× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b37827432e09cb34a72ea57a2c588bce66ef6ab177d0f970cc0629096ef36f5c
File name: output.114757070.txt
Detection ratio: 45 / 71
Analysis date: 2018-12-31 10:43:21 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40851630 20181231
ALYac Trojan.GenericKD.40851630 20181231
Antiy-AVL Trojan[Spy]/Win32.Noon 20181231
Arcabit Trojan.Generic.D26F58AE 20181231
Avast Win32:Trojan-gen 20181231
AVG Win32:Trojan-gen 20181231
BitDefender Trojan.GenericKD.40851630 20181231
CAT-QuickHeal Trojan.VBInject 20181230
Comodo Malware@#3eezkde96u8dt 20181231
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20181022
Cylance Unsafe 20181231
Cyren W32/VBInject.QQ2.gen!Eldorado 20181231
DrWeb Trojan.Fbng.8 20181231
Emsisoft Trojan.Injector (A) 20181231
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.ECKW 20181231
F-Prot W32/VBInject.QQ2.gen!Eldorado 20181231
F-Secure Trojan.GenericKD.40851630 20181231
Fortinet W32/Injector.ECKG!tr 20181231
GData Trojan.GenericKD.40851630 20181231
Ikarus Trojan.Crypt.Malcert 20181230
Sophos ML heuristic 20181128
Jiangmin TrojanSpy.Noon.eee 20181231
K7AntiVirus Trojan ( 00543ea11 ) 20181231
K7GW Trojan ( 00543ea11 ) 20181231
Kaspersky Trojan-Spy.Win32.Noon.xyw 20181231
MAX malware (ai score=83) 20181231
McAfee Fareit-FNG!2C8BF0647F9C 20181231
McAfee-GW-Edition Fareit-FNG!2C8BF0647F9C 20181231
Microsoft VirTool:Win32/VBInject 20181230
eScan Trojan.GenericKD.40851630 20181231
NANO-Antivirus Trojan.Win32.Noon.flieih 20181231
Palo Alto Networks (Known Signatures) generic.ml 20181231
Panda Trj/GdSda.A 20181230
Qihoo-360 Win32/Trojan.Spy.e01 20181231
Rising Spyware.Noon!8.E7C9 (CLOUD) 20181231
Sophos AV Mal/FareitVB-N 20181231
Symantec Downloader.Ponik 20181230
Tencent Win32.Trojan.Inject.Auto 20181231
Trapmine malicious.moderate.ml.score 20181205
TrendMicro TrojanSpy.Win32.FAREIT.THABBDAH 20181231
TrendMicro-HouseCall TrojanSpy.Win32.FAREIT.THABBDAH 20181231
VBA32 TScope.Trojan.VB 20181229
ViRobot Trojan.Win32.Z.Injector.632896 20181231
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.xyw 20181231
Acronis 20181227
AegisLab 20181231
Alibaba 20180921
Avast-Mobile 20181230
Avira (no cloud) 20181230
AVware 20180925
Babable 20180918
Baidu 20181207
Bkav 20181227
ClamAV 20181231
CMC 20181230
Cybereason 20180225
eGambit 20181231
Kingsoft 20181231
Malwarebytes 20181231
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20181226
Symantec Mobile Insight 20181225
TACHYON 20181231
TheHacker 20181230
TotalDefense 20181230
Trustlook 20181231
VIPRE 20181231
Webroot 20181231
Yandex 20181229
Zillya 20181228
Zoner 20181231
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
FORECONDEMN

Product Bactrian
Original name subjugating.exe
Internal name subjugating
File version 7.02.0002
Description SOURDOCK0
Comments Banjun4
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 7:52 PM 3/13/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-04-04 21:35:06
Entry Point 0x000012C4
Number of sections 3
PE sections
Overlays
MD5 dfde24dd338afe30216c548676e1f44d
File type data
Offset 626688
Size 6208
Entropy 7.32
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(523)
DllFunctionCall
EVENT_SINK_Release
__vbaGenerateBoundsError
_allmul
_adj_fdivr_m64
_adj_fprem
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(526)
__vbaStrToUnicode
__vbaInStr
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaRedim
__vbaStrCmp
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
_adj_fdiv_r
Ord(517)
__vbaFreeVar
__vbaFreeStr
Ord(100)
Ord(619)
_CItan
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
Ord(711)
__vbaLenBstrB
__vbaStrVarVal
_CIcos
Ord(616)
__vbaVarTstEq
_adj_fptan
__vbaFpCSngR4
__vbaVarMove
_CIlog
_CIatan
__vbaNew2
__vbaErrorOverflow
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaFreeStrList
__vbaFpI4
Ord(698)
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
598016

SubsystemVersion
4.0

Comments
Banjun4

LinkerVersion
6.0

ImageVersion
7.2

FileSubtype
0

FileVersionNumber
7.2.0.2

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
SOURDOCK0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
24576

EntryPoint
0x12c4

OriginalFileName
subjugating.exe

MIMEType
application/octet-stream

LegalCopyright
FORECONDEMN

FileVersion
7.02.0002

TimeStamp
2001:04:04 23:35:06+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
subjugating

ProductVersion
7.02.0002

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
quercus

LegalTrademarks
HUNOLD

ProductName
Bactrian

ProductVersionNumber
7.2.0.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2c8bf0647f9c50ebfe5a7f57ca5cbd66
SHA1 2d0bb27709baa2ffffb410d86962b7574cace23f
SHA256 b37827432e09cb34a72ea57a2c588bce66ef6ab177d0f970cc0629096ef36f5c
ssdeep
6144:XP4W6YCsP46MRQxWKP6Yq8Sut5vIaMwOTzm17EzIyRM5mzDzn+ymFMwM7b78W9KF:XP4WJxWKP6L8SunhuNYmLODSSXjbZH

authentihash 68f6a90c84d1797362703e83ce5c988c7a6d9379e4c0a51eb52e332f3564c5ab
imphash 9fdb7dd983727018296c3ca44f42dd3e
File size 618.1 KB ( 632896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-20 14:08:41 UTC ( 5 months ago )
Last submission 2019-01-14 18:24:11 UTC ( 4 months, 1 week ago )
File names subjugating.exe
output.114757070.txt
subjugating
_output6BF6FA0.exe
_output6BF6FA0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.