× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af5962368acc08ebbaa1918dbedc99e3dd7e52e7a21a63c5b2630ccaec4b0881
File name: 777.exe
Detection ratio: 12 / 54
Analysis date: 2017-01-18 11:20:10 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20170118
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9990 20170118
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024
Fortinet W32/Injector.DJXW!tr 20170118
Sophos ML virtool.win32.vbinject.wx 20170111
Jiangmin Backdoor.Androm.nbi 20170118
Kaspersky UDS:DangerousObject.Multi.Generic 20170118
Malwarebytes Trojan.Kovter 20170118
McAfee Artemis!B154F0C6EFC3 20170118
McAfee-GW-Edition BehavesLike.Win32.Trojan.dc 20170118
Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20170118
Symantec ML.Attribute.VeryHighConfidence [Heur.AdvML.B] 20170117
Ad-Aware 20170118
AhnLab-V3 20170118
Alibaba 20170118
ALYac 20170118
Antiy-AVL 20170118
Arcabit 20170118
Avast 20170118
AVG 20170118
Avira (no cloud) 20170118
AVware 20170118
BitDefender 20170118
CAT-QuickHeal 20170118
ClamAV 20170118
CMC 20170118
Comodo 20170118
Cyren 20170118
DrWeb 20170118
Emsisoft 20170118
ESET-NOD32 20170118
F-Prot 20170118
F-Secure 20170118
GData 20170118
Ikarus 20170118
K7AntiVirus 20170118
K7GW 20170118
Kingsoft 20170118
Microsoft 20170118
eScan 20170118
NANO-Antivirus 20170117
nProtect 20170118
Panda 20170117
Rising 20170118
Sophos AV 20170118
SUPERAntiSpyware 20170118
Tencent 20170118
TheHacker 20170117
TrendMicro 20170118
Trustlook 20170118
VBA32 20170117
VIPRE 20170118
ViRobot 20170118
WhiteArmor 20170117
Yandex 20170117
Zillya 20170117
Zoner 20170118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Codertin
Original name Fn1cFTCPu8H.exe
Internal name Fn1cFTCPu8H
File version 1.00.0255
Description Read about the many meanings of this term.
Comments Read about the many meanings of this term.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-18 10:20:07
Entry Point 0x000010EC
Number of sections 3
PE sections
Overlays
MD5 65af137dbc06cdb26473890bbeefd5ae
File type data
Offset 131072
Size 118795
Entropy 8.00
PE imports
EVENT_SINK_QueryInterface
Ord(645)
Ord(537)
Ord(648)
Ord(616)
Ord(525)
EVENT_SINK_AddRef
Ord(300)
Ord(717)
Ord(600)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(599)
Ord(608)
Ord(100)
Ord(711)
Ord(690)
EVENT_SINK_Release
Ord(595)
Ord(716)
Ord(306)
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
118784

FileDescription
Read about the many meanings of this term.

Comments
Read about the many meanings of this term.

InitializedDataSize
36864

ImageVersion
1.0

ProductName
Codertin

FileVersionNumber
1.0.0.255

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Fn1cFTCPu8H.exe

MIMEType
application/octet-stream

FileVersion
1.00.0255

TimeStamp
2017:01:18 11:20:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Fn1cFTCPu8H

SubsystemVersion
4.0

ProductVersion
1.00.0255

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
FLASH ead about the many meanings of this term.

LegalTrademarks
Read about the many meanings of this term.

FileSubtype
0

ProductVersionNumber
1.0.0.255

EntryPoint
0x10ec

ObjectFileType
Executable application

File identification
MD5 b154f0c6efc3103850535b9ed9444dd1
SHA1 a8ab3a6a3877e3f6f2a0c48a19723857627f87f4
SHA256 af5962368acc08ebbaa1918dbedc99e3dd7e52e7a21a63c5b2630ccaec4b0881
ssdeep
6144:sLV4qRT5lqRT5NqRT5LpMfMgLM6EC1ThtUKRJvjY2gXoLmdXJ:M+qRT5lqRT5NqRT5tMfMIThtxJjxLmd5

authentihash dca3395278686ec55a4bfd27f56740dcb10ac530e632ec39e827d070c3a042a6
imphash cb7ed9b7e1981cd3035fc3911cdb910f
File size 244.0 KB ( 249867 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-01-18 11:09:13 UTC ( 2 years, 3 months ago )
Last submission 2017-06-11 00:36:05 UTC ( 1 year, 10 months ago )
File names 777.exe
Fn1cFTCPu8H
Fn1cFTCPu8H.exe
af5962368acc08ebbaa1918dbedc99e3dd7e52e7a21a63c5b2630ccaec4b0881
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications