× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bfb120b45ffd594ebb95b4a23fb3f65b1099dd5045641cdd15de59c2296ca04d
File name: firefoxplugin_install.exe
Detection ratio: 13 / 64
Analysis date: 2017-10-03 19:13:38 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9826 20170930
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20171003
Cyren W32/VBInject.MG.gen!Eldorado 20171003
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Injector.DSDQ 20171003
F-Prot W32/VBInject.MG.gen!Eldorado 20171003
Sophos ML heuristic 20170914
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/FareitVB-M 20171003
Symantec ML.Attribute.HighConfidence 20171003
TrendMicro TSPY_HPFAREIT.SM 20171003
TrendMicro-HouseCall TSPY_HPFAREIT.SM 20171003
Ad-Aware 20171003
AegisLab 20171003
AhnLab-V3 20171003
Alibaba 20170911
ALYac 20171003
Arcabit 20171003
Avast 20171003
Avast-Mobile 20171003
AVG 20171003
Avira (no cloud) 20171003
AVware 20171003
BitDefender 20171003
Bkav 20170928
CAT-QuickHeal 20171003
ClamAV 20171003
CMC 20171003
Comodo 20171003
DrWeb 20171003
Emsisoft 20171003
F-Secure 20171003
Fortinet 20171003
GData 20171003
Ikarus 20171003
Jiangmin 20171003
K7AntiVirus 20171003
K7GW 20171003
Kaspersky 20171003
Kingsoft 20171003
Malwarebytes 20171003
MAX 20171003
McAfee 20171003
McAfee-GW-Edition 20171003
Microsoft 20171003
eScan 20171003
NANO-Antivirus 20171003
nProtect 20171003
Palo Alto Networks (Known Signatures) 20171003
Panda 20171003
Qihoo-360 20171003
SUPERAntiSpyware 20171003
Symantec Mobile Insight 20171003
Tencent 20171003
TheHacker 20171002
TotalDefense 20171003
Trustlook 20171003
VBA32 20171003
VIPRE 20171003
ViRobot 20171003
Webroot 20171003
WhiteArmor 20170927
Yandex 20170908
Zillya 20171003
ZoneAlarm by Check Point 20171003
Zoner 20171003
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
AIlusino jelusino

Product jIvegoGogic JNc.
Original name Matteo.exe
Internal name Matteo
File version 1.07.0005
Description CIhan jatham
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-03 07:46:37
Entry Point 0x000013D8
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaEnd
__vbaGenerateBoundsError
_allmul
_adj_fdivr_m64
_adj_fprem
Ord(712)
_adj_fpatan
EVENT_SINK_AddRef
Ord(675)
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaRedim
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaStrMove
_adj_fdiv_r
Ord(100)
__vbaFreeVar
_adj_fprem1
__vbaObjSetAddref
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
_CIcos
Ord(616)
EVENT_SINK_QueryInterface
_adj_fptan
__vbaI4Str
_CItan
Ord(613)
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaOnError
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
__vbaStrI2
__vbaStrToAnsi
Ord(588)
_adj_fdivr_m32
__vbaFreeStrList
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
DANISH DEFAULT 1
PE resources
ExifTool file metadata
LegalTrademarks
VIlusino jilusino

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.7

FileSubtype
0

FileVersionNumber
1.7.0.5

LanguageCode
Danish

FileFlagsMask
0x0000

FileDescription
CIhan jatham

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x13d8

OriginalFileName
Matteo.exe

MIMEType
application/octet-stream

LegalCopyright
AIlusino jelusino

FileVersion
1.07.0005

TimeStamp
2017:10:03 08:46:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Matteo

ProductVersion
1.07.0005

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CIricorm jad

CodeSize
442368

ProductName
jIvegoGogic JNc.

ProductVersionNumber
1.7.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bce445545b091879c3f26b2ab29f2cea
SHA1 7a3513ecabab7bb28b43ed1738af38a23084c541
SHA256 bfb120b45ffd594ebb95b4a23fb3f65b1099dd5045641cdd15de59c2296ca04d
ssdeep
6144:L2GQb5QKwsQbccl78AwIN0JqDRZohnfReWwSxC:L6b5fghZeJ0rUw

authentihash 0265cc0535a77b3a95aaef0e5f7105b6d233dbcbc1c25b2422377eece6b3f420
imphash 0b8a22258fec1a14f4551c98d5b8a421
File size 448.0 KB ( 458752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-03 19:13:38 UTC ( 1 year, 3 months ago )
Last submission 2017-10-05 00:55:04 UTC ( 1 year, 3 months ago )
File names firefoxplugin_install.exe
Matteo.exe
Matteo
firefoxplugin_install.exe
e728937fa350095e80e75239e258e7b6f66fc148
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications