× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c1fb0eceaab0ce12e69f4ad1d507fdeb4938c035c34569cf6853f3a5a01d72e5
File name: c1fb0eceaab0ce12e69f4ad1d507fdeb4938c035c34569cf6853f3a5a01d72e5
Detection ratio: 8 / 67
Analysis date: 2019-04-16 17:00:20 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190415
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cybereason malicious.0a0ebe 20190403
Endgame malicious (moderate confidence) 20190403
FireEye Generic.mg.ba9e7159bb92c152 20190416
Microsoft Trojan:Win32/Emotet.AC!bit 20190416
Palo Alto Networks (Known Signatures) generic.ml 20190416
Rising Downloader.Tovkater!8.E5CE/N3#92% (RDM+:cmRtazphkW0XyEkw6xlSLucAIKem) 20190416
Ad-Aware 20190416
AegisLab 20190416
AhnLab-V3 20190416
Alibaba 20190402
ALYac 20190416
Antiy-AVL 20190416
Arcabit 20190416
Avast 20190416
Avast-Mobile 20190415
AVG 20190416
Avira (no cloud) 20190416
Babable 20180918
Baidu 20190318
BitDefender 20190416
Bkav 20190416
CAT-QuickHeal 20190416
ClamAV 20190416
CMC 20190321
Comodo 20190416
Cyren 20190416
DrWeb 20190416
eGambit 20190416
Emsisoft 20190416
ESET-NOD32 20190416
F-Secure 20190416
Fortinet 20190416
GData 20190416
Ikarus 20190416
Sophos ML 20190313
Jiangmin 20190416
K7AntiVirus 20190416
K7GW 20190416
Kaspersky 20190416
Kingsoft 20190416
Malwarebytes 20190416
MAX 20190416
McAfee 20190416
McAfee-GW-Edition 20190416
eScan 20190416
NANO-Antivirus 20190416
Panda 20190416
Qihoo-360 20190416
SentinelOne (Static ML) 20190407
Sophos AV 20190416
SUPERAntiSpyware 20190410
Symantec Mobile Insight 20190410
TACHYON 20190416
Tencent 20190416
TheHacker 20190411
TotalDefense 20190416
Trapmine 20190325
TrendMicro-HouseCall 20190416
Trustlook 20190416
VBA32 20190416
VIPRE 20190416
ViRobot 20190416
Yandex 20190415
Zillya 20190416
ZoneAlarm by Check Point 20190416
Zoner 20190416
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Saynation
Original name Saynation.exe
File version 9.3.47.89
Description Saynation
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-04-16 14:14:19
Entry Point 0x0001D917
Number of sections 5
PE sections
PE imports
SetPixel
PatBlt
GetTextExtentPoint32A
StretchBlt
CreateCompatibleBitmap
AreFileApisANSI
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
EnumSystemLocalesW
CompareStringW
HeapAlloc
TlsAlloc
VirtualProtect
FlushFileBuffers
GetModuleFileNameA
HeapSize
RtlUnwind
RaiseException
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
GetUserDefaultLCID
GetDateFormatW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
GetTimeFormatW
SetEndOfFile
WideCharToMultiByte
TlsFree
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
IsDebuggerPresent
TerminateProcess
GetTimeZoneInformation
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
GetEnvironmentStringsW
TlsGetValue
Sleep
SetLastError
ReadConsoleW
TlsSetValue
EncodePointer
GetCurrentThreadId
GetLocaleInfoW
ExitProcess
WriteConsoleW
LeaveCriticalSection
LZRead
LZSeek
LZOpenFileA
LZDone
LZStart
LZClose
LZInit
GetAsyncKeyState
BeginDeferWindowPos
CreateMenu
LoadCursorA
UpdateWindow
UnregisterHotKey
TranslateMessage
EnumChildWindows
GetMessagePos
DeferWindowPos
GetClassNameA
SetWindowPos
RegisterWindowMessageA
GetWindowTextA
FindWindowA
GetDC
Number of PE resources by type
RT_ICON 15
RT_GROUP_ICON 2
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 19
PE resources
Debug information
ExifTool file metadata
CodeSize
216576

SubsystemVersion
6.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.3.47.89

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
Saynation

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
ASCII

InitializedDataSize
348672

EntryPoint
0x1d917

OriginalFileName
Saynation.exe

MIMEType
application/octet-stream

FileVersion
9.3.47.89

TimeStamp
2014:04:16 16:14:19+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
9.3.47.89

UninitializedDataSize
0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Noon machine Technossus

LegalTrademarks
Saynation

ProductName
Saynation

ProductVersionNumber
9.3.47.89

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ba9e7159bb92c1525de87f4edd9f5af9
SHA1 92a64be0a0ebe35eaaa80c6aefd562492bf83dfa
SHA256 c1fb0eceaab0ce12e69f4ad1d507fdeb4938c035c34569cf6853f3a5a01d72e5
ssdeep
6144:Fb4rkLd9ZV3v7XW6rSd4fjMiRYLNf3xoNSoZO:Jy8v7jSd4bT2V3xwZO

authentihash e8ced3c9e7a7be498d8e4f2bd3940ee14c475f00222c17ac7d08bc64d57b543f
imphash 336ecc659840d4e979bcbe75d0e8c2da
File size 544.0 KB ( 557056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-04-16 16:42:24 UTC ( 1 month, 1 week ago )
Last submission 2019-05-03 17:19:17 UTC ( 3 weeks, 2 days ago )
File names Jqb_t6.exe
w_q.exe
op0_mj.exe
jh_SDu.exe
40_GpS.exe
b3_9SP.exe
y_2R.exe
emotet_exe_e2_c1fb0eceaab0ce12e69f4ad1d507fdeb4938c035c34569cf6853f3a5a01d72e5_2019-04-16__164003.exe_
s_V.exe
output.124137908.txt
eec_PW.exe
o_6.exe
py_VII.exe
K_xz.exe
yz_SH0.exe
HFj_s.exe
IkK_lL.exe
h_906.exe
jim_z.exe
l_O.exe
hD0_KxV.exe
output.124361539.txt
4Q_mx.exe
YF_tiJ.exe
Saynation.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!