× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bd6b9940e87be866fd8cb893769c51a3e4266452f97270a97bc13685b420d308
File name: Romes
Detection ratio: 50 / 58
Analysis date: 2017-02-16 11:55:48 UTC ( 1 week, 4 days ago )
Antivirus Result Update
ALYac Trojan.GenericKD.3666825 20170216
AVG Generic_vb.NLO 20170216
AVware Trojan.Win32.Generic.pak!cobra 20170216
Ad-Aware Trojan.GenericKD.3666825 20170216
AegisLab Uds.Dangerousobject.Multi!c 20170216
AhnLab-V3 Trojan/Win32.Inject.C1671418 20170216
Antiy-AVL Trojan[Banker]/Win32.Emotet.fx 20170216
Arcabit Trojan.Generic.D37F389 20170216
Avast Win32:Malware-gen 20170216
Avira (no cloud) TR/Zbot.cdmf 20170216
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9794 20170216
BitDefender Trojan.GenericKD.3666825 20170216
CAT-QuickHeal Backdoor.Androm 20170216
Comodo UnclassifiedMalware 20170216
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170130
Cyren W32/Androm.WUNW-6165 20170216
DrWeb Trojan.Packed2.39204 20170216
ESET-NOD32 Win32/Spy.Zbot.ACM 20170216
Emsisoft Trojan.GenericKD.3666825 (B) 20170216
Endgame malicious (high confidence) 20170216
F-Prot W32/Androm.JJ 20170216
F-Secure Trojan.GenericKD.3666825 20170216
Fortinet W32/Agent.D63E!tr 20170216
GData Trojan.GenericKD.3666825 20170216
Ikarus Trojan.VB.Crypt 20170216
Invincea virtool.win32.vbinject.rt 20170203
Jiangmin Trojan.VB.wrp 20170216
K7AntiVirus Trojan ( 004fc3651 ) 20170216
K7GW Trojan ( 004fc3651 ) 20170216
Kaspersky Trojan-Banker.Win32.Emotet.fx 20170216
Malwarebytes Trojan.MalPack.VB 20170216
McAfee Generic.zv 20170216
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20170216
eScan Trojan.GenericKD.3666825 20170216
Microsoft VirTool:Win32/VBInject.AGW 20170216
NANO-Antivirus Trojan.Win32.Packed2.eigueu 20170216
Panda Trj/WLT.C 20170215
Qihoo-360 Win32/Trojan.Multi.daf 20170216
Rising Backdoor.Androm!8.113 (cloud:wouxo3pRhH) 20170216
Sophos Troj/VB-JHL 20170216
Symantec Trojan Horse 20170215
Tencent Win32.Backdoor.Androm.Hvaa 20170216
TrendMicro-HouseCall TSPY_ZBOT.YUYATN 20170216
VBA32 Backdoor.Androm 20170216
VIPRE Trojan.Win32.Generic.pak!cobra 20170216
ViRobot Backdoor.Win32.Agent.211358[h] 20170216
Webroot W32.Trojan.Gen 20170216
Yandex TrojanSpy.Zbot!R8ViDIluB4k 20170215
Zillya Trojan.Spy.Win32.2227 20170215
Zoner Trojan.Zbot 20170216
Alibaba 20170216
Bkav 20170216
CMC 20170216
ClamAV 20170216
Kingsoft 20170216
SUPERAntiSpyware 20170216
TheHacker 20170215
TotalDefense 20170216
Trustlook 20170216
WhiteArmor 20170215
nProtect 20170216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Manicor
Original name Romes.exe
Internal name Romes
File version 1.00.0127
Description Tan writes with breath-catching poise and grace, linguistic refinement and searching
Comments Today's DealsGift Cards & Registry SellHelp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-03 07:43:11
Entry Point 0x00001130
Number of sections 3
PE sections
Overlays
MD5 d5b47855de5a640cfad74eeee3e2419a
File type data
Offset 86016
Size 125342
Entropy 7.71
PE imports
EVENT_SINK_QueryInterface
Ord(645)
Ord(648)
Ord(685)
Ord(594)
Ord(689)
Ord(663)
EVENT_SINK_AddRef
Ord(707)
Ord(717)
Ord(583)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(578)
Ord(552)
Ord(100)
Ord(520)
Ord(571)
ProcCallEngine
Ord(711)
Ord(606)
EVENT_SINK_Release
Ord(706)
Ord(593)
Ord(581)
Ord(582)
Ord(545)
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
This duality invests the novel with a climate of doubt; a mood - as with Aritomo

SubsystemVersion
4.0

Comments
Today's DealsGift Cards & Registry SellHelp

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.127

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Tan writes with breath-catching poise and grace, linguistic refinement and searching

CharacterSet
Unicode

InitializedDataSize
45056

EntryPoint
0x1130

OriginalFileName
Romes.exe

MIMEType
application/octet-stream

FileVersion
1.00.0127

TimeStamp
2016:11:03 08:43:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Romes

ProductVersion
1.00.0127

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Flash accofe

CodeSize
61440

ProductName
Manicor

ProductVersionNumber
1.0.0.127

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 2f9cdc2a7ce846fe626e47451f7fd63e
SHA1 b8fcbf49aac665f338f1d3f8dd2120a2d987006e
SHA256 bd6b9940e87be866fd8cb893769c51a3e4266452f97270a97bc13685b420d308
ssdeep
6144:hgFOOOaOOOvfbXfKl2sxgobNVR4eg5rR85:+iDv1sxDbNVsG

authentihash 7aafb44ad14b2d3f675ad8cf8b2db6aabe5abfb0bde4d81f6814d16a9b8215f4
imphash 3341a62b87005e8f855678e871cab613
File size 206.4 KB ( 211358 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-11-03 08:31:46 UTC ( 3 months, 3 weeks ago )
Last submission 2017-02-16 11:55:48 UTC ( 1 week, 4 days ago )
File names 2f9cdc2a7ce846fe626e47451f7fd63e.exe
MultiplePaste.v2.2.exe
b8fcbf49aac665f338f1d3f8dd2120a2d987006e
Romes
8638549_M01.pdf8638549_D01_flat.pdf.exe.bin
Romes.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications