× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c3e7c6504436fde498df5123812a3e15a4747974a5374b3eef561460c405a683
File name: c3e7c6504436fde498df5123812a3e15a4747974a5374b3eef561460c405a683
Detection ratio: 12 / 67
Analysis date: 2018-09-19 02:34:27 UTC ( 5 months ago ) View latest
Antivirus Result Update
CAT-QuickHeal Trojan.Emotet.X4 20180918
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180919
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKTI 20180918
Sophos ML heuristic 20180717
Microsoft Trojan:Win32/Fuerboos.A!cl 20180918
Panda Generic Suspicious 20180918
Qihoo-360 HEUR/QVM20.1.F4ED.Malware.Gen 20180919
Rising Trojan.Emotet!8.B95 (TFE:dGZlOgPzU/m1BsHLfQ) 20180919
SentinelOne (Static ML) static engine - malicious 20180830
Symantec ML.Attribute.HighConfidence 20180918
Ad-Aware 20180917
AegisLab 20180919
AhnLab-V3 20180918
Alibaba 20180713
ALYac 20180919
Antiy-AVL 20180919
Arcabit 20180919
Avast 20180919
Avast-Mobile 20180918
AVG 20180919
Avira (no cloud) 20180918
AVware 20180919
Babable 20180918
Baidu 20180914
BitDefender 20180919
Bkav 20180915
ClamAV 20180918
CMC 20180918
Comodo 20180919
Cybereason 20180225
Cyren 20180919
DrWeb 20180919
eGambit 20180919
Emsisoft 20180919
F-Prot 20180919
F-Secure 20180919
Fortinet 20180919
GData 20180919
Jiangmin 20180919
K7AntiVirus 20180918
K7GW 20180918
Kaspersky 20180919
Kingsoft 20180919
Malwarebytes 20180919
MAX 20180919
McAfee 20180919
McAfee-GW-Edition 20180919
eScan 20180919
NANO-Antivirus 20180918
Palo Alto Networks (Known Signatures) 20180919
Sophos AV 20180919
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180918
TACHYON 20180919
Tencent 20180919
TheHacker 20180918
TotalDefense 20180918
TrendMicro 20180918
TrendMicro-HouseCall 20180918
Trustlook 20180919
VBA32 20180918
VIPRE 20180918
ViRobot 20180918
Webroot 20180919
Yandex 20180917
Zillya 20180918
ZoneAlarm by Check Point 20180918
Zoner 20180918
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 1998 - 2003 GTek Technologies Ltd.

