× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b82cd7f05b6d22e5e78238ebead9bf33afdac899aba5171e181d2bd01655d70b
File name: 2b1e178b.gxe
Detection ratio: 15 / 68
Analysis date: 2019-03-12 10:00:43 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
Avast Win32:Malware-gen 20190312
AVG Win32:Malware-gen 20190312
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
ESET-NOD32 a variant of Win32/GenKryptik.DCEV 20190312
Fortinet W32/GenKryptik.DCEV!tr 20190312
Ikarus Trojan.Win32.Krypt 20190312
Sophos ML heuristic 20181128
Kaspersky Trojan-Spy.Win32.Noon.abnq 20190312
Microsoft Trojan:Win32/Fuerboos.C!cl 20190312
Palo Alto Networks (Known Signatures) generic.ml 20190312
SentinelOne (Static ML) DFI - Malicious PE 20190311
Symantec ML.Attribute.HighConfidence 20190311
Trapmine malicious.high.ml.score 20190301
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.abnq 20190312
Ad-Aware 20190312
AegisLab 20190312
AhnLab-V3 20190312
Alibaba 20190306
ALYac 20190312
Antiy-AVL 20190312
Arcabit 20190312
Avast-Mobile 20190312
Avira (no cloud) 20190312
Babable 20180918
Baidu 20190306
BitDefender 20190312
Bkav 20190311
CAT-QuickHeal 20190312
ClamAV 20190312
CMC 20190312
Comodo 20190312
Cybereason 20190109
Cylance 20190312
Cyren 20190312
DrWeb 20190312
Emsisoft 20190312
Endgame 20190215
F-Prot 20190312
F-Secure 20190312
GData 20190312
Jiangmin 20190312
K7AntiVirus 20190312
K7GW 20190312
Kingsoft 20190312
Malwarebytes 20190312
MAX 20190312
McAfee 20190312
McAfee-GW-Edition 20190312
eScan 20190312
NANO-Antivirus 20190312
Panda 20190311
Qihoo-360 20190312
Rising 20190312
Sophos AV 20190312
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TACHYON 20190312
Tencent 20190312
TheHacker 20190308
TotalDefense 20190312
TrendMicro 20190312
TrendMicro-HouseCall 20190312
Trustlook 20190312
VBA32 20190312
ViRobot 20190312
Yandex 20190310
Zillya 20190311
Zoner 20190312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product NAZIFYING
Original name SERLES1.exe
Internal name SERLES1
File version 1.07.0005
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 7:17 AM 3/30/2019
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-12-01 03:31:17
Entry Point 0x00001044
Number of sections 3
PE sections
Overlays
MD5 1a8c9234b7060919c01bbbc55e29182f
File type data
Offset 462848
Size 5536
Entropy 7.55
PE imports
EVENT_SINK_QueryInterface
__vbaExceptHandler
Ord(100)
MethCallEngine
EVENT_SINK_Release
EVENT_SINK_AddRef
Number of PE resources by type
RT_ICON 12
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 13
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.7

FileSubtype
0

FileVersionNumber
1.7.0.5

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x1044

OriginalFileName
SERLES1.exe

MIMEType
application/octet-stream

FileVersion
1.07.0005

TimeStamp
2004:12:01 04:31:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SERLES1

ProductVersion
1.07.0005

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Unperiodical7

CodeSize
442368

ProductName
NAZIFYING

ProductVersionNumber
1.7.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2b1e178b9c8e6f84403431a99ba09db3
SHA1 08d3470605d93444e6f5a628f64ee2cffc99524b
SHA256 b82cd7f05b6d22e5e78238ebead9bf33afdac899aba5171e181d2bd01655d70b
ssdeep
6144:oYe3vVXL73ZCYYzm08egtP0vkp4usiTsu86kcpsw/4f0ewvIW:oYe3vLYmjckp1sissFsEiwvb

authentihash 2536124bdb2e80bf5c4caaab5390e1000b0d18e757dcd57ffbf30ee6cb52b374
imphash 0471d9f3d9f142373524705d6a5cb951
File size 457.4 KB ( 468384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-12 00:03:39 UTC ( 2 months, 1 week ago )
Last submission 2019-03-18 10:30:24 UTC ( 2 months ago )
File names b82cd7f05b6d22e5e78238ebead9bf33afdac899aba5171e181d2bd01655d70b.bin
2b1e178b.gxe
SERLES1
SERLES1.exe
WinNote.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.