mobile Insight 20170720
TheHacker 20170719
Trustlook 20170720
WhiteArmor 20170713
Zoner 20170720
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2014 SWGSoft

Product jeta-aaalogo Application
Internal name jeta-aaalogo
File version 1.0.0.4
Description jeta-aaalogo
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-20 17:04:56
Entry Point 0x00003BC6
Number of sections 5
PE sections
PE imports
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
FindTextW
PageSetupDlgW
ChooseFontA
CertGetNameStringA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetTempFileNameA
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetStdHandle
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
LocalAlloc
SetFileTime
DeleteFileA
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
GetComputerNameW
GetFileTime
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
TerminateProcess
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetFileAttributesA
LocalFree
SetStdHandle
GetLongPathNameW
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
InterlockedIncrement
ExitProcess
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
EnumerateSecurityPackagesA
GetCursorPos
GetSysColorBrush
DdeInitializeA
CreateWindowExA
LoadCursorA
GetWindowRect
IsClipboardFormatAvailable
FindWindowW
SendMessageA
DefWindowProcA
GetDialogBaseUnits
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
IsIconic
RegisterClassA
InvalidateRect
CoUninitialize
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 9
RT_BITMAP 5
RT_STRING 3
RT_RCDATA 2
RTF 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 23
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
125952

ImageVersion
0.0

ProductName
jeta-aaalogo Application

FileVersionNumber
1.0.0.4

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
jeta-aaalogo

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.4

TimeStamp
2015:01:20 18:04:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
jeta-aaalogo

ProductVersion
1.0.0.4

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2014 SWGSoft

MachineType
Intel 386 or later, and compatibles

CodeSize
74752

FileSubtype
0

ProductVersionNumber
1.0.0.4

EntryPoint
0x3bc6

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 85a7dd41140f87fc0e3e455dcb95a00b
SHA1 df22066c648598bb740993533ad9d08d569c19e4
SHA256 a296b4ffbb424f5aa11d62bcb295c798c32322c85daf9337b1d2e63f4b5f6b15
ssdeep
3072:xQtfux38smbf64n+GUCO8/dQzLmnyAg0FuiPIMDVL8ap6t4vwXW:xQlM8s2pTUu/uLmyAO/8VXWX

authentihash f4128e427505b9fde582a785a844e74157f9182995a736f83755e60a802f0997
imphash e06f2ca6eae71a0d4e0015605f0fc7ca
File size 197.0 KB ( 201728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-20 18:17:38 UTC ( 4 years, 4 months ago )
Last submission 2017-07-20 14:10:01 UTC ( 1 year, 10 months ago )
File names 85A7DD41140F87FC0E3E455DCB95A00B
85a7dd41140f87fc0e3e455dcb95a00b
ss.exe
85A7DD41140F87FC0E3E455DCB95A00B.EXE
output.54514931.txt
hY7OfUowQu.fon
newl.exe
vti-rescan
33.zip
54514931
33.EXE
40pc.msi
jeta-aaalogo
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Opened mutexes
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections