× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c5387a1d1bd70dc8d2d7cbf0d35dcf65cad42928f39799b676c9526f7c9693cb
File name: estrel
Detection ratio: 12 / 68
Analysis date: 2018-07-03 10:27:12 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.PM.2 20180703
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9955 20180703
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.dd13b3 20180225
Cylance Unsafe 20180703
Cyren W32/Internet-Trojan-patched-bas 20180703
Endgame malicious (high confidence) 20180612
F-Prot W32/Internet-Trojan-patched-bas 20180703
Ikarus Trojan.Win32.Kovter 20180703
Sophos ML heuristic 20180601
McAfee-GW-Edition BehavesLike.Win32.Generic.dh 20180703
SentinelOne (Static ML) static engine - malicious 20180701
AegisLab 20180703
AhnLab-V3 20180703
Alibaba 20180703
ALYac 20180703
Antiy-AVL 20180703
Arcabit 20180703
Avast 20180703
Avast-Mobile 20180703
AVG 20180703
Avira (no cloud) 20180703
AVware 20180703
Babable 20180406
BitDefender 20180703
Bkav 20180702
CAT-QuickHeal 20180702
ClamAV 20180703
CMC 20180702
Comodo 20180703
DrWeb 20180703
eGambit 20180703
Emsisoft 20180703
ESET-NOD32 20180703
F-Secure 20180703
Fortinet 20180703
GData 20180703
Jiangmin 20180703
K7AntiVirus 20180703
K7GW 20180703
Kaspersky 20180703
Kingsoft 20180703
Malwarebytes 20180703
MAX 20180703
McAfee 20180703
Microsoft 20180703
eScan 20180703
NANO-Antivirus 20180703
Palo Alto Networks (Known Signatures) 20180703
Panda 20180702
Qihoo-360 20180703
Rising 20180703
Sophos AV 20180703
SUPERAntiSpyware 20180703
Symantec 20180703
TACHYON 20180703
Tencent 20180703
TheHacker 20180628
TrendMicro 20180703
TrendMicro-HouseCall 20180703
Trustlook 20180703
VBA32 20180629
VIPRE 20180703
ViRobot 20180703
Webroot 20180703
Yandex 20180702
Zillya 20180702
ZoneAlarm by Check Point 20180703
Zoner 20180702
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©. All rights reserved.

Product Eraser
Description A38 140
Comments A38 140
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-03 01:23:23
Entry Point 0x0001541F
Number of sections 6
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
CreateWellKnownSid
RegQueryInfoKeyW
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
ConvertSidToStringSidA
AuthzInitializeContextFromSid
AuthzFreeResourceManager
AuthzInitializeResourceManager
AuthzFreeContext
InitCommonControlsEx
GetOpenFileNameA
DCICreatePrimary
DCIDraw
GetObjectA
CreateDCA
GetCurrentObject
GetTextCharsetInfo
DeleteDC
ExcludeClipRect
CreateFontIndirectA
SelectObject
GetTextExtentPoint32A
GetStockObject
GetDeviceCaps
SetPixel
SetTextJustification
SetTextColor
SetBkMode
SetWindowExtEx
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
Rectangle
GetStdHandle
InterlockedPopEntrySList
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
lstrcmpiA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InterlockedPushEntrySList
LoadResource
InterlockedDecrement
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
HeapSetInformation
GetPriorityClass
LoadLibraryExA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FlushInstructionCache
SetFilePointer
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoW
GetProcAddress
GetProcessHeap
CreateFileW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
IsDBCSLeadByte
lstrlenW
SizeofResource
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
NetWkstaGetInfo
NetApiBufferFree
VarUI4FromStr
SafeArrayAccessData
SafeArrayUnaccessData
OleTranslateColor
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
RasGetConnectionStatistics
Shell_NotifyIconA
DragQueryFileA
MapWindowPoints
GetMessageA
SetPropA
MonitorFromPoint
LoadMenuA
EnumWindows
SetFocus
CheckRadioButton
KillTimer
GetClassInfoExA
DestroyMenu
PostQuitMessage
DefWindowProcA
FindWindowA
SetClassLongA
DrawFocusRect
MessageBeep
SetWindowPos
RemoveMenu
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EndPaint
UnregisterClassA
PostMessageA
CallWindowProcA
PeekMessageA
GetWindowDC
SetWindowLongA
TranslateMessage
IsWindowEnabled
TrackPopupMenuEx
RegisterClassExA
GetCursorPos
BeginPaint
CreatePopupMenu
CheckMenuItem
GetMenu
LoadStringA
EnumDisplayDevicesA
PtInRect
SendMessageA
LoadStringW
GetClientRect
SetTimer
GetDlgItem
EnableMenuItem
InvalidateRect
LoadAcceleratorsA
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
SetWindowTextA
TranslateAcceleratorA
IsDlgButtonChecked
CharNextA
LoadImageA
GetMenuItemInfoA
GetMenuItemCount
GetMonitorInfoA
GetKeyState
DestroyWindow
HttpSendRequestA
InternetOpenUrlA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetCrackUrlA
CredUICmdLinePromptForCredentialsA
CredUIConfirmCredentialsA
SymGetModuleInfo
SymGetModuleBase
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
PdhGetFormattedCounterValue
PdhOpenQueryA
Number of PE resources by type
RT_GROUP_CURSOR 10
Struct(262) 9
RT_CURSOR 9
RT_ICON 5
Struct(221) 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 39
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Copyright . All rights reserved.

SubsystemVersion
5.1

Comments
A38 140

InitializedDataSize
152064

ImageVersion
0.0

ProductName
Eraser

FileVersionNumber
8.4.2.6

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2018:07:03 02:23:23+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
8.4.2.6

FileDescription
A38 140

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright . All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Cloudera

CodeSize
144896

FileSubtype
0

ProductVersionNumber
8.4.2.6

EntryPoint
0x1541f

ObjectFileType
Executable application

File identification
MD5 2ede4e15f4c1610ecf18fb608926c334
SHA1 26bbf43dd13b3acbfcb3c6b6174f32b9c7f70b93
SHA256 c5387a1d1bd70dc8d2d7cbf0d35dcf65cad42928f39799b676c9526f7c9693cb
ssdeep
6144:c0xsY0u9WkmFJQYE+bcD+VEufpziEOSOM:3sC9uRvb0+G+zZOS

authentihash f14d02b282f6cf67b87d888064c83b587a8c1db7e56ed2892ea3aba3cd12c60e
imphash b0d7ea83907afb8dac25b7e0a87995a4
File size 291.0 KB ( 297984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-03 10:27:12 UTC ( 10 months, 3 weeks ago )
Last submission 2018-09-10 06:27:44 UTC ( 8 months, 2 weeks ago )
File names 0f2dcf8986f95f46a052aa1a33357236de1800f6
estrel
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Runtime DLLs