× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c49dbbdfae96a0595c19e529a461cba1794a863d4c514b86e75cdd83e9e3648f
File name: hiacbacu.exe
Detection ratio: 28 / 64
Analysis date: 2019-02-27 11:54:16 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Gen:Variant.Ulise.28840 20190227
AhnLab-V3 Malware/Win32.Generic.C2380364 20190227
Arcabit Trojan.Ulise.D70A8 20190227
Avast Win32:Trojan-gen 20190227
AVG Win32:Trojan-gen 20190227
BitDefender Gen:Variant.Ulise.28840 20190227
CrowdStrike Falcon (ML) win/malicious_confidence_80% (D) 20190212
Cybereason malicious.35b5bb 20190109
DrWeb Trojan.Siggen8.7873 20190227
Emsisoft Gen:Variant.Ulise.28840 (B) 20190227
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GOVE 20190227
Fortinet W32/Kryptik.GOVE!tr 20190227
GData Gen:Variant.Ulise.28840 20190227
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005460ce1 ) 20190227
K7GW Trojan ( 005460ce1 ) 20190227
MAX malware (ai score=83) 20190227
Microsoft Trojan:Win32/Fuerboos.C!cl 20190227
eScan Gen:Variant.Ulise.28840 20190227
NANO-Antivirus Trojan.Win32.Kryptik.fnmblr 20190227
Panda Trj/GdSda.A 20190227
Rising Trojan.GenKryptik!8.AA55 (TFE:5:XvJAUI4HAbB) 20190227
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190227
VBA32 BScope.TrojanSpy.Noon 20190227
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190227
AegisLab 20190227
Alibaba 20180921
Antiy-AVL 20190227
Avast-Mobile 20190227
Avira (no cloud) 20190227
Babable 20180918
Baidu 20190215
CAT-QuickHeal 20190225
ClamAV 20190227
CMC 20190227
Comodo 20190227
Cyren 20190227
eGambit 20190227
F-Secure 20190227
Ikarus 20190227
Jiangmin 20190227
Kaspersky 20190227
Kingsoft 20190227
Malwarebytes 20190227
McAfee 20190227
McAfee-GW-Edition 20190227
Palo Alto Networks (Known Signatures) 20190227
Qihoo-360 20190227
Sophos AV 20190227
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
TACHYON 20190227
Tencent 20190227
TheHacker 20190225
TotalDefense 20190227
Trapmine 20190123
Trustlook 20190227
VIPRE 20190226
ViRobot 20190227
Webroot 20190227
Yandex 20190226
Zoner 20190227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) 2003-2009 Visan / RocketLife. All rights reserved.

Product RocketLife
Original name RocketEngine.dll
Internal name RocketEngine.dll
File version 1.0.0.2261
Description RocketLife
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 11:31:49
Entry Point 0x000033DF
Number of sections 6
PE sections
PE imports
GetDeviceCaps
CreateFontIndirectA
GetStockObject
GetObjectA
VirtualProtect
GetStartupInfoA
MulDiv
GetModuleHandleA
Ord(1775)
Ord(4129)
Ord(2782)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(354)
Ord(389)
Ord(1641)
Ord(3136)
Ord(665)
Ord(755)
Ord(6375)
Ord(3626)
Ord(6385)
Ord(3798)
Ord(3173)
Ord(2621)
Ord(3259)
Ord(3610)
Ord(5290)
Ord(2446)
Ord(1979)
Ord(3402)
Ord(6366)
Ord(5922)
Ord(2915)
Ord(815)
Ord(641)
Ord(2645)
Ord(939)
Ord(5277)
Ord(2514)
Ord(4425)
Ord(6467)
Ord(4353)
Ord(567)
Ord(6874)
Ord(941)
Ord(4465)
Ord(609)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(676)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5583)
Ord(5199)
Ord(5307)
Ord(801)
Ord(5442)
Ord(4441)
Ord(4401)
Ord(4424)
Ord(540)
Ord(3639)
Ord(1134)
Ord(4078)
Ord(2554)
Ord(4376)
Ord(6376)
Ord(6883)
Ord(1727)
Ord(3803)
Ord(823)
Ord(3178)
Ord(5186)
Ord(2379)
Ord(2725)
Ord(4998)
Ord(6779)
Ord(2764)
Ord(4219)
Ord(800)
Ord(656)
Ord(3749)
Ord(2512)
Ord(470)
Ord(541)
Ord(4274)
Ord(5261)
Ord(2413)
Ord(4079)
Ord(1146)
Ord(6663)
Ord(3147)
Ord(2124)
Ord(535)
Ord(2370)
Ord(1154)
Ord(1771)
Ord(3262)
Ord(1576)
Ord(692)
Ord(2575)
Ord(3215)
Ord(5065)
Ord(369)
Ord(4407)
Ord(5311)
Ord(2771)
Ord(3663)
Ord(3346)
Ord(858)
Ord(2396)
Ord(3831)
Ord(353)
Ord(6374)
Ord(5280)
Ord(6453)
Ord(3825)
Ord(2976)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(5608)
Ord(6052)
Ord(2818)
Ord(4160)
Ord(3574)
Ord(1776)
Ord(5572)
Ord(324)
Ord(5265)
Ord(3830)
Ord(2385)
Ord(4278)
Ord(3619)
Ord(3079)
Ord(4396)
Ord(6334)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(289)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(2452)
Ord(3015)
Ord(4622)
Ord(561)
Ord(2302)
Ord(1980)
Ord(2024)
Ord(4486)
Ord(5789)
Ord(4698)
Ord(613)
Ord(5163)
Ord(6055)
Ord(2581)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
Ord(3318)
_except_handler3
__p__fmode
__CxxFrameHandler
_acmdln
_exit
__p__commode
_mbscmp
__dllonexit
_setmbcp
_controlfp
strcpy
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
_onexit
_adjust_fdiv
__set_app_type
GetSystemMetrics
LoadIconA
EnableWindow
DrawIcon
EnumWindows
SendMessageA
GetClientRect
GetSystemMenu
IsIconic
AppendMenuA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
126976

ImageVersion
0.0

ProductName
RocketLife

FileVersionNumber
1.0.0.2261

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
RocketEngine.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.2261

TimeStamp
2016:12:06 03:31:49-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
RocketEngine.dll

ProductVersion
1.0.0.2261

FileDescription
RocketLife

OSVersion
4.0

FileOS
Win32

LegalCopyright
(c) 2003-2009 Visan / RocketLife. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
RocketLife

CodeSize
12288

FileSubtype
0

ProductVersionNumber
1.0.0.2261

EntryPoint
0x33df

ObjectFileType
Dynamic link library

File identification
MD5 aa77f93bae4bd714ce7b8a208ca7354a
SHA1 3d9022335b5bb2cbbed8fad1501f7ca0eabbd896
SHA256 c49dbbdfae96a0595c19e529a461cba1794a863d4c514b86e75cdd83e9e3648f
ssdeep
1536:XyY+nob3R8AvHb9kmPDMBD03YnrTkr9Km6SjU5pLPH7rc4w/9Y:CXUR8wHbHDMBD0InrTkr9KD5njwS

authentihash b3bf6bb92c166d5176a4580f7b7d130e6024bf25affac6bb04e9aac6215848ec
imphash 5c4d2eb03429e1a9a72c3f5de020fb14
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-27 11:54:16 UTC ( 2 months, 3 weeks ago )
Last submission 2019-02-27 11:54:16 UTC ( 2 months, 3 weeks ago )
File names RocketEngine.dll
jony.jpg
hiacbacu.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs