× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb161cf820d6f018fe5d3bf4165852d43774b3ec9340b915e7f5c7079242dcba
File name: update.exe
Detection ratio: 15 / 66
Analysis date: 2018-05-17 02:46:10 UTC ( 9 months ago ) View latest
Antivirus Result Update
Avast Win32:Adware-gen [Adw] 20180517
AVG Win32:Adware-gen [Adw] 20180517
Avira (no cloud) ADWARE/Zdengo.oiyca 20180516
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9966 20180511
Comodo ApplicUnwnt 20180516
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20180418
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/Adware.Zdengo.AJV 20180517
Sophos ML heuristic 20180503
Kaspersky not-a-virus:AdWare.Win32.Wajam.apbk 20180517
Malwarebytes Adware.Wajam 20180516
Panda PUP/Generic 20180516
Sophos AV Generic PUA GE (PUA) 20180517
Webroot W32.Adware.Gen 20180517
ZoneAlarm by Check Point not-a-virus:AdWare.Win32.Wajam.apbk 20180517
Ad-Aware 20180517
AegisLab 20180517
AhnLab-V3 20180516
Alibaba 20180516
ALYac 20180517
Antiy-AVL 20180517
Arcabit 20180517
Avast-Mobile 20180516
AVware 20180428
Babable 20180406
BitDefender 20180517
Bkav 20180516
CAT-QuickHeal 20180516
ClamAV 20180516
CMC 20180516
Cybereason None
Cylance 20180517
Cyren 20180517
eGambit 20180517
Emsisoft 20180517
F-Prot 20180517
F-Secure 20180517
Fortinet 20180517
GData 20180517
Ikarus 20180516
Jiangmin 20180517
K7AntiVirus 20180516
K7GW 20180516
Kingsoft 20180517
MAX 20180517
McAfee 20180517
McAfee-GW-Edition 20180517
Microsoft 20180516
eScan 20180517
NANO-Antivirus 20180517
nProtect 20180517
Palo Alto Networks (Known Signatures) 20180517
Qihoo-360 20180517
Rising 20180517
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180517
Symantec 20180516
Symantec Mobile Insight 20180517
Tencent 20180517
TheHacker 20180516
TotalDefense 20180516
TrendMicro 20180517
TrendMicro-HouseCall 20180516
Trustlook 20180517
VBA32 20180516
VIPRE 20180517
ViRobot 20180516
Yandex 20180516
Zillya 20180516
Zoner 20180517
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-25 13:52:55
Entry Point 0x0002AA6B
Number of sections 5
PE sections
Overlays
MD5 a22dd6238f28cb700fa8678140e76341
File type font/x-snf
Offset 310784
Size 6878721
Entropy 8.00
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegEnumKeyW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SelectObject
CreateBrushIndirect
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetStdHandle
WaitForSingleObject
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
SetStdHandle
GetCPInfo
LoadLibraryW
GetDiskFreeSpaceW
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
OutputDebugStringW
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
lstrcmpiW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
SetFilePointer
GetFullPathNameW
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
SearchPathW
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
lstrcmpiA
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetWindowsDirectoryW
GetFileSize
OpenProcess
GetModuleHandleW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GetTempFileNameW
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
lstrcpyA
FindFirstFileW
lstrcmpW
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetShortPathNameW
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
CompareFileTime
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
WritePrivateProfileStringW
lstrcpynW
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
IsValidCodePage
WriteFile
CreateProcessW
Sleep
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EnableWindow
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
SetWindowPos
SendMessageTimeoutW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EndPaint
SetWindowTextW
CharUpperW
DialogBoxParamW
AppendMenuW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
SetDlgItemTextW
DispatchMessageW
CreateDialogParamW
BeginPaint
CreatePopupMenu
GetDC
SendMessageW
SetClipboardData
GetWindowLongW
FindWindowExW
IsWindowVisible
DestroyWindow
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
SystemParametersInfoW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
CharNextW
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
CharNextA
CheckDlgButton
LoadCursorW
GetSystemMenu
GetClassInfoW
CreateWindowExW
wsprintfW
CloseClipboard
DrawTextW
OpenClipboard
ExitWindowsEx
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 5
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:05:25 14:52:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
210432

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x2aa6b

InitializedDataSize
3868160

SubsystemVersion
5.1

ImageVersion
6.0

OSVersion
5.1

UninitializedDataSize
2048

File identification
MD5 3cce3de3c2982edcc2a7ddcbef1179b0
SHA1 64695b9dda741b9a3d422f9244374b7ce47f7a71
SHA256 bb161cf820d6f018fe5d3bf4165852d43774b3ec9340b915e7f5c7079242dcba
ssdeep
98304:8ctEzWJi0ikY8u+tTu/fR/b0Wl3y1+sIR/hrr26DJCdEPv0Eve834H2oo5uQT+fY:8chi0pY8Pu/J/hl3y1SBadinvTTzpFHh

authentihash 44db816e8fbc1e8b11933e4ce0845bc388436592f4a58fa791ca20080321d3d1
imphash 4806b4197823b45fcaf025f7c0a07e1f
File size 6.9 MB ( 7189505 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2018-05-16 17:02:01 UTC ( 9 months ago )
Last submission 2018-05-27 17:55:59 UTC ( 8 months, 3 weeks ago )
File names LJpyfukeO.exe
social2search.exe
update.exe
Setup2.exe
update.exe
s2s.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs