× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: be2b27ced20e8025966d8fca5f18e180179bdbc31d6010b6054ad69cccd36375
File name: 8bedf43209e671d12a4bd88974aa1fec5efbc221
Detection ratio: 34 / 68
Analysis date: 2018-06-20 11:58:06 UTC ( 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30995027 20180620
AegisLab Ml.Attribute.Gen!c 20180620
AhnLab-V3 Trojan/Win32.Injector.R230320 20180620
ALYac Spyware.LokiBot 20180620
Arcabit Trojan.Generic.D1D8F253 20180620
Avast Win32:Malware-gen 20180620
AVG Win32:Malware-gen 20180620
BitDefender Trojan.GenericKD.30995027 20180620
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cylance Unsafe 20180620
Cyren W32/VBInject.PA.gen!Eldorado 20180620
Emsisoft Trojan.Injector (A) 20180620
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Injector.DYSD 20180620
F-Prot W32/VBInject.PA.gen!Eldorado 20180620
Fortinet W32/Malicious_Behavior.VEX 20180620
GData Trojan.GenericKD.30995027 20180620
Ikarus Trojan.Win32.Injector 20180620
Sophos ML heuristic 20180601
K7GW Trojan ( 00534cc11 ) 20180620
Kaspersky Backdoor.Win32.Androm.qast 20180620
Malwarebytes Spyware.PasswordStealer 20180620
MAX malware (ai score=94) 20180620
McAfee Fareit-FLA!B6369D969CB9 20180620
McAfee-GW-Edition Fareit-FLA!B6369D969CB9 20180620
eScan Trojan.GenericKD.30995027 20180620
Palo Alto Networks (Known Signatures) generic.ml 20180620
Panda Trj/GdSda.A 20180619
SentinelOne (Static ML) static engine - malicious 20180618
Sophos AV Mal/Generic-S 20180620
Symantec ML.Attribute.HighConfidence 20180620
TrendMicro TROJ_FRS.VSN13F18 20180620
TrendMicro-HouseCall TROJ_FRS.VSN13F18 20180620
ZoneAlarm by Check Point Backdoor.Win32.Androm.qast 20180620
Alibaba 20180620
Antiy-AVL 20180620
Avast-Mobile 20180620
Avira (no cloud) 20180620
AVware 20180618
Babable 20180406
Baidu 20180620
Bkav 20180620
CAT-QuickHeal 20180620
ClamAV 20180620
CMC 20180620
Comodo 20180620
Cybereason 20180225
DrWeb 20180620
eGambit 20180620
F-Secure 20180620
Jiangmin 20180620
K7AntiVirus 20180620
Kingsoft 20180620
Microsoft 20180620
NANO-Antivirus 20180620
Qihoo-360 20180620
Rising 20180620
SUPERAntiSpyware 20180620
Symantec Mobile Insight 20180619
TACHYON 20180620
Tencent 20180620
TheHacker 20180619
TotalDefense 20180620
Trustlook 20180620
VBA32 20180620
VIPRE 20180620
ViRobot 20180620
Webroot 20180620
Yandex 20180620
Zillya 20180620
Zoner 20180620
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
ASYb

Product Jav SOFtWaek
Original name Nude1.exe
Internal name Nude1
File version 7.02
Description HEWLEta-PACKAra Fs.
Comments epsoD
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-18 13:50:53
Entry Point 0x00001984
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(617)
EVENT_SINK_Release
__vbaRedim
__vbaVarDup
_adj_fdivr_m64
__vbaAryUnlock
_adj_fprem
Ord(607)
Ord(678)
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
__vbaStrToUnicode
_CIatan
__vbaInStr
__vbaCyMulI2
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaStrMove
_adj_fdiv_r
Ord(100)
__vbaAryLock
__vbaFreeVar
_CItan
_adj_fdiv_m64
__vbaUI1I4
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
__vbaLenBstrB
_allmul
Ord(575)
_CIcos
Ord(595)
EVENT_SINK_QueryInterface
_adj_fptan
Ord(685)
__vbaFileClose
Ord(581)
__vbaObjSet
__vbaVarMove
Ord(646)
__vbaErrorOverflow
__vbaRecUniToAnsi
__vbaRecAnsiToUni
__vbaNew2
__vbaOnError
_adj_fdivr_m32i
Ord(546)
__vbaAryDestruct
_CIexp
Ord(533)
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaFPFix
__vbaFreeStrList
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
TEAmviewwR GMaw

SubsystemVersion
4.0

Comments
epsoD

LinkerVersion
6.0

ImageVersion
7.2

FileSubtype
0

FileVersionNumber
7.2.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
HEWLEta-PACKAra Fs.

CharacterSet
Unicode

InitializedDataSize
380928

EntryPoint
0x1984

OriginalFileName
Nude1.exe

MIMEType
application/octet-stream

LegalCopyright
ASYb

FileVersion
7.02

TimeStamp
2018:06:18 14:50:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Nude1

ProductVersion
7.02

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PIRifora VF

CodeSize
667648

ProductName
Jav SOFtWaek

ProductVersionNumber
7.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b6369d969cb9c55af68d4fad68839274
SHA1 8e6da83d830b8a757760d2b2a8715d84805864ee
SHA256 be2b27ced20e8025966d8fca5f18e180179bdbc31d6010b6054ad69cccd36375
ssdeep
3072:Vnw6OStM0T7BPzakYvXdFM/LTQ+9TeTRwa1Rt3ccjN4Y37NoozVP1H91MuAaYb6e:VCJ04VvXKQcXW7SMt91MuApb2lB

authentihash d513bd6dc996d56bf799ace7cc63a403d26e42bd4652ded4ca1b27c583fa4616
imphash 6de0ee3cfa6059263bedaa9128618622
File size 1.0 MB ( 1048576 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-19 09:36:47 UTC ( 3 months, 1 week ago )
Last submission 2018-06-20 11:58:06 UTC ( 3 months ago )
File names dor001.exe
8bedf43209e671d12a4bd88974aa1fec5efbc221
Nude1.exe
Nude1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.