× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b6d5f528e21fe0513d91c948cbbbc8028cd63972ae9df366bfe4c8441df2fade
File name: New_Order5848.exe
Detection ratio: 22 / 68
Analysis date: 2018-08-02 12:05:32 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Injector.C2644350 20180802
AVG FileRepMalware 20180802
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20180723
Cylance Unsafe 20180802
Cyren W32/Fareit.FW.gen!Eldorado 20180802
Emsisoft Trojan.Injector (A) 20180802
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.DZOE 20180802
F-Prot W32/Fareit.FW.gen!Eldorado 20180802
Ikarus Win32.SuspectCrc 20180802
Sophos ML heuristic 20180717
Kaspersky HEUR:Trojan.Win32.Generic 20180802
Malwarebytes Trojan.MalPack 20180802
McAfee Artemis!6F06EAA59716 20180802
McAfee-GW-Edition BehavesLike.Win32.Fareit.hc 20180802
Microsoft Trojan:Win32/Fuerboos.E!cl 20180802
Palo Alto Networks (Known Signatures) generic.ml 20180802
Qihoo-360 HEUR/QVM03.0.E6D1.Malware.Gen 20180802
Rising Trojan.Injector!8.C4 (CLOUD) 20180802
SentinelOne (Static ML) static engine - malicious 20180701
Symantec ML.Attribute.HighConfidence 20180802
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180802
Ad-Aware 20180802
AegisLab 20180802
Alibaba 20180713
ALYac 20180802
Antiy-AVL 20180802
Arcabit 20180802
Avast 20180802
Avast-Mobile 20180802
Avira (no cloud) 20180802
AVware 20180727
Babable 20180725
Baidu 20180802
BitDefender 20180802
Bkav 20180802
CAT-QuickHeal 20180802
ClamAV 20180802
CMC 20180802
Comodo 20180802
Cybereason 20180308
DrWeb 20180802
eGambit 20180802
F-Secure 20180802
Fortinet 20180802
GData 20180802
Jiangmin 20180802
K7AntiVirus 20180802
K7GW 20180802
Kingsoft 20180802
MAX 20180802
eScan 20180802
NANO-Antivirus 20180802
Panda 20180801
Sophos AV 20180802
SUPERAntiSpyware 20180802
Symantec Mobile Insight 20180801
TACHYON 20180802
Tencent 20180802
TheHacker 20180802
TotalDefense 20180802
TrendMicro 20180802
TrendMicro-HouseCall 20180802
Trustlook 20180802
VBA32 20180802
VIPRE 20180802
ViRobot 20180802
Webroot 20180802
Yandex 20180731
Zillya 20180801
Zoner 20180802
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
TOURCEFIRA, NNm.

Product audacity voaC
Original name Parallelline6.exe
Internal name Parallelline6
File version 2.03
Description HAnon
Comments ws
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-09-04 20:00:00
Entry Point 0x00001950
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(645)
EVENT_SINK_Release
__vbaEnd
__vbaRedim
Ord(521)
__vbaVarDup
Ord(695)
_adj_fdivr_m64
Ord(527)
_adj_fprem
Ord(678)
Ord(685)
__vbaVarTstNe
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(650)
__vbaStrToUnicode
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaVarAdd
Ord(618)
_adj_fdiv_r
Ord(100)
__vbaUI1I2
__vbaFreeVar
Ord(570)
__vbaVarXor
__vbaLateMemCallLd
__vbaObjSetAddref
Ord(612)
_CItan
_adj_fdiv_m64
Ord(542)
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(660)
__vbaVarMul
_allmul
Ord(544)
_CIcos
__vbaVarTstEq
_adj_fptan
__vbaI2Var
Ord(610)
Ord(581)
__vbaObjSet
__vbaI4Var
__vbaFpI4
Ord(613)
__vbaVarMove
Ord(646)
_CIatan
__vbaNew2
__vbaLateIdCallLd
__vbaOnError
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
Ord(546)
__vbaVarCopy
__vbaFreeStrList
__vbaVarCat
__vbaI4Str
__vbaFreeStr
_adj_fdiv_m16i
__vbaVarMod
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
528384

SubsystemVersion
4.0

Comments
ws

LinkerVersion
6.0

ImageVersion
2.3

FileSubtype
0

FileVersionNumber
2.3.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
HAnon

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x1950

OriginalFileName
Parallelline6.exe

MIMEType
application/octet-stream

LegalCopyright
TOURCEFIRA, NNm.

FileVersion
2.03

TimeStamp
2006:09:04 21:00:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Parallelline6

ProductVersion
2.03

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
samstudiO frOUi

LegalTrademarks
GHUNDErbirD

ProductName
audacity voaC

ProductVersionNumber
2.3.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6f06eaa597165577293edc14a5196a6e
SHA1 598c735fcdb502650273a36bf0e27c05e80ad5f4
SHA256 b6d5f528e21fe0513d91c948cbbbc8028cd63972ae9df366bfe4c8441df2fade
ssdeep
6144:jIMO/WARpjR19vahJwXzBf9f7FLusWwn05D9ln:jIM6dRX82zRrs

authentihash a2eed05e42598916d6a67f614ef7cefd00f6cfc6450379ae3f7b7df190902446
imphash 1069b0e332b081d4044f083a1c59795c
File size 532.0 KB ( 544768 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-02 07:34:00 UTC ( 7 months, 3 weeks ago )
Last submission 2018-08-02 07:34:00 UTC ( 7 months, 3 weeks ago )
File names Parallelline6.exe
Parallelline6
New_Order5848.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.