× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b14fc48f3c0d4c2d195c376ee3a27318cf36811d131a8da212036ab02b1bdc57
File name: INVOICE CONFIRMATION.com
Detection ratio: 14 / 64
Analysis date: 2017-09-19 14:29:06 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170804
Cylance Unsafe 20170919
Endgame malicious (high confidence) 20170821
Fortinet W32/FareitVB.M!tr.bdr 20170919
Ikarus Win32.SuspectCrc 20170919
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20170919
Palo Alto Networks (Known Signatures) generic.ml 20170919
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/FareitVB-M 20170919
Symantec ML.Attribute.HighConfidence 20170919
TrendMicro BKDR_TOFSEE.SMF 20170919
TrendMicro-HouseCall BKDR_TOFSEE.SMF 20170919
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170919
Ad-Aware 20170919
AegisLab 20170919
AhnLab-V3 20170919
Alibaba 20170911
ALYac 20170919
Antiy-AVL 20170919
Arcabit 20170919
Avast 20170919
Avast-Mobile 20170829
AVG 20170919
Avira (no cloud) 20170919
AVware 20170919
Baidu 20170919
BitDefender 20170919
CAT-QuickHeal 20170919
ClamAV 20170919
CMC 20170919
Comodo 20170918
Cyren 20170919
DrWeb 20170919
Emsisoft 20170919
ESET-NOD32 20170919
F-Prot 20170919
F-Secure 20170919
GData 20170919
Jiangmin 20170919
K7AntiVirus 20170919
K7GW 20170919
Kingsoft 20170919
Malwarebytes 20170919
MAX 20170919
McAfee 20170919
McAfee-GW-Edition 20170919
Microsoft 20170919
eScan 20170919
NANO-Antivirus 20170919
nProtect 20170919
Panda 20170919
Rising 20170919
SUPERAntiSpyware 20170919
Symantec Mobile Insight 20170917
Tencent 20170919
TheHacker 20170916
TotalDefense 20170919
Trustlook 20170919
VBA32 20170919
VIPRE 20170919
ViRobot 20170919
Webroot 20170919
WhiteArmor 20170829
Yandex 20170908
Zillya 20170919
Zoner 20170919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Viaseft

Product Uha masir lrojact
Original name Filipinize8.exe
Internal name Filipinize8
File version 2.06
Description Xevabersofa Gls
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-19 07:14:57
Entry Point 0x0000124C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaStrCmp
__vbaInStrB
_allmul
_adj_fdivr_m64
_adj_fprem
__vbaFreeObjList
_adj_fpatan
EVENT_SINK_AddRef
Ord(547)
__vbaRedimPreserve
Ord(629)
_adj_fdiv_m32i
Ord(612)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaVarSetObjAddref
__vbaFreeVar
__vbaFreeStr
__vbaR4Str
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
Ord(585)
_CIcos
EVENT_SINK_QueryInterface
_adj_fptan
_CItan
__vbaI4Var
Ord(538)
__vbaVarDiv
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
_adj_fdivr_m32i
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaFreeStrList
Ord(698)
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 5
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
NEUTRAL DEFAULT 1
PE resources
ExifTool file metadata
LegalTrademarks
Http://WwW.vogataccoy.aa

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
2.6

FileSubtype
0

FileVersionNumber
2.6.0.0

LanguageCode
Process default

FileFlagsMask
0x0000

FileDescription
Xevabersofa Gls

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x124c

OriginalFileName
Filipinize8.exe

MIMEType
application/octet-stream

LegalCopyright
Viaseft

FileVersion
2.06

TimeStamp
2017:09:19 08:14:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Filipinize8

ProductVersion
2.06

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Ryia

CodeSize
4595712

ProductName
Uha masir lrojact

ProductVersionNumber
2.6.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 efb44959275b33d13b84b252914ed069
SHA1 cfb975f44ec0e2e87424b4941be409c34d511134
SHA256 b14fc48f3c0d4c2d195c376ee3a27318cf36811d131a8da212036ab02b1bdc57
ssdeep
3072:iXWwbkyPgaQH/5x1cE4IPpSbA2OxIWVHu2eYynBx8rpQ9qo3b:iO0OHxNUkOWNuJYynBx8r

authentihash 5b0b6c2daea1f997937e66de94f612a060a2d56c8e10f7b6ead629ca1ae28a46
imphash 637f82c00b1095888d3b5760c7ebd12a
File size 4.4 MB ( 4616192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-19 14:29:06 UTC ( 1 year, 7 months ago )
Last submission 2017-09-20 01:52:46 UTC ( 1 year, 7 months ago )
File names Filipinize8.exe
INVOICE CONFIRMATION.com
Filipinize8
INVOICE CONFIRMATION.com
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications