× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b70102d1cdd3822f097da98e2068b162590de84338edc577ba7c54953b55dfe2
File name: apostle.exe
Detection ratio: 42 / 66
Analysis date: 2018-11-14 05:22:49 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40741385 20181112
AegisLab Trojan.Win32.Noon.4!c 20181114
AhnLab-V3 Trojan/Win32.VBKrypt.C2817595 20181114
ALYac Trojan.GenericKD.40741385 20181114
Antiy-AVL Trojan[Spy]/Win32.Noon 20181114
Arcabit Trojan.Generic.D26DAA09 20181114
Avast Win32:Trojan-gen 20181114
AVG Win32:Trojan-gen 20181114
Avira (no cloud) TR/Injector.ouvuf 20181114
BitDefender Trojan.GenericKD.40741385 20181114
ClamAV Win.Trojan.Midie-6745557-0 20181114
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.873170 20180225
Cylance Unsafe 20181114
Cyren W32/Trojan.UWYR-5412 20181114
Emsisoft Trojan.GenericKD.40741385 (B) 20181114
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.EBKR 20181114
F-Secure Trojan.GenericKD.40741385 20181114
Fortinet W32/Injector.EBKR!tr 20181114
GData Trojan.GenericKD.40741385 20181114
Ikarus Trojan.VB.Crypt 20181113
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 005407491 ) 20181113
K7GW Trojan ( 005407491 ) 20181114
Kaspersky Trojan-Spy.Win32.Noon.wbs 20181114
MAX malware (ai score=100) 20181114
McAfee Artemis!975F67CCF96E 20181114
McAfee-GW-Edition BehavesLike.Win32.VBObfus.bh 20181114
Microsoft Trojan:Win32/Dynamer!rfn 20181114
eScan Trojan.GenericKD.40741385 20181114
Palo Alto Networks (Known Signatures) generic.ml 20181114
Panda Generic Malware 20181113
Qihoo-360 Win32/Trojan.Spy.361 20181114
Rising Trojan.Injector!8.C4 (CLOUD) 20181114
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/FareitVB-L 20181114
Symantec Trojan.Gen.2 20181114
TrendMicro TROJ_GEN.R002C0WKA18 20181114
TrendMicro-HouseCall TROJ_GEN.R002C0WKA18 20181114
ViRobot Trojan.Win32.Z.Injector.815104.DA 20181114
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.wbs 20181114
Alibaba 20180921
Avast-Mobile 20181113
Baidu 20181114
Bkav 20181113
CAT-QuickHeal 20181113
CMC 20181114
DrWeb 20181114
eGambit 20181114
F-Prot 20181114
Jiangmin 20181114
Kingsoft 20181114
Malwarebytes 20181114
NANO-Antivirus 20181114
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
TACHYON 20181114
Tencent 20181114
TheHacker 20181113
TotalDefense 20181113
Trustlook 20181114
VBA32 20181113
Webroot 20181114
Yandex 20181113
Zillya 20181113
Zoner 20181114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
skuldrede

Product Bumpoff
Original name Personskifternes3.exe
Internal name Personskifternes3
File version 8.01.0003
Description scillonian
Comments gvinklers
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-09 12:16:36
Entry Point 0x00001228
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaStrCmp
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(617)
_adj_fpatan
EVENT_SINK_AddRef
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaFreeVar
__vbaFileOpen
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
Ord(606)
__vbaInStrVarB
EVENT_SINK_QueryInterface
_adj_fptan
__vbaVarSub
_CItan
__vbaI4Var
_CIcos
__vbaVarMove
_CIatan
Ord(608)
__vbaFreeStr
_adj_fdivr_m32i
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaFreeStrList
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 12
RT_STRING 9
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 13
ENGLISH US 10
PE resources
ExifTool file metadata
CodeSize
749568

SubsystemVersion
4.0

Comments
gvinklers

LinkerVersion
6.0

ImageVersion
8.1

FileSubtype
0

FileVersionNumber
8.1.0.3

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
scillonian

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
77824

EntryPoint
0x1228

OriginalFileName
Personskifternes3.exe

MIMEType
application/octet-stream

LegalCopyright
skuldrede

FileVersion
8.01.0003

TimeStamp
2018:11:09 13:16:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Personskifternes3

ProductVersion
8.01.0003

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
loGitECH

LegalTrademarks
SPROGRIGTIGHEDERNES

ProductName
Bumpoff

ProductVersionNumber
8.1.0.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 975f67ccf96e69099d84b63c56ab1f2d
SHA1 04428d3873170421b0a1efd821ec3b7366a28119
SHA256 b70102d1cdd3822f097da98e2068b162590de84338edc577ba7c54953b55dfe2
ssdeep
12288:1y5i2yxqFCYt8/vLRDDP8rZit6qeZaGRIDuTA:1yYqFCYtozRDD6ZM7f+o

authentihash 8c8c9d95f26c96bfa2bce53faf0c040cb08cdf3ae63cc541a634ac3915661bd9
imphash ee00c87f3e16524ba6e2298a55e24f6c
File size 796.0 KB ( 815104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-10 05:50:36 UTC ( 6 months, 2 weeks ago )
Last submission 2018-11-10 05:50:36 UTC ( 6 months, 2 weeks ago )
File names Personskifternes3.exe
apostle.exe
den.exe
joe.exe
sel.exe
Personskifternes3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.