× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b0dce545bb2632bc6256d8377a72ee57d13d0ab7b4260e8544facb85294fdbc0
File name: out
Detection ratio: 44 / 66
Analysis date: 2018-05-02 06:02:04 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.77256 20180502
AhnLab-V3 Trojan/Win32.Cryptos.C2084972 20180502
ALYac Gen:Variant.Symmi.77256 20180502
Arcabit Trojan.Symmi.D12DC8 20180502
Avast Win32:Malware-gen 20180502
AVG Win32:Malware-gen 20180502
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9983 20180502
BitDefender Gen:Variant.Symmi.77256 20180502
Bkav W32.CloundnetPS.Trojan 20180426
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180502
Cyren W32/S-7cb6aed1!Eldorado 20180502
DrWeb Trojan.Proxy2.1312 20180502
Emsisoft Gen:Variant.Symmi.77256 (B) 20180502
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Glupteba.AY 20180502
F-Prot W32/S-7cb6aed1!Eldorado 20180502
F-Secure Gen:Variant.Symmi.77256 20180502
Fortinet W32/Generic.AP.128842!tr 20180502
GData Gen:Variant.Symmi.77256 20180502
Ikarus Trojan.Win32.Glupteba 20180501
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 005115a11 ) 20180502
K7GW Trojan ( 005115a11 ) 20180502
Kaspersky HEUR:Trojan-Proxy.Win32.Glupteba.gen 20180502
Malwarebytes Trojan.BitCoinMiner 20180502
MAX malware (ai score=86) 20180502
McAfee GenericRXCI-JU!79ACF245BCB4 20180502
McAfee-GW-Edition BehavesLike.Win32.Generic.jc 20180502
Microsoft Trojan:Win32/Tiggre!rfn 20180502
eScan Gen:Variant.Symmi.77256 20180502
NANO-Antivirus Trojan.Win32.Glupteba.fazeno 20180502
Palo Alto Networks (Known Signatures) generic.ml 20180502
Panda Trj/CI.A 20180501
Qihoo-360 Win32/Trojan.Proxy.6bb 20180502
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/Glupteba-M 20180502
SUPERAntiSpyware Hack.Tool/Gen-BitCoinMiner 20180502
Symantec Trojan.Gen.2 20180502
Tencent Win32.Trojan-proxy.Glupteba.Ajvw 20180502
TrendMicro-HouseCall TROJ_GEN.R020C0DE218 20180502
VBA32 Trojan.SmearPasse 20180428
Webroot W32.Trojan.Gen 20180502
ZoneAlarm by Check Point HEUR:Trojan-Proxy.Win32.Glupteba.gen 20180502
AegisLab 20180502
Alibaba 20180502
Antiy-AVL 20180502
Avast-Mobile 20180502
Avira (no cloud) 20180501
AVware 20180428
CAT-QuickHeal 20180502
ClamAV 20180502
CMC 20180501
Comodo 20180502
Cybereason None
eGambit 20180502
Jiangmin 20180502
Kingsoft 20180502
nProtect 20180502
Rising 20180502
Symantec Mobile Insight 20180501
TheHacker 20180430
TotalDefense 20180502
TrendMicro 20180502
Trustlook 20180502
VIPRE 20180502
ViRobot 20180502
Yandex 20180428
Zillya 20180430
Zoner 20180501
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2017

Product EpicNet Cloud Office
Original name cloudnet.exe
Internal name cloudnet.exe
File version 7.2.1.1
Description Cloud Net
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-02 00:00:41
Entry Point 0x000250D0
Number of sections 6
PE sections
PE imports
RegCreateKeyExW
GetTokenInformation
RegDeleteValueW
CryptReleaseContext
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteTreeW
CryptGenRandom
RegOpenKeyExW
CryptAcquireContextW
RegQueryValueExW
GetStdHandle
InterlockedPopEntrySList
WaitForSingleObject
EncodePointer
CreateTimerQueue
QueueUserAPC
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
SetThreadAffinityMask
GetThreadTimes
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
GetThreadPriority
FreeLibraryAndExitThread
CreateEventW
FindClose
TlsGetValue
FormatMessageA
SignalObjectAndWait
GetEnvironmentVariableW
SetLastError
DeviceIoControl
InitializeCriticalSection
CopyFileW
RemoveDirectoryW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
ReadConsoleInputW
GetFileAttributesW
VerSetConditionMask
SetThreadPriority
AllocConsole
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
SetFilePointerEx
DeleteTimerQueueTimer
CreateMutexA
RegisterWaitForSingleObject
CreateThread
MoveFileExW
InterlockedFlushSList
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
ChangeTimerQueueTimer
ReadConsoleW
SetWaitableTimer
GetProcAddress
SleepEx
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
SetConsoleTextAttribute
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
FreeLibrary
GetWindowsDirectoryW
GetDateFormatW
CreateTimerQueueTimer
GetStartupInfoW
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
GetTempFileNameW
QueryDepthSList
GetTimeFormatW
GetModuleFileNameW
FindNextFileW
GetCurrentThreadId
ResetEvent
FreeConsole
IsValidLocale
DuplicateHandle
FindFirstFileExW
GetUserDefaultLCID
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
lstrcmp
LeaveCriticalSection
GetNativeSystemInfo
GetLastError
InterlockedPushEntrySList
LCMapStringW
GetConsoleCP
UnregisterWaitEx
CompareStringW
GetEnvironmentStringsW
WaitForSingleObjectEx
lstrlenW
VirtualFree
GetQueuedCompletionStatus
SwitchToThread
UnregisterWait
GetCurrentProcessId
CreateIoCompletionPort
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
GetTickCount64
RaiseException
ReleaseSemaphore
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLogicalProcessorInformation
GetNumaHighestNodeNumber
IsValidCodePage
OpenEventW
PostQueuedCompletionStatus
CreateProcessW
Sleep
VirtualAlloc
NetWkstaGetInfo
NetApiBufferFree
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathAndSubDirW
StrCpyNW
InternetCheckConnectionW
getaddrinfo
htonl
WSARecv
WSACreateEvent
WSAStartup
freeaddrinfo
connect
shutdown
htons
select
getsockopt
WSACloseEvent
ntohl
WSASend
ioctlsocket
WSAGetLastError
WSAEventSelect
WSASetLastError
WSACleanup
closesocket
setsockopt
WSASocketW
CoInitializeEx
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
StringFromGUID2
Number of PE resources by type
RT_ICON 4
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 7
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.0

LinkerVersion
14.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.2.1.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
172032

EntryPoint
0x250d0

OriginalFileName
cloudnet.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
7.2.1.1

TimeStamp
2018:05:02 01:00:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cloudnet.exe

ProductVersion
7.2.1.1

FileDescription
Cloud Net

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
EpicNet Inc.

CodeSize
515584

ProductName
EpicNet Cloud Office

ProductVersionNumber
7.2.1.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 79acf245bcb438e88560b5fa5b2a4a8d
SHA1 ed5cfaafcb57682805747806789513153628ac14
SHA256 b0dce545bb2632bc6256d8377a72ee57d13d0ab7b4260e8544facb85294fdbc0
ssdeep
12288:Svo/9q/TimyE3QeL9QkHmc4XBYrHexBCQgRH3OsQv3gJwdX:3VWQIW0exZq3OsQv34w5

authentihash 0bb723d563f7980059cef4072c6c427e90faf7bd456cc738fad8d8f391e2be5a
imphash 054c63bf911413ee56613b2c4ef635b3
File size 665.0 KB ( 680960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-02 00:45:27 UTC ( 9 months, 2 weeks ago )
Last submission 2018-05-24 12:36:45 UTC ( 8 months, 4 weeks ago )
File names cloudnet.exe
cloudnet.exe
cloudnet.exe
9566e4b3b416d7553c531866db0ef99516081ae8
cloudnet.exe
cloudnet.exe
cloudnet.exe
out
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!