× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b9283176a986f0d89de006c9f929629e11f9954c28e14bff560d077af2edbb87
File name: cookie-monster-2350-jetelecharge.exe
Detection ratio: 1 / 67
Analysis date: 2017-12-31 03:45:07 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
WhiteArmor Malware.HighConfidence 20171226
Ad-Aware 20171225
AegisLab 20171231
Alibaba 20171229
ALYac 20171231
Antiy-AVL 20171231
Arcabit 20171231
Avast 20171231
Avast-Mobile 20171230
AVG 20171231
Avira (no cloud) 20171230
AVware 20171231
Baidu 20171227
BitDefender 20171231
Bkav 20171229
CAT-QuickHeal 20171230
ClamAV 20171230
CMC 20171229
Comodo 20171231
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171231
Cyren 20171231
DrWeb 20171231
eGambit 20171231
Emsisoft 20171231
Endgame 20171130
ESET-NOD32 20171231
F-Prot 20171231
F-Secure 20171231
Fortinet 20171231
GData 20171231
Ikarus 20171230
Sophos ML 20170914
Jiangmin 20171231
K7AntiVirus 20171231
K7GW 20171230
Kaspersky 20171231
Kingsoft 20171231
Malwarebytes 20171231
MAX 20171231
McAfee 20171231
McAfee-GW-Edition 20171230
Microsoft 20171231
eScan 20171231
NANO-Antivirus 20171231
nProtect 20171231
Palo Alto Networks (Known Signatures) 20171231
Panda 20171230
Qihoo-360 20171231
Rising 20171230
SentinelOne (Static ML) 20171224
Sophos AV 20171231
SUPERAntiSpyware 20171230
Symantec 20171230
Symantec Mobile Insight 20171230
Tencent 20171231
TheHacker 20171229
TotalDefense 20171230
TrendMicro 20171231
TrendMicro-HouseCall 20171231
Trustlook 20171231
VBA32 20171229
VIPRE 20171231
ViRobot 20171230
Webroot 20171231
Yandex 20171229
Zillya 20171229
ZoneAlarm by Check Point 20171231
Zoner 20171231
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT NSIS
PEiD Nullsoft Install System v1.98
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-04-28 23:26:07
Entry Point 0x00004670
Number of sections 4
PE sections
Overlays
MD5 f247fa567981fb3245ba73741699017a
File type data
Offset 36352
Size 651969
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyA
RegOpenKeyExA
RegEnumValueA
SelectObject
LineTo
GetNearestColor
CreatePen
SetBkMode
CreateFontA
MoveToEx
GetStockObject
CreateBrushIndirect
GetTextColor
CreateSolidBrush
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
SetTextColor
ReadFile
LoadLibraryA
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
RemoveDirectoryA
GetModuleFileNameA
GetShortPathNameA
GetCurrentProcess
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
MultiByteToWideChar
GetCommandLineA
GetProcAddress
SetFileAttributesA
SetFilePointer
GetTempPathA
lstrcmpiA
CreateThread
MapViewOfFile
GetModuleHandleA
FindFirstFileA
lstrcpyA
CloseHandle
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
lstrcpynA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GetEnvironmentVariableA
UnmapViewOfFile
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
SetEndOfFile
CreateFileA
ExitProcess
GetVersion
MulDiv
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SHFileOperationA
SetFocus
CharPrevA
RegisterClassA
GetParent
SystemParametersInfoA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
SetClassLongA
IsWindowEnabled
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
DialogBoxParamA
DrawTextA
SetWindowTextA
IsWindowVisible
SendMessageA
SetForegroundWindow
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
ScreenToClient
SetRect
wsprintfA
FindWindowExA
CreateWindowExA
LoadCursorA
LoadIconA
FillRect
CharNextA
GetDesktopWindow
EndPaint
GetWindowTextA
ExitWindowsEx
DestroyWindow
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_DIALOG 7
RT_BITMAP 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2002:04:29 01:26:07+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
25088

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x4670

InitializedDataSize
110592

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 11816c3d97067ce6a6761244ded9519d
SHA1 6bf09ea85bfcbd8e5bf083ef9facb7e370573962
SHA256 b9283176a986f0d89de006c9f929629e11f9954c28e14bff560d077af2edbb87
ssdeep
12288:xJjjJEQNHEPGutBf6sj0MNoiRuL+cyRX1DSEy14ZKtnWiuTTojyUm5Mw6NK1hTXk:njRdKjH6rYQSST14ZKVWrTQ5wDhTU

authentihash 45b59df07b3ab1c09c8c66e06b7302bd14e6bf1dce6682ab1274750bb3108dc6
imphash 3f3ba99c7a17c84031710235ee2f7ba9
File size 672.2 KB ( 688321 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (91.7%)
Win32 Executable MS Visual C++ (generic) (3.3%)
Win64 Executable (generic) (2.9%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.4%)
Tags
nsis software-collection overlay peexe nullsoft

VirusTotal metadata
First submission 2009-07-21 14:19:19 UTC ( 9 years, 10 months ago )
Last submission 2018-09-10 13:39:51 UTC ( 8 months, 2 weeks ago )
File names 11816c3d97067ce6a6761244ded9519d.exe
file-431093_exe
1340449022-CookieMonsterSetup.exe
cookie-monster-2350-jetelecharge.exe
CookieMonsterSetup.exe
b9283176a986f0d89de006c9f929629e11f9954c28e14bff560d077af2edbb87.bin
CookieMonsterSetup_3.47.exe
CookieMonsterSetup_3.47.exe
CookieMonsterSetupv3.47.exe
filename
CookieMonsterSetup.exe
a45afd917dffb1dba7e16606b7399a93e891e5a9
file-3071422_exe
cookie-monster-2350-jetelecharge.exe
cookiemonster.exe
octet-stream
cookie-monster-3.exe
cookie-monster-2350-jetelecharge.exe
file
cookie-monster-2350-jetelecharge.exe
myfile
cookie-monster-2350-jetelecharge.exe
cookie-monster-3.exe
CookieMonsterSetup.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!