× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a69070fc391ee96c86a4aa8a79d28834299f0d6fb6d1bfb30e644c23faf237f2
File name: gywapx.exe
Detection ratio: 13 / 72
Analysis date: 2018-12-24 07:49:34 UTC ( 3 months, 4 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20181222
AegisLab Trojan.Win32.Generic.4!c 20181224
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181022
Cyren W32/Fuerboos.D.gen!Eldorado 20181224
Endgame malicious (high confidence) 20181108
F-Prot W32/Fuerboos.D.gen!Eldorado 20181224
GData Win32.Trojan.Injector.5DY3EM 20181224
Ikarus Win32.Outbreak 20181224
Sophos ML heuristic 20181128
Palo Alto Networks (Known Signatures) generic.ml 20181224
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181224
Symantec ML.Attribute.HighConfidence 20181224
Trapmine malicious.moderate.ml.score 20181205
Ad-Aware 20181224
AhnLab-V3 20181223
Alibaba 20180921
ALYac 20181224
Antiy-AVL 20181223
Arcabit 20181224
Avast 20181224
Avast-Mobile 20181223
AVG 20181224
Avira (no cloud) 20181223
AVware 20180925
Babable 20180918
Baidu 20181207
BitDefender 20181224
Bkav 20181221
CAT-QuickHeal 20181223
ClamAV 20181224
CMC 20181223
Comodo 20181223
Cybereason 20180225
Cylance 20181224
DrWeb 20181224
eGambit 20181224
Emsisoft 20181224
ESET-NOD32 20181224
F-Secure 20181224
Fortinet 20181224
Jiangmin 20181224
K7AntiVirus 20181224
K7GW 20181224
Kaspersky 20181224
Kingsoft 20181224
Malwarebytes 20181224
MAX 20181224
McAfee 20181224
McAfee-GW-Edition 20181224
Microsoft 20181224
eScan 20181224
NANO-Antivirus 20181224
Panda 20181223
Qihoo-360 20181224
SentinelOne (Static ML) 20181223
Sophos AV 20181224
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181224
Tencent 20181224
TheHacker 20181220
TotalDefense 20181223
TrendMicro 20181224
TrendMicro-HouseCall 20181224
Trustlook 20181224
VBA32 20181222
VIPRE 20181223
ViRobot 20181223
Webroot 20181224
Yandex 20181223
Zillya 20181222
ZoneAlarm by Check Point 20181224
Zoner 20181224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Wantages

Product Maritorious7
Original name Suzerainty.exe
Internal name Suzerainty
File version 4.05.0008
Description arapaho7
Comments COOPERY
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 5:45 AM 2/15/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-08-09 12:41:43
Entry Point 0x000016B0
Number of sections 3
PE sections
Overlays
MD5 7148ffbc04385871db33e467b9fa953b
File type data
Offset 1015808
Size 5912
Entropy 7.50
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaPrintObj
_CIcos
__vbaStrCmp
_allmul
_adj_fdivr_m64
Ord(527)
_adj_fprem
__vbaLenBstr
Ord(685)
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
__vbaStrToUnicode
__vbaCyI4
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
__vbaRedim
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
EVENT_SINK_Release
Ord(618)
_adj_fdiv_r
Ord(100)
__vbaVarAdd
__vbaFpCmpCy
__vbaFreeVar
__vbaFreeStr
__vbaObjSetAddref
_CItan
__vbaFileOpen
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaStrVarVal
__vbaInStrVarB
Ord(616)
__vbaVarTstEq
_adj_fptan
__vbaI2Var
__vbaVarDup
__vbaObjSet
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaOnError
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaVarCopy
__vbaFreeStrList
Ord(598)
Ord(698)
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 7
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
995328

SubsystemVersion
4.0

Comments
COOPERY

LinkerVersion
6.0

ImageVersion
4.5

FileSubtype
0

FileVersionNumber
4.5.0.8

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
arapaho7

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x16b0

OriginalFileName
Suzerainty.exe

MIMEType
application/octet-stream

LegalCopyright
Wantages

FileVersion
4.05.0008

TimeStamp
2001:08:09 14:41:43+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Suzerainty

ProductVersion
4.05.0008

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
belzebuth3

LegalTrademarks
Articling9

ProductName
Maritorious7

ProductVersionNumber
4.5.0.8

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 a52bf3601e634d34e081cf42f0738d47
SHA1 281b52d1c2dbad40d59ee814666101a42ec97e6e
SHA256 a69070fc391ee96c86a4aa8a79d28834299f0d6fb6d1bfb30e644c23faf237f2
ssdeep
12288:VbGbji8EfF5FQbQ/hGEWI2+FAYK9LtbZofwg5+kUNUb9:FSm37ObQGo2HYK9tbyfwgwkUe9

authentihash a40446826a1e327091035cea85c80df23b85389ef141eb74afa7d558a234fb39
imphash cce9f294d27fb674fdd2018049ddd537
File size 997.8 KB ( 1021720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-23 21:25:42 UTC ( 4 months ago )
Last submission 2018-12-26 01:06:01 UTC ( 3 months, 4 weeks ago )
File names gywapx.exe
Suzerainty.exe
bxity.exe
output.114779827.txt
gywapx.exe
Suzerainty
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.