× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c52cae1f12eb2db2cff91453b0d44d20802c36e2150417b17a8dc4ba7855356a
File name: picolay-9458.exe
Detection ratio: 1 / 63
Analysis date: 2019-03-04 14:41:38 UTC ( 3 weeks ago ) View latest
Antivirus Result Update
Trapmine malicious.moderate.ml.score 20190301
Acronis 20190222
Ad-Aware 20190304
AegisLab 20190304
AhnLab-V3 20190304
Alibaba 20180921
ALYac 20190304
Antiy-AVL 20190304
Arcabit 20190304
Avast 20190304
Avast-Mobile 20190304
AVG 20190304
Avira (no cloud) 20190304
Babable 20180918
Baidu 20190215
BitDefender 20190304
CAT-QuickHeal 20190304
ClamAV 20190304
CMC 20190304
Comodo 20190304
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cyren 20190304
DrWeb 20190304
eGambit 20190304
Emsisoft 20190304
Endgame 20190215
ESET-NOD32 20190304
F-Secure 20190304
Fortinet 20190304
GData 20190304
Ikarus 20190304
Sophos ML 20181128
Jiangmin 20190304
K7AntiVirus 20190304
K7GW 20190304
Kaspersky 20190304
Kingsoft 20190304
Malwarebytes 20190304
MAX 20190304
McAfee 20190304
McAfee-GW-Edition 20190304
Microsoft 20190304
eScan 20190304
NANO-Antivirus 20190304
Palo Alto Networks (Known Signatures) 20190304
Panda 20190303
Qihoo-360 20190304
SentinelOne (Static ML) 20190203
Sophos AV 20190304
SUPERAntiSpyware 20190227
Symantec 20190304
Symantec Mobile Insight 20190220
TACHYON 20190304
Tencent 20190304
TheHacker 20190225
TotalDefense 20190304
Trustlook 20190304
VBA32 20190304
VIPRE 20190301
ViRobot 20190304
Webroot 20190304
Yandex 20190301
ZoneAlarm by Check Point 20190304
Zoner 20190304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT appended, UPX_LZMA, ZIP
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-06 17:26:44
Entry Point 0x0003DB90
Number of sections 3
PE sections
Overlays
MD5 6fd2c6a379c22c0ee428f5f27faf7d43
File type application/zip
Offset 102912
Size 7241561
Entropy 8.00
PE imports
LogonUserA
ImageList_Add
LineTo
MakeSureDirectoryPathExists
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
CoCreateGuid
SysAllocString
SetupPromptReboot
SHChangeNotify
IsChild
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:02:06 18:26:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
86016

LinkerVersion
2.5

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x3db90

InitializedDataSize
20480

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
167936

File identification
MD5 c18d141cf48fae160aaf1191a48962be
SHA1 832f42e9231534e8b5f6961bf0aacd02842e9909
SHA256 c52cae1f12eb2db2cff91453b0d44d20802c36e2150417b17a8dc4ba7855356a
ssdeep
196608:2FHMIRsbn80Li7f7n5SFHMIRsbn80Li7f7n5hV:2FsuHMiv5SFsuHMiv5n

authentihash e7c6d73338b3d7e164af3a4492a0f72e50141d3e152ccd6b74e10e394815a4c1
imphash fd3e4b2a82e52fc1cef5c8b5bb119fb2
File size 7.0 MB ( 7344473 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (30.9%)
Win32 EXE Yoda's Crypter (30.4%)
Microsoft Visual C++ compiled executable (generic) (18.9%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2019-02-23 18:14:34 UTC ( 1 month ago )
Last submission 2019-03-08 19:32:23 UTC ( 2 weeks, 3 days ago )
File names install_PICOLAY_190219.exe
picolay-9458.exe
.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Runtime DLLs