× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a32468ee49dad05def0fabc79b44b053490d8ff663ee95007d61bb47a7024bc7
File name: inst1.exe
Detection ratio: 28 / 56
Analysis date: 2016-08-17 11:18:14 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3469850 20160817
AegisLab Dangerousobject.Multi.Generic!c 20160817
AhnLab-V3 Trojan/Win32.Kryptik.N2080908897 20160817
ALYac Trojan.GenericKD.3469850 20160817
Arcabit Trojan.Generic.D34F21A 20160817
Avast Win32:Malware-gen 20160817
AVG Crypt5.CJSV 20160817
Avira (no cloud) TR/Crypt.Xpack.hspr 20160817
BitDefender Trojan.GenericKD.3469850 20160817
ClamAV Win.Malware.Agent2731710602/CRDF-1 20160817
DrWeb Trojan.Packed2.38509 20160817
Emsisoft Trojan.GenericKD.3469850 (B) 20160817
ESET-NOD32 a variant of Win32/Kryptik.EPJB 20160817
F-Secure Trojan.GenericKD.3469850 20160817
GData Trojan.GenericKD.3469850 20160817
Ikarus Trojan.Win32.Crypt 20160817
K7GW Trojan ( 004df6e61 ) 20160817
Kaspersky Trojan-Ransom.Win32.Cryptor.el 20160817
Malwarebytes Trojan.Crypt 20160817
McAfee Artemis!9597FC80F793 20160817
McAfee-GW-Edition BehavesLike.Win32.Downloader.dc 20160816
Microsoft Trojan:Win32/Dynamer!ac 20160817
eScan Trojan.GenericKD.3469850 20160817
Rising Trojan.Kryptik!8.8-kQ0n31dOYjK (Cloud) 20160817
Sophos AV Mal/Generic-S 20160816
Symantec Trojan.Gen.2 20160817
TrendMicro TSPY_PAPRAS.BYX 20160817
TrendMicro-HouseCall TSPY_PAPRAS.BYX 20160817
Alibaba 20160817
Antiy-AVL 20160817
AVware 20160817
Baidu 20160817
Bkav 20160816
CAT-QuickHeal 20160817
CMC 20160816
Comodo 20160817
Cyren 20160817
F-Prot 20160817
Fortinet 20160817
Jiangmin 20160817
K7AntiVirus 20160817
Kingsoft 20160817
NANO-Antivirus 20160817
nProtect 20160817
Panda 20160816
Qihoo-360 20160817
SUPERAntiSpyware 20160817
Tencent 20160817
TheHacker 20160816
TotalDefense 20160817
VBA32 20160817
VIPRE 20160817
ViRobot 20160817
Yandex 20160816
Zillya 20160816
Zoner 20160817
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2014 - . All rights reserved. WiseCleaner.com

Product Tennessee
Internal name Tennessee
File version 4.8.21.4
Description Preconceptions Sharepoint Ext2 Ceiling Foreach
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-15 12:42:55
Entry Point 0x0000C27B
Number of sections 7
PE sections
PE imports
CloseServiceHandle
ControlService
OpenServiceA
ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
ChooseFontA
CreatePatternBrush
CreatePolygonRgn
SetBrushOrgEx
CreateHalftonePalette
GetStockObject
TextOutA
SelectObject
GetRegionData
CreateBitmap
SetBkColor
DeleteObject
SetTextColor
CreateSolidBrush
gluOrtho2D
LoadResource
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
SetConsoleScreenBufferSize
LoadLibraryA
UpdateResourceA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnumResourceTypesA
GetEnvironmentStrings
GetFileType
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
LockResource
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetConsoleScreenBufferInfo
TlsFree
ReadFileScatter
SetStdHandle
GetModuleHandleA
FindResourceExA
RaiseException
GetCPInfo
GetStringTypeA
SetFilePointer
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FreeResource
HeapAlloc
FindResourceA
TerminateProcess
SizeofResource
RtlUnwind
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
VirtualFree
AllocConsole
InterlockedDecrement
Sleep
SetLastError
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
NetDfsAddStdRoot
NetDfsGetSecurity
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetRecordInfo
glVertex2f
glFlush
glMatrixMode
glColor3f
glDisable
glViewport
glClear
glEnd
glBegin
glLoadIdentity
DeletePwrScheme
ReadGlobalPwrPolicy
CanUserWritePwrScheme
GetModuleBaseNameA
GetProcessMemoryInfo
GetModuleInformation
EnumProcessModules
RasGetErrorStringA
RasValidateEntryNameA
SHQueryRecycleBinA
SHEmptyRecycleBinA
SHCreateStreamOnFileEx
phoneGetStatusA
EmptyClipboard
SetWindowRgn
MapDialogRect
UpdateWindow
GetWindowTextA
LoadMenuA
RegisterClassExW
PostQuitMessage
DefWindowProcA
ShowWindow
GetMenuState
BeginDeferWindowPos
GetMenu
GetWindowRect
DispatchMessageA
EndPaint
UnhookWindowsHookEx
GetDC
InsertMenuItemA
MessageBoxA
TranslateMessage
IsWindowEnabled
InvalidateRect
GetMenuItemID
GetMenuItemInfoA
EndDeferWindowPos
LoadAcceleratorsA
BeginPaint
DestroyIcon
GetWindowLongA
SetClipboardData
SendMessageA
CloseClipboard
GetClientRect
CreateWindowExA
GetDlgItem
SetForegroundWindow
EnableMenuItem
RegisterClassA
ScreenToClient
InsertMenuA
GetSubMenu
GetAsyncKeyState
SetTimer
LoadCursorA
LoadIconA
TranslateAcceleratorA
DeferWindowPos
LoadImageA
GetFocus
CreateWindowExW
ReleaseDC
GetMenuItemCount
GetMessageA
DestroyWindow
OpenClipboard
IsAppThemed
CloseThemeData
GetFileVersionInfoSizeA
GetFileVersionInfoA
GdipDeleteFontFamily
GdipCreatePen1
GdipCreatePath
GdipCreateSolidFill
GdipCreateFontFamilyFromName
GdipDeleteBrush
GdipAddPathRectangleI
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateFont
GdipDeletePath
GdipDeletePen
GdipDeleteFont
CoUninitialize
CoCreateInstance
CLSIDFromString
CoInitialize
Number of PE resources by type
RT_DIALOG 2
RT_STRING 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
PNG 1
Number of PE resources by language
ENGLISH US 9
PE resources
Debug information
ExifTool file metadata
CodeSize
105472

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.8.21.4

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Preconceptions Sharepoint Ext2 Ceiling Foreach

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
178688

EntryPoint
0xc27b

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014 - . All rights reserved. WiseCleaner.com

FileVersion
4.8.21.4

TimeStamp
2016:08:15 14:42:55+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Tennessee

ProductVersion
4.8.21.4

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
WiseCleaner.com

LegalTrademarks
Copyright 2014 - . All rights reserved. WiseCleaner.com

ProductName
Tennessee

ProductVersionNumber
4.8.21.4

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 9597fc80f793bbeceed69be9b1344fdb
SHA1 b05fe3053fe4e98055a060793c0fd6fd7f7b5f59
SHA256 a32468ee49dad05def0fabc79b44b053490d8ff663ee95007d61bb47a7024bc7
ssdeep
6144:o2vqw/qjqQJTY3bpdXVPbfa2OfyQYmg0I4CsUUld3qB:lijqQxYLFPG2OfyQTxl3qB

authentihash 225d0b11dc83efffecae5ad0bfeb0174a04dc58b0ef1cd9e46d78df58d811d83
imphash 72c768522421b1371c6162c34867081f
File size 278.5 KB ( 285184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-15 17:10:58 UTC ( 2 years, 7 months ago )
Last submission 2018-05-15 05:55:46 UTC ( 10 months, 2 weeks ago )
File names inst1.exe
inst1.exe
Luyji.exe
9ba70ba613c0ee0a7d7be895c131cf6a24a27336
inst1(2).exe
inst1.exe
reksayge.exe
inst1.exe
9597fc80f793bbeceed69be9b1344fdb
inst1.exe
Tennessee
9597fc80f793bbeceed69be9b1344fdb
RuzkOxra.exe
inst1.exe
inst1.exe
inst1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!