× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ba504c2cd8889839990c0763e63d6625f2f534d47d6046aec952418d37828d82
File name: Product.exe
Detection ratio: 35 / 66
Analysis date: 2017-11-09 05:26:05 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12544709 20171109
AhnLab-V3 Trojan/Win32.Androm.C2249050 20171109
Arcabit Trojan.Generic.DBF6AC5 20171109
Avast Win32:Malware-gen 20171109
AVG Win32:Malware-gen 20171109
Avira (no cloud) TR/Dropper.VB.hrhvi 20171109
BitDefender Trojan.GenericKD.12544709 20171109
ClamAV Win.Packer.VbPack-0-6334882-0 20171109
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20171016
Cylance Unsafe 20171109
Cyren W32/Fareit.BL.gen!Eldorado 20171109
DrWeb Trojan.PWS.Stealer.14740 20171109
Emsisoft Trojan.GenericKD.12544709 (B) 20171109
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Injector.DTGR 20171109
F-Prot W32/Fareit.BL.gen!Eldorado 20171109
F-Secure Trojan.GenericKD.12544709 20171109
Fortinet W32/GenKryptik.BANO!tr 20171109
GData Trojan.GenericKD.12544709 20171109
Ikarus Win32.Outbreak 20171109
Sophos ML heuristic 20170914
Kaspersky Trojan-PSW.Win32.Fareit.djbi 20171109
Malwarebytes Spyware.LokiBot 20171109
MAX malware (ai score=87) 20171109
McAfee Artemis!5D90C2C9734B 20171109
McAfee-GW-Edition BehavesLike.Win32.Fareit.cc 20171109
eScan Trojan.GenericKD.12544709 20171109
Panda Trj/GdSda.A 20171108
Qihoo-360 HEUR/QVM03.0.1075.Malware.Gen 20171109
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/FareitVB-M 20171109
Symantec Downloader.Ponik 20171108
TrendMicro TROJ_GEN.R020C0RK817 20171109
TrendMicro-HouseCall TROJ_GEN.R020C0RK817 20171109
ZoneAlarm by Check Point Trojan-PSW.Win32.Fareit.djbi 20171109
AegisLab 20171109
Alibaba 20170911
ALYac 20171109
Antiy-AVL 20171103
Avast-Mobile 20171108
AVware 20171109
Baidu 20171109
Bkav 20171108
CAT-QuickHeal 20171108
CMC 20171104
Comodo 20171109
Cybereason 20171030
eGambit 20171109
Jiangmin 20171109
K7AntiVirus 20171109
K7GW 20171109
Kingsoft 20171109
Microsoft 20171109
NANO-Antivirus 20171109
nProtect 20171109
Palo Alto Networks (Known Signatures) 20171109
SUPERAntiSpyware 20171109
Symantec Mobile Insight 20171107
Tencent 20171109
TheHacker 20171102
Trustlook 20171109
VBA32 20171108
VIPRE 20171109
ViRobot 20171109
Webroot 20171109
WhiteArmor 20171104
Yandex 20171108
Zillya 20171108
Zoner 20171109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Jollo_9

Product Jollo_9
Original name Heliaean8.exe
Internal name Heliaean8
File version 6.05.0001
Description Jollo_9
Comments Jollo_9
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-06 21:02:43
Entry Point 0x000011C0
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaCyI4
__vbaStrCmp
__vbaI4Cy
_adj_fdivr_m64
_adj_fprem
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
__vbaCyAdd
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaCySub
_adj_fdiv_m64
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
_allmul
EVENT_SINK_Release
EVENT_SINK_QueryInterface
_adj_fptan
_CItan
__vbaFpCmpCy
_CIcos
_CIatan
__vbaFreeStr
_adj_fdivr_m32i
_CIexp
_adj_fprem1
_adj_fdivr_m32
__vbaFreeStrList
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
114688

SubsystemVersion
4.0

Comments
Jollo_9

LinkerVersion
6.0

ImageVersion
6.5

FileSubtype
0

FileVersionNumber
6.5.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Jollo_9

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
8192

EntryPoint
0x11c0

OriginalFileName
Heliaean8.exe

MIMEType
application/octet-stream

LegalCopyright
Jollo_9

FileVersion
6.05.0001

TimeStamp
2017:11:06 22:02:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Heliaean8

ProductVersion
6.05.0001

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
HecKIN

LegalTrademarks
Jollo_9

ProductName
Jollo_9

ProductVersionNumber
6.5.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 5d90c2c9734bac343013b278778c7b1c
SHA1 d56f6ab31b0bdd34f7f2858c4b06b40c566b97d9
SHA256 ba504c2cd8889839990c0763e63d6625f2f534d47d6046aec952418d37828d82
ssdeep
3072:9U/JMyqq9Cc8QGxL3MPKXb+HmFPO93Sm0v:6JMy3Uc8QGxL32Tv9b0

authentihash 3fb73fbac9fa2858b13f58cb0d4524e722d006c81852ebbf56c3a3960f0dbddd
imphash 0bf9b3ceb3d842c7986a6703b72ce0f9
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-09 05:12:38 UTC ( 1 year, 3 months ago )
Last submission 2017-11-11 08:27:09 UTC ( 1 year, 3 months ago )
File names Product.exe
Heliaean8
Product.exe
Heliaean8.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!