× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b8ba96af6e32459a21124edec979854df205e8ac27b05eba2d16d53526ec8ccb
File name: 65fg67n.exe
Detection ratio: 2 / 54
Analysis date: 2016-02-11 12:10:49 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160211
Rising PE:Malware.Generic(Thunder)!1.A1C4 [F] 20160211
Ad-Aware 20160211
AegisLab 20160211
Yandex 20160210
AhnLab-V3 20160210
Alibaba 20160204
ALYac 20160211
Antiy-AVL 20160211
Arcabit 20160211
Avast 20160211
AVG 20160211
Avira (no cloud) 20160211
Baidu-International 20160211
BitDefender 20160211
Bkav 20160204
ByteHero 20160211
CAT-QuickHeal 20160211
ClamAV 20160211
CMC 20160205
Comodo 20160211
Cyren 20160211
DrWeb 20160211
Emsisoft 20160211
ESET-NOD32 20160211
F-Prot 20160211
F-Secure 20160211
Fortinet 20160211
GData 20160211
Ikarus 20160211
Jiangmin 20160211
K7AntiVirus 20160211
K7GW 20160211
Kaspersky 20160211
Malwarebytes 20160211
McAfee 20160211
McAfee-GW-Edition 20160211
Microsoft 20160211
eScan 20160211
NANO-Antivirus 20160211
nProtect 20160205
Panda 20160210
Sophos AV 20160211
SUPERAntiSpyware 20160211
Symantec 20160210
Tencent 20160211
TheHacker 20160210
TrendMicro 20160211
TrendMicro-HouseCall 20160211
VBA32 20160211
VIPRE 20160211
ViRobot 20160211
Zillya 20160210
Zoner 20160211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2013. All rights reserved. Valerii Skopich

Product Analogy
Original name Analogy.exe
Internal name Analogy
Description Paces Profiler Dividing Abocom
Comments Paces Profiler Dividing Abocom
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-11 09:09:48
Entry Point 0x0000822B
Number of sections 6
PE sections
PE imports
GetUserNameA
RegCloseKey
CreateToolbarEx
InitCommonControlsEx
GetOpenFileNameA
CommDlgExtendedError
LineTo
CreateEllipticRgn
CreateRectRgn
SelectObject
MoveToEx
SetViewportOrgEx
CreateSolidBrush
CombineRgn
SelectClipRgn
DeleteObject
CreateFontW
SetTextColor
GetLastError
HeapCreate
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
GetCurrentProcess
SizeofResource
GetCurrentProcessId
LockResource
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetComputerNameA
TerminateProcess
LoadResource
Sleep
GetTickCount
GetCurrentThreadId
FindResourceA
__p__fmode
_hypot
memset
__dllonexit
_controlfp_s
_invoke_watson
_cexit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??2@YAPAXI@Z
_lock
__p__commode
_onexit
_amsg_exit
exit
_XcptFilter
wprintf
_encode_pointer
__setusermatherr
_decode_pointer
_adjust_fdiv
??_V@YAXPAX@Z
_acmdln
_CxxThrowException
_ismbblead
_itoa
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
memcpy
_mbschr
_except_handler4_common
atoi
__getmainargs
calloc
_initterm
sprintf
cos
wprintf_s
_initterm_e
sin
_configthreadlocale
_exit
strcmp
__set_app_type
SHGetFolderPathA
phoneGetLamp
SetFocus
GetMessageA
GetParent
UpdateWindow
BeginPaint
EnumWindows
FindWindowA
DefWindowProcA
ShowWindow
LoadBitmapA
GetWindowThreadProcessId
SendDlgItemMessageA
IsWindow
DispatchMessageA
EndPaint
MessageBoxA
GetClassNameA
SetWindowLongA
TranslateMessage
GetSysColor
InsertMenuItemA
CreatePopupMenu
SendMessageA
GetWindowTextA
GetClientRect
RegisterClassA
InvalidateRect
GetWindowLongA
FindWindowExA
CreateWindowExA
LoadCursorA
LoadIconA
FillRect
ShowCursor
GetSystemMenu
SetForegroundWindow
DestroyWindow
SetCursor
HttpQueryInfoA
mmioStringToFOURCCA
mmioDescend
mmioAscend
mmioOpenA
mmioClose
mmioRead
WinVerifyTrust
CreateStreamOnHGlobal
Number of PE resources by type
RT_DIALOG 14
RT_BITMAP 4
RT_STRING 3
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 23
PE resources
Debug information
ExifTool file metadata
FileDescription
Paces Profiler Dividing Abocom

Comments
Paces Profiler Dividing Abocom

InitializedDataSize
144896

ImageVersion
0.0

ProductName
Analogy

FileVersionNumber
5.5.8.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
13.0

FileTypeExtension
exe

OriginalFileName
Analogy.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2016:02:11 10:09:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Analogy

SubsystemVersion
5.0

ProductVersion
5.5.8.2

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2013. All rights reserved. Valerii Skopich

MachineType
Intel 386 or later, and compatibles

CompanyName
Valerii Skopich

CodeSize
38912

FileSubtype
0

ProductVersionNumber
5.5.8.2

EntryPoint
0x822b

ObjectFileType
Executable application

File identification
MD5 b0812504f3564e395fec327c71c4bfbd
SHA1 ba3db3904e15d218bb39bf97496314d293208420
SHA256 b8ba96af6e32459a21124edec979854df205e8ac27b05eba2d16d53526ec8ccb
ssdeep
3072:e46FzasQF1NKtYCih2aFoL7pzAMOC+sbUWgOOITM3P9M0F:sFza3HyYCW255OC+yezbP9

authentihash c39ca73d35c4cc3631586902f1d6d0fc27d022f4cfde7fa7b26dbb54928e7471
imphash 028b98ab56d8f8477dc7f994cb118b10
File size 180.5 KB ( 184832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2016-02-11 09:45:38 UTC ( 3 years, 3 months ago )
Last submission 2018-05-11 00:15:35 UTC ( 1 year ago )
File names 65fg67n
eruseedb.suk
65fg67n.exe
b0812504f3564e395fec327c71c4bfbd
analogy.exe
65fg67n[1].txt.3224.dr
65fg67n
65fg67n[1].txt.1968.dr
eruseedb.exe
65fg67n[1].txt.2360.dr
65fg67n_exe
Analogy
Analogy.exe
65fg67n.txt
sREKjVas.scr
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications