× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bac0583eeb6e481a403e5091e45df4b492195366e50fcb12deeff638cbfad878
File name: FFCa9j9ru.exe
Detection ratio: 14 / 65
Analysis date: 2017-09-06 11:10:53 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Avast FileRepMetagen [Malware] 20170906
AVG FileRepMetagen [Malware] 20170906
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170831
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170906
Endgame malicious (high confidence) 20170821
Sophos ML heuristic 20170822
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20170906
Palo Alto Networks (Known Signatures) generic.ml 20170906
Qihoo-360 HEUR/QVM20.1.A9B7.Malware.Gen 20170906
Rising Backdoor.Dridex!8.3226 (tfe:2:1q65vdGUPnM) 20170901
SentinelOne (Static ML) static engine - malicious 20170806
Symantec ML.Attribute.HighConfidence 20170906
Webroot W32.Trojan.Gen 20170906
Ad-Aware 20170906
AegisLab 20170906
AhnLab-V3 20170906
Alibaba 20170906
ALYac 20170906
Antiy-AVL 20170906
Arcabit 20170906
Avira (no cloud) 20170906
AVware 20170906
BitDefender 20170906
Bkav 20170906
CAT-QuickHeal 20170905
ClamAV 20170906
CMC 20170902
Comodo 20170906
Cyren 20170906
DrWeb 20170906
Emsisoft 20170906
ESET-NOD32 20170906
F-Prot 20170906
F-Secure 20170906
Fortinet 20170906
GData 20170906
Ikarus 20170906
Jiangmin 20170906
K7AntiVirus 20170906
K7GW 20170906
Kaspersky 20170906
Kingsoft 20170906
Malwarebytes 20170906
MAX 20170906
McAfee 20170905
Microsoft 20170906
eScan 20170906
NANO-Antivirus 20170906
nProtect 20170906
Panda 20170905
Sophos AV 20170906
SUPERAntiSpyware 20170906
Symantec Mobile Insight 20170906
Tencent 20170906
TheHacker 20170904
TotalDefense 20170906
TrendMicro 20170906
TrendMicro-HouseCall 20170906
Trustlook 20170906
VBA32 20170906
VIPRE 20170906
ViRobot 20170906
WhiteArmor 20170829
Yandex 20170906
Zillya 20170905
ZoneAlarm by Check Point 20170906
Zoner 20170906
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Microsoft Corp. 1993-1999

Product Microsoft (R) Jet
Original name MSJTER40.
Internal name MSJTER40.
File version 4.00.9756
Description Microsoft Jet Database Engine
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-05 07:27:37
Entry Point 0x00002340
Number of sections 6
PE sections
PE imports
GetOldestEventLogRecord
IsWellKnownSid
GetServiceDisplayNameA
GetViewportExtEx
GetTextCharsetInfo
GetTextMetricsA
AddFontResourceA
GetCharWidth32A
AreFileApisANSI
WriteProfileSectionA
IsValidCodePage
ExitProcess
GetComputerNameExW
LoadLibraryA
GetProcAddress
GetCapture
GetClipboardViewer
GetOpenClipboardWindow
GetClassNameW
GetKeyboardLayoutNameA
GetLastActivePopup
FindWindowW
DeferWindowPos
LoadCursorW
DdeGetLastError
wsprintfW
DeleteMonitorW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.2.1776.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft Jet Database Engine

ImageFileCharacteristics
Executable, No line numbers, No symbols, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
143360

EntryPoint
0x2340

OriginalFileName
MSJTER40.

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) Microsoft Corp. 1993-1999

FileVersion
4.00.9756

TimeStamp
2017:09:05 08:27:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSJTER40.

ProductVersion
4.00.9756

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporatio

CodeSize
10240

ProductName
Microsoft (R) Jet

ProductVersionNumber
5.2.1776.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 59b78fe5e224f029d39daf255366d7af
SHA1 d4e312c197b02fa00b5d0e3489256634aa369edd
SHA256 bac0583eeb6e481a403e5091e45df4b492195366e50fcb12deeff638cbfad878
ssdeep
3072:InJWMTx9Ymwnv33w/v5DzawNuZoJIDI8grin7Q:a9jMvQpDOwrjJrin

authentihash c13eea228a5d7cd44e2bcfd6c89b13f267343152872b1904d855c8d23d2245da
imphash ea5e52358c5cd8b2a8f83a6225e905ab
File size 128.0 KB ( 131072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-06 11:10:53 UTC ( 1 year, 5 months ago )
Last submission 2018-07-01 22:25:45 UTC ( 7 months, 3 weeks ago )
File names style.exe
VirusShare_59b78fe5e224f029d39daf255366d7af
output.112053477.txt
dhLGcaT9.exe
style.png
bac0583eeb6e481a403e5091e45df4b492195366e50fcb12deeff638cbfad878.malware
FFCa9j9ru.exe
164_08_31_2017_22_44_17_164.exe.malware.MRG
59b78fe5e224f029d39daf255366d7af.vir
output.112050727.txt
style[1].png
MSJTER40.
style.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications