× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bd6b9940e87be866fd8cb893769c51a3e4266452f97270a97bc13685b420d308
File name: Romes
Detection ratio: 56 / 66
Analysis date: 2017-10-17 01:41:55 UTC ( 22 hours, 41 minutes ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.3666825 20171016
AegisLab Uds.Dangerousobject.Multi!c 20171017
AhnLab-V3 Trojan/Win32.Emotet.R206917 20171016
ALYac Trojan.GenericKD.3666825 20171017
Antiy-AVL Trojan[Banker]/Win32.Emotet.fx 20171017
Arcabit Trojan.Generic.D37F389 20171017
Avast Win32:Malware-gen 20171016
AVG Win32:Malware-gen 20171016
Avira (no cloud) TR/Zbot.cdmf 20171016
AVware Trojan.Win32.Generic.pak!cobra 20171016
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9794 20171016
BitDefender Trojan.GenericKD.3666825 20171017
CAT-QuickHeal Trojan.VBCrypt.MF.136 20171016
Comodo UnclassifiedMalware 20171017
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20171017
Cyren W32/Androm.WUNW-6165 20171017
eGambit malicious_confidence_99% 20171017
Emsisoft Trojan.GenericKD.3666825 (B) 20171016
Endgame malicious (high confidence) 20171016
ESET-NOD32 Win32/Spy.Zbot.ACM 20171016
F-Prot W32/Androm.JJ 20171017
F-Secure Trojan.GenericKD.3666825 20171017
Fortinet W32/Agent.D63E!tr 20171017
GData Win32.Trojan.Agent.0N3COW 20171017
Ikarus Trojan-Spy.Agent 20171016
Sophos ML heuristic 20170914
Jiangmin Trojan.VB.wrp 20171017
K7AntiVirus Trojan ( 004fc3651 ) 20171016
K7GW Trojan ( 004fc3651 ) 20171016
Kaspersky Trojan-Banker.Win32.Emotet.fx 20171017
Malwarebytes Trojan.MalPack.VB 20171017
MAX malware (ai score=100) 20171017
McAfee Generic.zv 20171017
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20171016
Microsoft VirTool:Win32/VBInject 20171017
eScan Trojan.GenericKD.3666825 20171016
NANO-Antivirus Trojan.Win32.Packed2.eoppka 20171016
Palo Alto Networks (Known Signatures) generic.ml 20171017
Panda Trj/WLT.C 20171016
Qihoo-360 Win32/Trojan.Multi.daf 20171017
Rising Backdoor.Win32.Androm.edg (CLASSIC) 20171017
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Troj/VB-JHL 20171017
Symantec Trojan Horse 20171016
Tencent Win32.Trojan-banker.Emotet.Hvaa 20171017
TrendMicro TSPY_ZBOT.YUYATN 20171017
TrendMicro-HouseCall TSPY_ZBOT.YUYATN 20171017
VBA32 Backdoor.Androm 20171016
VIPRE Trojan.Win32.Generic.pak!cobra 20171016
ViRobot Backdoor.Win32.Agent.211358 20171016
Webroot W32.Trojan.Gen 20171017
Yandex TrojanSpy.Zbot!R8ViDIluB4k 20171013
Zillya Trojan.Spy.Win32.2227 20171016
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.fx 20171017
Zoner Trojan.Zbot 20171017
Alibaba 20170911
Avast-Mobile 20171016
Bkav 20171016
ClamAV 20171016
CMC 20171016
Kingsoft 20171017
nProtect 20171017
SUPERAntiSpyware 20171016
Symantec Mobile Insight 20171011
TheHacker 20171015
TotalDefense 20171016
Trustlook 20171017
WhiteArmor 20171016
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Manicor
Original name Romes.exe
Internal name Romes
File version 1.00.0127
Description Tan writes with breath-catching poise and grace, linguistic refinement and searching
Comments Today's DealsGift Cards & Registry SellHelp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-03 07:43:11
Entry Point 0x00001130
Number of sections 3
PE sections
Overlays
MD5 d5b47855de5a640cfad74eeee3e2419a
File type data
Offset 86016
Size 125342
Entropy 7.71
PE imports
EVENT_SINK_QueryInterface
Ord(645)
Ord(648)
Ord(685)
Ord(594)
Ord(689)
Ord(663)
EVENT_SINK_AddRef
Ord(707)
Ord(717)
Ord(583)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(578)
Ord(552)
Ord(100)
Ord(520)
Ord(571)
ProcCallEngine
Ord(711)
Ord(606)
EVENT_SINK_Release
Ord(706)
Ord(593)
Ord(581)
Ord(582)
Ord(545)
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
This duality invests the novel with a climate of doubt; a mood - as with Aritomo

SubsystemVersion
4.0

Comments
Today's DealsGift Cards & Registry SellHelp

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.127

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Tan writes with breath-catching poise and grace, linguistic refinement and searching

CharacterSet
Unicode

InitializedDataSize
45056

EntryPoint
0x1130

OriginalFileName
Romes.exe

MIMEType
application/octet-stream

FileVersion
1.00.0127

TimeStamp
2016:11:03 08:43:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Romes

ProductVersion
1.00.0127

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Flash accofe

CodeSize
61440

ProductName
Manicor

ProductVersionNumber
1.0.0.127

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 2f9cdc2a7ce846fe626e47451f7fd63e
SHA1 b8fcbf49aac665f338f1d3f8dd2120a2d987006e
SHA256 bd6b9940e87be866fd8cb893769c51a3e4266452f97270a97bc13685b420d308
ssdeep
6144:hgFOOOaOOOvfbXfKl2sxgobNVR4eg5rR85:+iDv1sxDbNVsG

authentihash 7aafb44ad14b2d3f675ad8cf8b2db6aabe5abfb0bde4d81f6814d16a9b8215f4
imphash 3341a62b87005e8f855678e871cab613
File size 206.4 KB ( 211358 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-11-03 08:31:46 UTC ( 11 months, 2 weeks ago )
Last submission 2017-06-03 11:58:27 UTC ( 4 months, 2 weeks ago )
File names 2f9cdc2a7ce846fe626e47451f7fd63e.exe
MultiplePaste.v2.2.exe
b8fcbf49aac665f338f1d3f8dd2120a2d987006e
Romes
8638549_M01.pdf8638549_D01_flat.pdf.exe.bin
Romes.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications