× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bfdf4cfa049e58fb392bcc186daf9f9725252bbad14b16e6c284fc8cf15c743d
File name: mese
Detection ratio: 9 / 65
Analysis date: 2017-09-22 09:56:23 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170922
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170804
Cylance Unsafe 20170922
Endgame malicious (high confidence) 20170821
Sophos ML heuristic 20170914
Qihoo-360 HEUR/QVM10.1.0386.Malware.Gen 20170922
Rising Malware.Heuristic!ET#97% (RDM+:cmRtazpFmXFYNXDCI2bcLrJ93qmh) 20170922
Symantec ML.Attribute.HighConfidence 20170922
Tencent Suspicious.Heuristic.Gen.b.0 20170922
Ad-Aware 20170922
AegisLab 20170922
AhnLab-V3 20170922
Alibaba 20170911
ALYac 20170922
Antiy-AVL 20170922
Arcabit 20170922
Avast 20170922
Avast-Mobile 20170922
AVG 20170922
Avira (no cloud) 20170922
AVware 20170922
BitDefender 20170922
CAT-QuickHeal 20170922
ClamAV 20170922
CMC 20170920
Comodo 20170922
Cyren 20170922
DrWeb 20170922
Emsisoft 20170922
ESET-NOD32 20170922
F-Prot 20170922
F-Secure 20170922
Fortinet 20170922
GData 20170922
Ikarus 20170922
Jiangmin 20170922
K7AntiVirus 20170922
K7GW 20170922
Kaspersky 20170921
Kingsoft 20170922
Malwarebytes 20170922
MAX 20170922
McAfee 20170922
McAfee-GW-Edition 20170922
Microsoft 20170922
eScan 20170922
NANO-Antivirus 20170922
nProtect 20170922
Palo Alto Networks (Known Signatures) 20170922
Panda 20170921
SentinelOne (Static ML) 20170806
Sophos AV 20170922
SUPERAntiSpyware 20170922
Symantec Mobile Insight 20170922
TheHacker 20170921
TotalDefense 20170922
TrendMicro 20170922
TrendMicro-HouseCall 20170922
Trustlook 20170922
VBA32 20170922
VIPRE 20170922
ViRobot 20170922
Webroot 20170922
WhiteArmor 20170829
Yandex 20170908
Zillya 20170922
ZoneAlarm by Check Point 20170922
Zoner 20170922
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-01-19 04:37:38
Entry Point 0x00004E74
Number of sections 4
PE sections
PE imports
GetTokenInformation
SetSecurityDescriptorDacl
OpenProcessToken
FreeSid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeSecurityDescriptor
OpenThreadToken
InitializeAcl
LookupAccountNameW
SetFileSecurityA
CreateToolbarEx
ImageList_Add
SetGraphicsMode
PatBlt
CreatePen
SetDCBrushColor
GetTextMetricsA
SetStretchBltMode
ExcludeClipRect
SetDCPenColor
ChoosePixelFormat
CreateHalftonePalette
SetTextColor
SetViewportOrgEx
SetArcDirection
SetPixelFormat
SetTextAlign
SelectClipRgn
SetBrushOrgEx
SelectObject
CreateSolidBrush
Polyline
SetBkColor
DeleteObject
LoadResource
GetLastError
GetNumberFormatA
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
OpenProcess
GetModuleFileNameW
GetConsoleCP
AreFileApisANSI
GetOEMCP
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
DuplicateHandle
UpdateResourceA
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
SizeofResource
GetConsoleMode
DecodePointer
GetCurrentProcessId
lstrcatA
LockResource
WideCharToMultiByte
EnumResourceTypesA
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
FindResourceExA
RaiseException
UnhandledExceptionFilter
GetCPInfo
LoadLibraryW
TlsFree
ReadFile
SetEndOfFile
SetUnhandledExceptionFilter
WriteFile
SetConsoleTitleA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FreeResource
IsDebuggerPresent
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
SetLastError
CreateFileW
TlsGetValue
Sleep
GetFileType
ReadConsoleW
TlsSetValue
EncodePointer
GetCurrentThreadId
GetCurrentThread
ExitProcess
WriteConsoleW
LeaveCriticalSection
NetConfigSet
NetUnjoinDomain
glShadeModel
glEnable
glClearColor
wglCreateContext
glDepthFunc
glHint
glClearDepth
MapWindowPoints
CreateWindowExA
EndDialog
BeginPaint
OffsetRect
SendInput
DdeImpersonateClient
ShowWindow
DefWindowProcA
FindWindowA
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
GetWindowRect
EndPaint
DdeKeepStringHandle
SetWindowLongA
GetSysColor
SetActiveWindow
GetDC
ReleaseDC
GetWindowLongA
FindWindowExA
SendMessageA
GetClientRect
DdeNameService
GetDlgItem
GetMenuCheckMarkDimensions
DeleteMenu
wsprintfA
GetWindowTextLengthA
CreateMenu
FillRect
GetSystemMenu
GetUpdateRect
ModifyMenuA
CoInitializeEx
CoInitializeSecurity
PdhBrowseCountersA
Number of PE resources by type
RT_STRING 14
RT_DIALOG 12
PNG 11
RPDATA 5
RT_GROUP_CURSOR 3
RT_CURSOR 3
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 51
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:01:19 05:37:38+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
90624

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x4e74

InitializedDataSize
289280

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 9e70aadb3b606c4d8587380ce762f600
SHA1 92863fc13c3caff8282a7712ed8d022898256bd8
SHA256 bfdf4cfa049e58fb392bcc186daf9f9725252bbad14b16e6c284fc8cf15c743d
ssdeep
6144:xThnfmSguuMoINlrnTRJT460W3D7vcVUgrX5JbvqAIV+hX+iKqw0M8T+xZv:x89uuMoylr1CDk7vcygrX5Bv4qX+q0H

authentihash 7e84d0f7ce43374efa57bc4271db42598089781baf2b133cdd665049f464d85f
imphash 03b64c490ec058e9cac6d972c1de89a4
File size 372.0 KB ( 380928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-22 09:56:23 UTC ( 1 year, 6 months ago )
Last submission 2018-03-20 17:02:08 UTC ( 1 year ago )
File names VirusShare_9e70aadb3b606c4d8587380ce762f600
mese
9e70aadb3b606c4d8587380ce762f600.virobj
zeus panda payload
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Searched windows
Runtime DLLs
UDP communications