× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a5f148a406a891cfe40078626e39a6aa7bf5ae466ab3531901da32daf869fd28
File name: cj cj.exe
Detection ratio: 6 / 63
Analysis date: 2017-07-18 04:15:01 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170710
Cylance Unsafe 20170718
Endgame malicious (high confidence) 20170713
McAfee Packed-MO!8E2E62D0B69A 20170718
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Mal/FareitVB-M 20170717
Ad-Aware 20170718
AegisLab 20170718
AhnLab-V3 20170717
Alibaba 20170718
ALYac 20170718
Antiy-AVL 20170718
Arcabit 20170718
Avast 20170718
AVG 20170718
Avira (no cloud) 20170718
AVware 20170718
Baidu 20170717
BitDefender 20170718
Bkav 20170717
CAT-QuickHeal 20170717
ClamAV 20170718
CMC 20170718
Comodo 20170718
Cyren 20170718
DrWeb 20170718
Emsisoft 20170718
ESET-NOD32 20170718
F-Prot 20170718
F-Secure 20170718
Fortinet 20170629
GData 20170718
Ikarus 20170717
Sophos ML 20170607
Jiangmin 20170718
K7AntiVirus 20170717
K7GW 20170718
Kaspersky 20170718
Kingsoft 20170718
Malwarebytes 20170718
MAX 20170718
McAfee-GW-Edition 20170718
Microsoft 20170718
eScan 20170718
NANO-Antivirus 20170718
nProtect 20170718
Palo Alto Networks (Known Signatures) 20170718
Panda 20170717
Qihoo-360 20170718
Rising 20170718
SUPERAntiSpyware 20170718
Symantec 20170717
Symantec Mobile Insight 20170718
Tencent 20170718
TheHacker 20170717
TrendMicro 20170718
TrendMicro-HouseCall 20170718
Trustlook 20170718
VBA32 20170717
VIPRE 20170718
ViRobot 20170718
Webroot 20170718
WhiteArmor 20170713
Yandex 20170717
Zillya 20170717
ZoneAlarm by Check Point 20170718
Zoner 20170718
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
xeiE

Product HEsIsOfT vait
Original name Unevaporate.exe
Internal name Unevaporate
File version 1.00.0004
Description Xerox
Comments xemAsofT
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-18 02:18:07
Entry Point 0x000013B4
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(712)
EVENT_SINK_Release
__vbaEnd
EVENT_SINK_QueryInterface
Ord(687)
Ord(695)
Ord(586)
_adj_fdivr_m64
Ord(527)
_adj_fprem
Ord(584)
Ord(678)
_adj_fpatan
Ord(663)
EVENT_SINK_AddRef
Ord(676)
Ord(629)
Ord(611)
_adj_fdiv_m32i
Ord(647)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_CIexp
__vbaStrVarMove
_adj_fdivr_m16i
__vbaR8Var
Ord(589)
_adj_fdiv_m64
__vbaFreeObj
__vbaUI1I2
__vbaFreeVar
Ord(100)
Ord(581)
_adj_fdiv_r
Ord(536)
Ord(694)
Ord(651)
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(606)
_allmul
__vbaStrVarVal
_CIcos
Ord(616)
_adj_fptan
Ord(685)
_CItan
Ord(628)
__vbaObjSet
Ord(538)
__vbaVarMove
Ord(661)
_CIatan
__vbaNew2
__vbaErrorOverflow
__vbaR4Sgn
__vbaOnError
_adj_fdivr_m32i
Ord(541)
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaVarDup
Ord(609)
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
HEBREW DEFAULT 1
PE resources
ExifTool file metadata
LegalTrademarks
skype

SubsystemVersion
4.0

Comments
xemAsofT

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.4

LanguageCode
Hebrew

FileFlagsMask
0x0000

FileDescription
Xerox

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x13b4

OriginalFileName
Unevaporate.exe

MIMEType
application/octet-stream

LegalCopyright
xeiE

FileVersion
1.00.0004

TimeStamp
2017:07:18 03:18:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Unevaporate

ProductVersion
1.00.0004

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
moZilLz

CodeSize
1056768

ProductName
HEsIsOfT vait

ProductVersionNumber
1.0.0.4

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 8e2e62d0b69aaa00f2fac338fd1372ba
SHA1 922e24b095e5ed082ad314b441e7863ee910321c
SHA256 a5f148a406a891cfe40078626e39a6aa7bf5ae466ab3531901da32daf869fd28
ssdeep
12288:CCnikjU+MxOBx+jSoG3sB47UAw6kr37TyQeXTuPYf7dOrdPFVTT8mIcjdV3Nh5Gc:zikjU+vl3sKVIk9dOhtVpIcjn/4FRY

authentihash b2301ea748dc7c4de1a96ef83d60b0b2c64c64def659731d572fa4d5b0905ccd
imphash 58a7c198fe4a041ab79f2c62bdf4f877
File size 1.0 MB ( 1073152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-07-18 04:15:01 UTC ( 1 year, 7 months ago )
Last submission 2017-08-25 16:23:37 UTC ( 1 year, 5 months ago )
File names cj cj.exe
a5f148a406a891cfe40078626e39a6aa7bf5ae466ab3531901da32daf869fd28.bin.exe
bank detailes copy.xls.exe
Unevaporate
bank detailes copy.xls.exe
Unevaporate.exe
bank detailes copy.xls.exe
a5f148a406a891cfe40078626e39a6aa7bf5ae46.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications