× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c245be38e88371cf478f20ff2c7c4c7d5c9d03787e585520026a235265850406
File name: Purchase_Order_List_Aug.exe
Detection ratio: 12 / 64
Analysis date: 2017-08-22 18:22:19 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170822
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Injector.DQXR 20170822
Ikarus Win32.Outbreak 20170822
Kaspersky UDS:DangerousObject.Multi.Generic 20170822
McAfee Artemis!4480E09F6EE5 20170822
McAfee-GW-Edition Artemis 20170822
Palo Alto Networks (Known Signatures) generic.ml 20170822
Qihoo-360 HEUR/QVM03.0.56A7.Malware.Gen 20170822
SentinelOne (Static ML) static engine - malicious 20170806
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170822
Ad-Aware 20170822
AegisLab 20170822
AhnLab-V3 20170822
Alibaba 20170822
ALYac 20170822
Antiy-AVL 20170822
Arcabit 20170822
Avast 20170822
AVG 20170822
Avira (no cloud) 20170822
AVware 20170822
Baidu 20170822
BitDefender 20170822
CAT-QuickHeal 20170822
ClamAV 20170822
CMC 20170822
Comodo 20170822
Cyren 20170822
DrWeb 20170822
Emsisoft 20170822
F-Prot 20170822
F-Secure 20170822
Fortinet 20170822
GData 20170822
Sophos ML 20170822
Jiangmin 20170822
K7AntiVirus 20170822
K7GW 20170821
Kingsoft 20170822
Malwarebytes 20170822
MAX 20170822
Microsoft 20170822
eScan 20170822
NANO-Antivirus 20170822
nProtect 20170822
Panda 20170822
Rising 20170822
Sophos AV 20170822
SUPERAntiSpyware 20170822
Symantec 20170822
Symantec Mobile Insight 20170822
Tencent 20170822
TheHacker 20170821
TotalDefense 20170822
TrendMicro 20170822
TrendMicro-HouseCall 20170822
Trustlook 20170822
VBA32 20170822
VIPRE 20170822
ViRobot 20170822
Webroot 20170822
WhiteArmor 20170817
Yandex 20170821
Zillya 20170821
Zoner 20170822
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product https://Leai.Vei
Original name Misprint.exe
Internal name Misprint
File version 1.00.0007
Description XBui
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-22 08:53:08
Entry Point 0x0000109C
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(600)
Ord(538)
__vbaExceptHandler
Ord(100)
MethCallEngine
DllFunctionCall
Ord(526)
Ord(685)
Ord(553)
Ord(575)
EVENT_SINK_Release
EVENT_SINK_AddRef
Ord(676)
Ord(545)
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.7

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
65536

EntryPoint
0x109c

OriginalFileName
Misprint.exe

MIMEType
application/octet-stream

FileVersion
1.00.0007

TimeStamp
2017:08:22 09:53:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Misprint

ProductVersion
1.00.0007

FileDescription
XBui

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
778240

ProductName
https://Leai.Vei

ProductVersionNumber
1.0.0.7

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4480e09f6ee5be0c93754d03856bdc9c
SHA1 e4810982c0442bc6d86f9bae348cb3f6d5b3a1fb
SHA256 c245be38e88371cf478f20ff2c7c4c7d5c9d03787e585520026a235265850406
ssdeep
12288:nx//ZIzhtU0yA5y84JQPR0RxiKveirFJx:n18hKXQPeRxnW+

authentihash e1488296354a398b12113c0e4bfd2b2d4665fab7002d2ff6ffbaeff2d2ee0bcc
imphash 467fa26f4c63025687b8ef3063461e92
File size 768.0 KB ( 786432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-22 18:22:19 UTC ( 1 year, 7 months ago )
Last submission 2018-05-19 00:04:41 UTC ( 11 months ago )
File names Misprint.exe
4480e09f6ee5be0c93754d03856bdc9c.vir
Purchase_Order_List_Aug.exe
Misprint
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
DNS requests
UDP communications