× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c19711253b59d2b094e269ba8d8e2baf2807a8dd8be129efa8f27f4c8ef05cb4
File name: j.exe
Detection ratio: 24 / 65
Analysis date: 2018-07-04 08:26:38 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.74978 20180704
ALYac Gen:Variant.Symmi.74978 20180704
Arcabit Trojan.Symmi.D124E2 20180704
BitDefender Gen:Variant.Symmi.74978 20180704
ClamAV Win.Malware.Fareit-6597973-0 20180704
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180530
Cybereason malicious.25b8f0 20180225
Cylance Unsafe 20180704
Emsisoft Trojan.Injector (A) 20180704
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Injector.DYZT 20180704
Fortinet W32/GenKryptik.CEBC!tr 20180704
GData Gen:Variant.Symmi.74978 20180704
Sophos ML heuristic 20180601
Malwarebytes Spyware.PasswordStealer 20180704
MAX malware (ai score=88) 20180704
McAfee Fareit-FLA!8EE498B25B8F 20180704
McAfee-GW-Edition BehavesLike.Win32.Fareit.bh 20180704
Microsoft Trojan:Win32/Fuerboos.C!cl 20180704
eScan Gen:Variant.Symmi.74978 20180704
Qihoo-360 HEUR/QVM03.0.4651.Malware.Gen 20180704
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/FareitVB-N 20180704
Symantec ML.Attribute.HighConfidence 20180704
AegisLab 20180704
AhnLab-V3 20180703
Alibaba 20180704
Antiy-AVL 20180704
Avast 20180704
Avast-Mobile 20180704
AVG 20180704
Avira (no cloud) 20180703
AVware 20180704
Babable 20180406
Baidu 20180704
Bkav 20180704
CAT-QuickHeal 20180704
CMC 20180703
Comodo 20180704
Cyren 20180704
DrWeb 20180704
eGambit 20180704
F-Prot 20180704
Jiangmin 20180703
K7AntiVirus 20180704
K7GW 20180704
Kaspersky 20180704
Kingsoft 20180704
NANO-Antivirus 20180704
Palo Alto Networks (Known Signatures) 20180704
Panda 20180703
Rising 20180704
SUPERAntiSpyware 20180704
TACHYON 20180704
Tencent 20180704
TheHacker 20180628
TrendMicro 20180704
TrendMicro-HouseCall 20180704
Trustlook 20180704
VBA32 20180629
VIPRE 20180704
ViRobot 20180704
Webroot 20180704
Yandex 20180703
Zillya 20180703
ZoneAlarm by Check Point 20180704
Zoner 20180703
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
SOurcefire, INc.

Product FIleZilla PRoject
Original name Cemensky1.exe
Internal name Cemensky1
File version 3.02
Description CAmStudio GRoup
Comments HUawei
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-02 07:40:36
Entry Point 0x000028E0
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(645)
_CIcos
__vbaStrCmp
Ord(521)
_allmul
_adj_fdivr_m64
_adj_fprem
__vbaR8ErrVar
__vbaVarDiv
__vbaStrComp
Ord(525)
__vbaObjVar
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(526)
Ord(693)
__vbaStrToUnicode
Ord(617)
EVENT_SINK_QueryInterface
__vbaStrCopy
__vbaR8Sgn
Ord(673)
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
__vbaLateMemCall
_adj_fdivr_m16i
EVENT_SINK_Release
__vbaCyMul
_adj_fdiv_r
Ord(100)
__vbaVarSetObjAddref
__vbaFreeVar
Ord(562)
_adj_fpatan
Ord(520)
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(575)
__vbaLsetFixstr
__vbaVarTstEq
_adj_fptan
Ord(685)
_CItan
__vbaObjSet
__vbaI4Var
__vbaVarMove
_CIatan
__vbaNew2
__vbaOnError
_adj_fdivr_m32i
Ord(546)
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFreeStrList
__vbaFpI4
__vbaFreeStr
_adj_fdiv_m16i
__vbaExceptHandler
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
692224

SubsystemVersion
4.0

Comments
HUawei

LinkerVersion
6.0

ImageVersion
3.2

FileSubtype
0

FileVersionNumber
3.2.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
CAmStudio GRoup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
45056

EntryPoint
0x28e0

OriginalFileName
Cemensky1.exe

MIMEType
application/octet-stream

LegalCopyright
SOurcefire, INc.

FileVersion
3.02

TimeStamp
2018:07:02 08:40:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Cemensky1

ProductVersion
3.02

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
aVG TEchnologies

LegalTrademarks
WOrldcoin

ProductName
FIleZilla PRoject

ProductVersionNumber
3.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 8ee498b25b8f0170cca2570b6b87e276
SHA1 46dfcf8b7012b3e8cc1dd1c53fb26dcd34883ed6
SHA256 c19711253b59d2b094e269ba8d8e2baf2807a8dd8be129efa8f27f4c8ef05cb4
ssdeep
12288:g79+6H51OeD8k+Y89VWVAvHyHE3HpcrTy/4J+E:gYeD8km9QmvHrHpcrJJF

authentihash 82e5fd4eca852c00eaaa4111c04b975893488db12cdb4fd14078897c50662b61
imphash 5e7008fbb706d5039ec18fb9549227cc
File size 720.0 KB ( 737280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-04 08:26:38 UTC ( 10 months, 3 weeks ago )
Last submission 2018-10-25 21:09:08 UTC ( 7 months ago )
File names Cemensky1
8ee498b25b8f0170cca2570b6b87e276.vir
j.exe
6d34a8315648851ff7bc310535ccdba8b536c667
Cemensky1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.