× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b2ce48c126c5c445f19b42302faa27392fa85c6e5d629471d4a4acad3a71a123
File name: Clover
Detection ratio: 13 / 68
Analysis date: 2018-07-19 13:18:42 UTC ( 6 months ago )
Antivirus Result Update
AVware Trojan.Win32.Generic!BT 20180719
Bkav W32.eHeur.Malware11 20180719
CAT-QuickHeal Trojan.IGENERIC 20180719
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Softcnapp.J potentially unwanted 20180719
Fortinet Riskware/Softcnapp 20180719
Ikarus PUA.Softcnapp 20180719
K7AntiVirus Adware ( 004e10411 ) 20180719
K7GW Adware ( 004e10411 ) 20180719
MAX malware (ai score=99) 20180719
VBA32 BScope.Adware.AdAnti 20180719
VIPRE Trojan.Win32.Generic!BT 20180719
Webroot W32.Gen.Bt 20180719
Ad-Aware 20180719
AegisLab 20180719
AhnLab-V3 20180719
Alibaba 20180713
ALYac 20180719
Antiy-AVL 20180719
Arcabit 20180719
Avast 20180719
Avast-Mobile 20180719
AVG 20180719
Avira (no cloud) 20180719
Babable 20180406
Baidu 20180717
BitDefender 20180719
ClamAV 20180719
CMC 20180719
Comodo 20180719
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180719
Cyren 20180719
DrWeb 20180719
eGambit 20180719
Emsisoft 20180719
F-Prot 20180719
F-Secure 20180719
GData 20180719
Sophos ML 20180717
Jiangmin 20180719
Kaspersky 20180719
Kingsoft 20180719
Malwarebytes 20180719
McAfee 20180719
McAfee-GW-Edition 20180719
Microsoft 20180719
eScan 20180719
NANO-Antivirus 20180719
Palo Alto Networks (Known Signatures) 20180719
Panda 20180719
Qihoo-360 20180719
Rising 20180719
SentinelOne (Static ML) 20180701
Sophos AV 20180719
SUPERAntiSpyware 20180719
Symantec 20180719
TACHYON 20180719
Tencent 20180719
TheHacker 20180719
TotalDefense 20180719
TrendMicro 20180719
TrendMicro-HouseCall 20180719
Trustlook 20180719
ViRobot 20180719
Yandex 20180717
Zillya 20180718
ZoneAlarm by Check Point 20180719
Zoner 20180719
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2016

Product Clover
Original name Clover.exe
Internal name Clover
File version 3.1.2.08091
Description Clover
Packers identified
F-PROT UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-11 13:06:00
Entry Point 0x00041208
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
GetSecurityDescriptorControl
GetAce
InitializeAcl
RegEnumKeyW
RegDeleteKeyW
GetAclInformation
RegQueryValueExW
SetSecurityDescriptorDacl
GetFileSecurityW
AddAccessAllowedAce
RegOpenKeyExW
SetFileSecurityW
RegOpenKeyW
LookupAccountNameW
EqualSid
RegQueryInfoKeyW
GetSecurityDescriptorDacl
RegEnumKeyExW
GetLengthSid
RegDeleteValueW
RegSetValueExW
InitializeSecurityDescriptor
RegEnumValueA
AddAce
Ord(17)
_TrackMouseEvent
GetCharABCWidthsW
GetTextMetricsW
SetMapMode
TextOutW
CreateFontIndirectW
GetClipBox
GetTextExtentPoint32W
SaveDC
RoundRect
ExtSelectClipRgn
CreateRectRgnIndirect
PtVisible
SetStretchBltMode
CombineRgn
Rectangle
GetObjectA
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
CreateSolidBrush
DeleteObject
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
GetDeviceCaps
RectVisible
ExtTextOutW
CreateBitmap
MoveToEx
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
LineTo
GdiFlush
CreateRoundRectRgn
SelectClipRgn
CreateCompatibleDC
StretchBlt
ScaleViewportExtEx
CreatePen
SelectObject
SetWindowExtEx
SetWindowOrgEx
Escape
SetBkColor
SetViewportExtEx
CreateCompatibleBitmap
CreatePenIndirect
ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
DuplicateHandle
VerifyVersionInfoW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
UnhandledExceptionFilter
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
SetLastError
PeekNamedPipe
DeviceIoControl
TlsGetValue
CopyFileW
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
lstrcmpiW
VerSetConditionMask
EnumSystemLocalesA
GetUserDefaultLCID
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
GetPrivateProfileStringW
SetFilePointer
GlobalAddAtomW
CreateThread
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
GetFileInformationByHandle
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetVersion
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SleepEx
WriteConsoleW
CreateToolhelp32Snapshot
AreFileApisANSI
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
GlobalFindAtomW
GetStartupInfoA
SystemTimeToFileTime
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
OpenProcess
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GetTempFileNameW
WriteFile
CompareStringW
lstrcpyW
GlobalReAlloc
ExpandEnvironmentStringsW
FindNextFileW
CompareStringA
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LocalReAlloc
DosDateTimeToFileTime
LCMapStringW
VirtualAllocEx
GetSystemInfo
GlobalFree
GetConsoleCP
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
QueryPerformanceFrequency
lstrlenW
GetCPInfo
Process32NextW
VirtualFree
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
Process32FirstW
WritePrivateProfileStringW
lstrcpynW
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
FindFirstFileA
CloseHandle
GetACP
GetModuleHandleW
FreeResource
GetLongPathNameW
IsValidCodePage
HeapCreate
FindResourceW
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
CreateStdAccessibleObject
LresultFromObject
VarUI4FromStr
VariantChangeType
VariantClear
SysAllocString
GetErrorInfo
SysFreeString
VariantInit
SHGetFolderPathW
SHGetDataFromIDListW
SHBrowseForFolderW
SHGetFolderLocation
Ord(155)
SHGetPathFromIDListW
ShellExecuteW
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderPathW
PathFileExistsW
PathAppendW
SHDeleteKeyW
MapWindowPoints
GetForegroundWindow
SetWindowRgn
SetMenuItemBitmaps
LoadBitmapW
DestroyMenu
PostQuitMessage
GetMessagePos
SetWindowPos
IsWindow
GrayStringW
EndPaint
GetMessageTime
DispatchMessageW
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
UnregisterClassA
GetClassInfoW
DefWindowProcW
DrawTextW
CallNextHookEx
LoadImageW
ClientToScreen
GetTopWindow
GetWindowTextW
GetWindowTextLengthW
InvalidateRgn
GetMenuItemID
PtInRect
GetClassInfoExW
GetPropW
CreateCaret
GetMessageW
ShowWindow
GetCaretPos
SetPropW
GetMenuState
PeekMessageW
EnableWindow
TranslateMessage
IsWindowEnabled
GetWindow
RegisterClassW
IsZoomed
GetWindowPlacement
DestroyWindow
SetWindowLongW
IsIconic
GetSubMenu
SetTimer
LoadStringW
FillRect
CopyRect
GetSysColorBrush
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetUpdateRect
CharNextW
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
BeginPaint
OffsetRect
SetCaretPos
KillTimer
CharPrevW
GetParent
GetSystemMetrics
EnableMenuItem
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
DrawTextExW
PostMessageW
ShowCaret
GetClassLongW
GetLastActivePopup
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
FindWindowW
ScreenToClient
GetMenuItemCount
ValidateRect
SetWindowsHookExW
LoadCursorW
LoadIconW
FindWindowExW
GetDC
SetForegroundWindow
GetClientRect
IntersectRect
HideCaret
CreateAcceleratorTableW
GetCapture
GetShellWindow
CheckMenuItem
GetWindowThreadProcessId
MessageBoxW
SendMessageW
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
WinHelpW
SystemParametersInfoW
UnionRect
MonitorFromWindow
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
ModifyMenuW
IsRectEmpty
GetFocus
wsprintfW
SetCursor
RemovePropW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetSetOptionW
InternetOpenUrlW
InternetOpenW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
Ord(301)
Ord(145)
Ord(216)
Ord(167)
Ord(79)
Ord(147)
Ord(27)
Ord(127)
Ord(133)
Ord(46)
Ord(208)
Ord(142)
Ord(118)
Ord(14)
Ord(26)
Ord(41)
htonl
accept
ioctlsocket
WSAStartup
connect
getsockname
htons
WSASetLastError
select
gethostname
getsockopt
closesocket
inet_addr
send
getservbyport
ntohs
WSAGetLastError
gethostbyaddr
listen
__WSAFDIsSet
WSACleanup
gethostbyname
getpeername
recv
setsockopt
socket
bind
recvfrom
inet_ntoa
sendto
getservbyname
GdipCreateFontFromDC
GdipGetImageHeight
GdipCreateLineBrushI
GdiplusShutdown
GdipDisposeImage
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipDeleteGraphics
GdipCreateBitmapFromStream
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFromHDC
GdipSetStringFormatAlign
GdipGetImageWidth
GdipAlloc
GdipDrawImageRectRectI
GdipCloneBrush
GdipFree
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCloneImage
GdipDeleteBrush
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GetAdaptersInfo
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CLSIDFromProgID
CoUninitialize
CLSIDFromString
PE exports
Number of PE resources by type
RT_CURSOR 16
RT_GROUP_CURSOR 15
RT_STRING 14
RT_ICON 4
RT_DIALOG 3
RT_BITMAP 2
ZIPRES 1
PIC 1
ZZZZ 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 61
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
3031040

ImageVersion
0.0

ProductName
Clover

FileVersionNumber
3.1.2.8091

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

FileDescription
Clover

CharacterSet
Windows, Chinese (Simplified)

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
Clover.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.1.2.08091

TimeStamp
2016:08:11 14:06:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Clover

ProductVersion
3.1.2.08091

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2016

MachineType
Intel 386 or later, and compatibles

CompanyName
www.ejie.me

CodeSize
798720

FileSubtype
0

ProductVersionNumber
3.1.2.8091

EntryPoint
0x41208

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 200a0ed1dab2e36bac11f100bdb07da7
SHA1 2ccdb5900b96f5d34f78ce0c6fa75e2b60ecad3f
SHA256 b2ce48c126c5c445f19b42302faa27392fa85c6e5d629471d4a4acad3a71a123
ssdeep
98304:6dhjdSoQQKaayawA+e5UGitKAUg1xhSJRrvovgsL6GiIs:6MoCaayaPn1gEygsLC

authentihash f56559634db93b3e0a7f764b1bb5f2eb34925f63f558eb5df51e393b5f58c4be
imphash 25513640d7530f0e2921315c3eb36469
File size 3.7 MB ( 3833856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (44.9%)
Win64 Executable (generic) (39.8%)
Win32 Executable (generic) (6.4%)
OS/2 Executable (generic) (2.9%)
Generic Win/DOS Executable (2.8%)
Tags
peexe

VirusTotal metadata
First submission 2016-08-12 03:46:52 UTC ( 2 years, 5 months ago )
Last submission 2018-01-23 07:46:06 UTC ( 12 months ago )
File names B2CE48C126C5C445F19B42302FAA27392FA85C6E5D629471D4A4ACAD3A71A123.exe
setup_clover@3.1.2_3.1.2.exe
Clover.exe
setup_clover 3.1.2.exe
setup_clover_3.1.2.exe
6201b2877a93435150a32116a9a8a302dfb9be0b02fdc0cda6b9040be73da0ce07f15878fce639696d48e101eb1a3f4b8e530fde880fe51b0b33091e4a01af7b
c312.exe
Clover-TabsForExplorer_(CTFE)_v3.1.2.exe
setup_clover3.1.2.exe
Clover
setup_clover@3.1.2.exe
clover.gif
setup_clover@3.1.2.exe
4ed7de7a0eb790449c6e14e9e6c3f2bc88349f42
setup_clover@3.1.2.exe
Clover-original.exe
output.97940213.txt
setup_clover@3.1.2.exe
setup_clover@3.1.2(1).exe
setup_clover@3.1.2.exe
output.98555056.txt
setup_clover@3.1.2.exe
clover-3-1-2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications