× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b82cd7f05b6d22e5e78238ebead9bf33afdac899aba5171e181d2bd01655d70b
File name: b82cd7f05b6d22e5e78238ebead9bf33afdac899aba5171e181d2bd01655d70b.bin
Detection ratio: 40 / 65
Analysis date: 2019-03-18 10:30:24 UTC ( 1 week ago )
Antivirus Result Update
Acronis suspicious 20190313
Ad-Aware Trojan.GenericKD.31782079 20190318
AhnLab-V3 Win-Trojan/Suspig.Exp 20190318
ALYac Spyware.Noon.gen 20190318
Antiy-AVL Trojan[Spy]/Win32.Noon 20190318
Arcabit Trojan.Generic.D1E4F4BF 20190318
Avast Win32:Malware-gen 20190318
AVG Win32:Malware-gen 20190318
BitDefender Trojan.GenericKD.31782079 20190318
CAT-QuickHeal Trojanspy.Noon 20190318
Comodo Malware@#2s3rj0gqapotz 20190318
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cyren W32/Trojan.BTMC-8014 20190318
DrWeb Trojan.PWS.Banker1.26525 20190318
Emsisoft Trojan.GenericKD.31782079 (B) 20190318
ESET-NOD32 a variant of Win32/Injector.EEET 20190318
Fortinet W32/GenKryptik.DCEV!tr 20190318
GData Trojan.GenericKD.31782079 20190318
Ikarus Trojan.Crypt.Malcert 20190318
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 00549b7d1 ) 20190318
K7GW Trojan ( 00549b7d1 ) 20190315
Kaspersky Trojan-Spy.Win32.Noon.abnq 20190318
McAfee Fareit-FOB!2B1E178B9C8E 20190318
McAfee-GW-Edition Fareit-FOB!2B1E178B9C8E 20190318
Microsoft VirTool:Win32/VBInject.ACX!bit 20190318
eScan Trojan.GenericKD.31782079 20190318
NANO-Antivirus Trojan.Win32.Noon.fobiao 20190318
Palo Alto Networks (Known Signatures) generic.ml 20190318
Panda Trj/Genetic.gen 20190317
Qihoo-360 Win32/Trojan.Spy.78d 20190318
Rising Spyware.Noon!8.E7C9 (CLOUD) 20190318
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/FareitVB-N 20190318
Tencent Win32.Trojan-spy.Noon.Hqly 20190318
Trapmine malicious.high.ml.score 20190301
TrendMicro-HouseCall TROJ_GEN.F0C2C00CD19 20190318
VBA32 TrojanSpy.Noon 20190318
ViRobot Trojan.Win32.Agent.468384 20190318
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.abnq 20190318
AegisLab 20190318
Alibaba 20190306
Avast-Mobile 20190317
Avira (no cloud) 20190318
Babable 20180918
Baidu 20190318
Bkav 20190314
ClamAV 20190318
CMC 20190318
Cybereason 20190109
eGambit 20190318
Endgame 20190215
F-Secure 20190318
Jiangmin 20190318
Kingsoft 20190318
Malwarebytes 20190318
MAX 20190318
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190318
TheHacker 20190315
TotalDefense 20190318
Trustlook 20190318
Yandex 20190317
Zillya 20190315
Zoner 20190318
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product NAZIFYING
Original name SERLES1.exe
Internal name SERLES1
File version 1.07.0005
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 11:30 AM 3/18/2019
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-12-01 03:31:17
Entry Point 0x00001044
Number of sections 3
PE sections
Overlays
MD5 1a8c9234b7060919c01bbbc55e29182f
File type data
Offset 462848
Size 5536
Entropy 7.55
PE imports
EVENT_SINK_QueryInterface
__vbaExceptHandler
Ord(100)
MethCallEngine
EVENT_SINK_Release
EVENT_SINK_AddRef
Number of PE resources by type
RT_ICON 12
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 13
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.7

FileSubtype
0

FileVersionNumber
1.7.0.5

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x1044

OriginalFileName
SERLES1.exe

MIMEType
application/octet-stream

FileVersion
1.07.0005

TimeStamp
2004:12:01 04:31:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SERLES1

ProductVersion
1.07.0005

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Unperiodical7

CodeSize
442368

ProductName
NAZIFYING

ProductVersionNumber
1.7.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2b1e178b9c8e6f84403431a99ba09db3
SHA1 08d3470605d93444e6f5a628f64ee2cffc99524b
SHA256 b82cd7f05b6d22e5e78238ebead9bf33afdac899aba5171e181d2bd01655d70b
ssdeep
6144:oYe3vVXL73ZCYYzm08egtP0vkp4usiTsu86kcpsw/4f0ewvIW:oYe3vLYmjckp1sissFsEiwvb

authentihash 2536124bdb2e80bf5c4caaab5390e1000b0d18e757dcd57ffbf30ee6cb52b374
imphash 0471d9f3d9f142373524705d6a5cb951
File size 457.4 KB ( 468384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-12 00:03:39 UTC ( 2 weeks ago )
Last submission 2019-03-18 10:30:24 UTC ( 1 week ago )
File names b82cd7f05b6d22e5e78238ebead9bf33afdac899aba5171e181d2bd01655d70b.bin
2b1e178b.gxe
SERLES1
SERLES1.exe
WinNote.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.