Product GTCoach
Internal name keyboard
File version 1, 0, 0, 14
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-19 09:30:59
Entry Point 0x000207B6
Number of sections 8
PE sections
PE imports
IsValidAcl
CryptDestroyKey
InitiateSystemShutdownA
GetFileSecurityW
MakeSelfRelativeSD
CryptSetHashParam
RegDeleteValueA
QueryUsersOnEncryptedFile
DeleteAce
AVIStreamStart
ImageList_SetBkColor
PageSetupDlgA
ChooseFontA
CryptMsgSignCTL
PFXExportCertStoreEx
CryptStringToBinaryA
GetGlyphIndicesW
PaintRgn
SetArcDirection
ArcTo
ImmGetCompositionWindow
GetIpAddrTable
CreateFileMappingW
ReplaceFileA
GetDateFormatA
EnumResourceTypesA
SetCommConfig
GetProcessShutdownParameters
GetModuleHandleA
MapViewOfFileEx
OpenSemaphoreA
_lopen
InterlockedDecrement
GetTickCount
TlsSetValue
DeleteTimerQueueTimer
IsDBCSLeadByte
AddRefActCtx
GetStringTypeW
FindFirstChangeNotificationW
MprAdminPortEnum
MprConfigInterfaceGetInfo
acmStreamOpen
ICSeqCompressFrameStart
ICDrawBegin
NetLocalGroupGetMembers
NetLocalGroupAddMembers
NetApiBufferReallocate
VARIANT_UserFree
SafeArrayAllocDescriptorEx
BSTR_UserFree
RevokeActiveObject
RasGetAutodialAddressA
RasGetEntryPropertiesA
RpcServerTestCancel
NdrSimpleTypeUnmarshall
I_RpcNegotiateTransferSyntax
NdrAsyncServerCall
SetupDiSetDeviceInstallParamsA
CM_Get_Device_Interface_List_SizeW
CM_Get_DevNode_Custom_PropertyW
SetupDiSelectDevice
SetupDiGetClassDescriptionExA
SetupDiGetDeviceInstanceIdW
ShellAboutA
Shell_NotifyIconA
AssocQueryKeyW
ChrCmpIW
StrRChrW
PathFileExistsW
PathUnExpandEnvStringsW
PathGetArgsA
PathFindOnPathW
SHRegOpenUSKeyA
StrStrW
SHRegWriteUSValueW
TranslateNameW
GetUserNameExA
EmptyClipboard
GetDesktopWindow
OemToCharBuffA
ScrollWindowEx
SetRectEmpty
CharLowerW
GetDlgItemInt
SetActiveWindow
SetScrollInfo
ReleaseDC
GetRawInputDeviceInfoW
GetRawInputData
CharLowerBuffA
BringWindowToTop
SetScrollRange
IsCharLowerW
InvalidateRect
LoadMenuIndirectA
FindWindowExA
GetSysColorBrush
CopyAcceleratorTableW
CreateCursor
CloseClipboard
GetMenuContextHelpId
InternetOpenUrlW
CloseDriver
timeGetTime
mciGetCreatorTask
midiOutMessage
timeSetEvent
mixerGetControlDetailsA
CryptCATAdminAddCatalog
CryptCATGetMemberInfo
CryptCATCDFEnumAttributes
WTHelperGetProvCertFromChain
getpeername
getservbyport
SCardListCardsW
SCardGetStatusChangeA
wcscoll
setvbuf
getchar
HGLOBAL_UserFree
RegisterDragDrop
OleIsRunning
CoSwitchCallContext
CoResumeClassObjects
FreePropVariantArray
PropVariantClear
HICON_UserSize
CoGetObjectContext
PdhBrowseCountersW
PdhOpenQueryH
CoInternetIsFeatureEnabledForUrl
RegisterBindStatusCallback
Number of PE resources by type
RT_VERSION 1
WAVE 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.14

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
263680

EntryPoint
0x207b6

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 1998 - 2003 GTek Technologies Ltd.

FileVersion
1, 0, 0, 14

TimeStamp
2018:09:19 11:30:59+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
keyboard

ProductVersion
3, 0, 0, 1

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
GTek Technologies Ltd.

CodeSize
0

ProductName
GTCoach

ProductVersionNumber
3.0.0.1

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 e17e50c41bcd7c1095b9b048c79b6dd5
SHA1 b964adfb730fd0b943f4f44a9edd881fd77cf72e
SHA256 c3e7c6504436fde498df5123812a3e15a4747974a5374b3eef561460c405a683
ssdeep
6144:9dzLkVchU+stnCXzi5A7sk3MesTBlGQ1AlGC1Gyn:7WrA7sk3bQ0V3n

authentihash 1c6700b000c4b4a95121c9a2375b3b334c243e8df6f0911295bbfeb418cf6d06
imphash 8c5ab45e363c9f94898358ea38af07aa
File size 385.0 KB ( 394240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-19 02:34:27 UTC ( 5 months ago )
Last submission 2018-09-19 02:34:27 UTC ( 5 months ago )
File names lzyCLY86QF4.exe
RmoCG22A.exe
B799ml9mgIFN.exe
nfIqvyrPdNAu.exe
AXPr88CFz84X.exe
keyboard
Q3Jk2mm49e0i.exe
mxm1NNb7y2Q9.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs