× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a7e516879b79b5fdc7c7e8945f5ff9e66b30f39a0924707d802900bc06ac5215
File name: 2f28b0d5631c90d232168fc9a7de62dd
Detection ratio: 5 / 68
Analysis date: 2018-09-10 10:53:44 UTC ( 8 months, 1 week ago ) View latest
Antivirus Result Update
Cylance Unsafe 20180910
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
Microsoft Trojan:Win32/Fuery.B!cl 20180910
Qihoo-360 HEUR/QVM03.0.C567.Malware.Gen 20180910
Ad-Aware 20180910
AegisLab 20180910
AhnLab-V3 20180910
Alibaba 20180713
ALYac 20180910
Antiy-AVL 20180910
Arcabit 20180910
Avast 20180910
Avast-Mobile 20180910
AVG 20180910
Avira (no cloud) 20180910
AVware 20180910
Babable 20180907
Baidu 20180910
BitDefender 20180910
Bkav 20180906
CAT-QuickHeal 20180909
ClamAV 20180910
CMC 20180910
Comodo 20180910
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cyren 20180910
DrWeb 20180910
eGambit 20180910
Emsisoft 20180910
ESET-NOD32 20180910
F-Prot 20180910
F-Secure 20180910
Fortinet 20180910
GData 20180910
Ikarus 20180910
Jiangmin 20180910
K7AntiVirus 20180910
K7GW 20180910
Kaspersky 20180910
Kingsoft 20180910
Malwarebytes 20180910
MAX 20180910
McAfee 20180910
McAfee-GW-Edition 20180910
eScan 20180910
NANO-Antivirus 20180910
Palo Alto Networks (Known Signatures) 20180910
Panda 20180909
Rising 20180910
SentinelOne (Static ML) 20180830
Sophos AV 20180910
SUPERAntiSpyware 20180907
Symantec 20180910
Symantec Mobile Insight 20180905
TACHYON 20180910
Tencent 20180910
TheHacker 20180907
TotalDefense 20180910
TrendMicro 20180910
TrendMicro-HouseCall 20180910
Trustlook 20180910
VBA32 20180907
VIPRE 20180910
ViRobot 20180910
Webroot 20180910
Yandex 20180908
Zillya 20180908
ZoneAlarm by Check Point 20180910
Zoner 20180910
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product asuS
Original name Equilibrium1.exe
Internal name Equilibrium1
File version 2.05
Comments STELLAR Atd
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 6:31 PM 2/18/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-02-21 09:15:00
Entry Point 0x0000187C
Number of sections 3
PE sections
Overlays
MD5 8ae8ee7a0dc2d99da13256da304bc2a6
File type data
Offset 548864
Size 4584
Entropy 7.57
PE imports
_adj_fdivr_m64
Ord(546)
_allmul
Ord(527)
_adj_fprem
Ord(678)
__vbaLenVarB
__vbaRecDestruct
_adj_fdiv_r
__vbaUI1I2
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
_CIlog
_adj_fptan
__vbaI4Var
__vbaFreeStr
__vbaAryDestruct
__vbaFPFix
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
__vbaLenBstr
Ord(525)
Ord(617)
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
Ord(540)
__vbaFreeVar
__vbaLbound
Ord(526)
__vbaInStrVar
EVENT_SINK_Release
Ord(610)
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaChkstk
Ord(523)
__vbaLsetFixstr
Ord(661)
__vbaFreeObjList
__vbaFreeVarList
__vbaStrVarMove
Ord(618)
Ord(542)
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
__vbaVarIdiv
_CIcos
Ord(713)
__vbaDateVar
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaStrComp
__vbaStrMove
_adj_fprem1
Ord(698)
_adj_fdiv_m32
__vbaEnd
Ord(685)
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrCopy
Ord(645)
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_m64
Ord(544)
_CIsin
_CIsqrt
Ord(612)
_CIatan
__vbaFpR8
__vbaObjSet
__vbaVarCat
_CIexp
__vbaStrToAnsi
_CItan
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
524288

SubsystemVersion
4.0

Comments
STELLAR Atd

InitializedDataSize
24576

ImageVersion
2.5

FileSubtype
0

FileVersionNumber
2.5.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x187c

OriginalFileName
Equilibrium1.exe

MIMEType
application/octet-stream

FileVersion
2.05

TimeStamp
2005:02:21 10:15:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Equilibrium1

ProductVersion
2.05

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
The pIDGIN DEVELOper COMMUNity

LegalTrademarks
BLUESTACk SYSTEMS Ync.

ProductName
asuS

ProductVersionNumber
2.5.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2f28b0d5631c90d232168fc9a7de62dd
SHA1 1c2983c525c80a46802f74bc46665f73f9e6cbda
SHA256 a7e516879b79b5fdc7c7e8945f5ff9e66b30f39a0924707d802900bc06ac5215
ssdeep
12288:5EzgrIbKwnl+ur/3ulogonGAuJU0cIOFQGCyX4SXo6q3/W5V4ccKqxI7Sc5A/x4X:ogrIbKYrr/zjiRyI/Sqxj+/Xu2YMZcYz

authentihash 54185bdb4cf8de793456ec5e1c63730375b8882e8e8a1c3ca38a01d6e8ac4f78
imphash a6ee7d554332641674601ebfbed9a7fa
File size 540.5 KB ( 553448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-09-10 10:53:44 UTC ( 8 months, 1 week ago )
Last submission 2018-09-10 10:53:44 UTC ( 8 months, 1 week ago )
File names Equilibrium1
Equilibrium1.exe
2f28b0d5631c90d232168fc9a7de62dd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.