× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ae80cbf6024f11e0aee00932a057c411c2342deac931ada67b0ff0f6c619ff92
File name: 44783M8UH77G8L8_NKUBYHU5VFXXBH878XO6HLTTKPPZF28TSDU5KWPPK_11C1JL.EXE
Detection ratio: 47 / 68
Analysis date: 2018-08-29 00:17:43 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40415176 20180829
AhnLab-V3 Malware/Win32.Generic.C2676018 20180828
ALYac Trojan.GenericKD.40415176 20180828
Antiy-AVL Trojan[Banker]/Win32.Trickster 20180829
Arcabit Trojan.Generic.D268AFC8 20180828
Avast Win32:Malware-gen 20180828
AVG Win32:Malware-gen 20180828
AVware Trojan.Win32.Generic!BT 20180823
BitDefender Trojan.GenericKD.40415176 20180828
CAT-QuickHeal Trojan.Meretam 20180828
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cybereason malicious.def5f3 20180225
Cylance Unsafe 20180829
Cyren W32/Trojan.ZMGR-5194 20180828
DrWeb Trojan.Packed.140 20180828
Emsisoft Trojan.GenericKD.40415176 (B) 20180828
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CISB 20180828
F-Secure Trojan.GenericKD.40415176 20180829
Fortinet Malicious_Behavior.SB 20180828
GData Trojan.GenericKD.40415176 20180828
Ikarus Backdoor.Win32.Bifrose 20180828
Jiangmin Trojan.Banker.Trickster.al 20180829
K7AntiVirus Trojan ( 0053add81 ) 20180828
K7GW Trojan ( 0053add81 ) 20180828
Kaspersky Trojan-Banker.Win32.Trickster.go 20180829
Malwarebytes Trojan.TrickBot 20180828
McAfee Artemis!4F33F219FEB6 20180828
McAfee-GW-Edition BehavesLike.Win32.Dropper.gc 20180828
Microsoft Trojan:Win32/MereTam.A 20180828
eScan Trojan.GenericKD.40415176 20180828
Palo Alto Networks (Known Signatures) generic.ml 20180829
Panda Trj/GdSda.A 20180828
Qihoo-360 Win32/Trojan.e9f 20180829
Rising Trojan.MereTam!8.E4CE (CLOUD) 20180828
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/Trickbo-EV 20180828
Symantec Hacktool.Rootkit 20180829
Tencent Win32.Trojan-banker.Trickster.Pepv 20180829
TrendMicro TROJ_GEN.R03FC0DHL18 20180828
TrendMicro-HouseCall TROJ_GEN.R03FC0DHL18 20180828
VBA32 TrojanBanker.Trickster 20180828
VIPRE Trojan.Win32.Generic!BT 20180828
ViRobot Trojan.Win32.Z.Agent.479232.AJL 20180828
Webroot Trojan.Spy.Trickbot 20180829
Zillya Trojan.GenericKD.Win32.163260 20180828
ZoneAlarm by Check Point Trojan-Banker.Win32.Trickster.go 20180828
AegisLab 20180828
Alibaba 20180713
Avast-Mobile 20180828
Avira (no cloud) 20180829
Babable 20180822
Baidu 20180828
Bkav 20180828
ClamAV 20180828
CMC 20180828
Comodo 20180828
eGambit 20180829
F-Prot 20180828
Sophos ML 20180717
Kingsoft 20180829
MAX 20180829
NANO-Antivirus 20180828
SUPERAntiSpyware 20180828
Symantec Mobile Insight 20180822
TACHYON 20180828
TheHacker 20180824
TotalDefense 20180828
Trustlook 20180829
Yandex 20180827
Zoner 20180828
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product VZLOMATOR
Original name MineS.exe
Internal name MineS
File version 1.00.0028
Description Pio Sukajad Pudding Bandung
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-20 12:49:54
Entry Point 0x00002CC8
Number of sections 3
PE sections
PE imports
GetLastError
HeapFree
GetModuleFileNameW
WaitForSingleObject
HeapAlloc
VirtualProtect
lstrlenW
GetCurrentProcess
SizeofResource
GetUserDefaultLCID
LockResource
GetCommandLineW
GetStartupInfoW
CreateDirectoryW
GetProcAddress
GetProcessHeap
lstrcpynW
WideCharToMultiByte
WriteFile
CloseHandle
HeapReAlloc
GetModuleHandleW
LoadResource
FindResourceW
CreateFileW
VirtualFree
RtlMoveMemory
VirtualAlloc
_adj_fdiv_m32
__vbaChkstk
DllFunctionCall
EVENT_SINK_Release
__vbaGenerateBoundsError
_allmul
_adj_fdivr_m64
_adj_fprem
__vbaVarDiv
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarVargNofree
_adj_fdiv_m32i
__vbaStrCopy
Ord(583)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaStrCmp
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_r
Ord(100)
__vbaFreeVar
Ord(520)
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
Ord(585)
__vbaVarMul
_CIcos
EVENT_SINK_QueryInterface
_adj_fptan
__vbaVarSub
__vbaFreeStrList
__vbaR8Var
Ord(528)
__vbaVarMove
__vbaFPInt
_CIatan
Ord(617)
_adj_fdivr_m32i
_CItan
_CIexp
__vbaStrMove
__vbaStrR8
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFpR8
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
ZwUnmapViewOfSection
SysStringLen
SysAllocStringLen
SysAllocString
SysReAllocString
SysFreeString
SysAllocStringByteLen
ShellExecuteExW
PathFindNextComponentW
PathRemoveFileSpecW
PathIsDirectoryW
IntlStrEqWorkerW
InvertRect
LoadStringW
MessageBoxW
Number of PE resources by type
RT_ICON 9
RT_STRING 7
RT_RCDATA 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
RUSSIAN 7
NEUTRAL DEFAULT 1
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.28

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Pio Sukajad Pudding Bandung

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
286720

EntryPoint
0x2cc8

OriginalFileName
MineS.exe

MIMEType
application/octet-stream

FileVersion
1.00.0028

TimeStamp
2018:08:20 05:49:54-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
MineS

ProductVersion
1.00.0028

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Just P.I.O

CodeSize
188416

ProductName
VZLOMATOR

ProductVersionNumber
1.0.0.28

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 4f33f219feb6393164971e50e97ef9fd
SHA1 12c3eeddef5f343dc1c8d5b953453938aa193788
SHA256 ae80cbf6024f11e0aee00932a057c411c2342deac931ada67b0ff0f6c619ff92
ssdeep
6144:sQaW1r+M06wYTQe4cppZoowLsMmX98aEqlGVeZ9I7V9qcZHkGHD/HQtG7fDaNFiw:srmYIgOivkGrLDiF6Dyr+s

authentihash ac6e12099ad4f81958019346c63313df96117d586e6a350c77e07f80083c3c7e
imphash 3e8dcced34eda3af8fbf028e683120e2
File size 468.0 KB ( 479232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-20 14:02:01 UTC ( 6 months ago )
Last submission 2018-08-21 13:37:16 UTC ( 5 months, 4 weeks ago )
File names <SAMPLE.EXE>
rj5b17vl0zmw9ehykd9emfr5zvof96mfndb5cfxs88ao1g_qqb13q12jdwc8tr7j.exe
MineS.exe
44783m8uh77g8l8_nkubyhu5vfxxbh878xo6hlttkppzf28tsdu5kwppk_11c1jl.exe
MineS
table.png
44783M8UH77G8L8_NKUBYHU5VFXXBH878XO6HLTTKPPZF28TSDU5KWPPK_11C1JL.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections