× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c62495a039a7973429e0d9181ae45eb231832026cd6bde1251ace42f6764ec68
File name: DDF_outputCEAA78F[1].exe
Detection ratio: 18 / 68
Analysis date: 2017-11-17 06:26:16 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20171117
AVG Win32:Malware-gen 20171117
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20171117
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171117
Endgame malicious (high confidence) 20171024
ESET-NOD32 MSIL/NanoCore.E 20171117
Fortinet W32/GenKryptik.BEEC!tr 20171117
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 005162d71 ) 20171117
K7GW Trojan ( 005162d71 ) 20171117
Kaspersky UDS:DangerousObject.Multi.Generic 20171117
McAfee Artemis!D70FF9FC99F9 20171117
McAfee-GW-Edition Artemis 20171117
Palo Alto Networks (Known Signatures) generic.ml 20171117
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/FareitVB-M 20171117
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171117
Ad-Aware 20171117
AegisLab 20171117
AhnLab-V3 20171117
Alibaba 20170911
ALYac 20171117
Antiy-AVL 20171117
Arcabit 20171117
Avast-Mobile 20171116
Avira (no cloud) 20171117
AVware 20171117
BitDefender 20171117
Bkav 20171116
CAT-QuickHeal 20171117
ClamAV 20171117
CMC 20171117
Comodo 20171117
Cybereason 20171103
Cyren 20171117
DrWeb 20171117
eGambit 20171117
Emsisoft 20171117
F-Prot 20171117
F-Secure 20171117
GData 20171117
Ikarus 20171116
Jiangmin 20171117
Kingsoft 20171117
Malwarebytes 20171117
MAX 20171117
Microsoft 20171117
eScan 20171117
NANO-Antivirus 20171117
nProtect 20171117
Panda 20171116
Qihoo-360 20171117
Rising 20171117
SUPERAntiSpyware 20171117
Symantec 20171117
Symantec Mobile Insight 20171117
Tencent 20171117
TheHacker 20171112
TotalDefense 20171117
TrendMicro 20171117
TrendMicro-HouseCall 20171117
Trustlook 20171117
VBA32 20171116
VIPRE 20171117
ViRobot 20171117
Webroot 20171117
WhiteArmor 20171104
Yandex 20171116
Zillya 20171116
Zoner 20171117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
dbatter Copyright 2013 - 2017

Product dbatter Recovery Tool
Original name dbatter.exe
Internal name dbatter
File version 1.03.0005
Description dbatter
Comments dbatter
Signature verification The digital signature of the object did not verify.
Signing date 3:45 PM 9/22/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-16 13:56:19
Entry Point 0x00001248
Number of sections 3
PE sections
Overlays
MD5 88fa2f75310b90f7bdc8bd59e4dd127f
File type data
Offset 835584
Size 13512
Entropy 7.47
PE imports
EVENT_SINK_QueryInterface
Ord(523)
Ord(546)
Ord(687)
Ord(695)
Ord(713)
Ord(527)
Ord(685)
Ord(617)
Ord(574)
EVENT_SINK_AddRef
Ord(676)
Ord(693)
Ord(629)
Ord(714)
Ord(612)
Ord(666)
Ord(647)
Ord(673)
Ord(538)
Ord(632)
MethCallEngine
DllFunctionCall
Ord(618)
Ord(517)
Ord(608)
Ord(544)
Ord(100)
Ord(616)
Ord(519)
Ord(536)
Ord(694)
Ord(542)
Ord(581)
Ord(526)
Ord(696)
Ord(614)
Ord(606)
Ord(667)
Ord(575)
EVENT_SINK_Release
Ord(595)
Ord(651)
Ord(593)
Ord(628)
Ord(539)
Ord(582)
Ord(613)
Ord(672)
Ord(669)
Ord(631)
Ord(553)
Ord(619)
Ord(543)
Ord(698)
Ord(545)
__vbaExceptHandler
Number of PE resources by type
RT_ICON 23
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 24
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
663552

SubsystemVersion
4.0

Comments
dbatter

LinkerVersion
6.0

ImageVersion
1.3

FileSubtype
0

FileVersionNumber
1.3.0.5

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
dbatter

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
180224

EntryPoint
0x1248

OriginalFileName
dbatter.exe

MIMEType
application/octet-stream

LegalCopyright
dbatter Copyright 2013 - 2017

FileVersion
1.03.0005

TimeStamp
2017:11:16 14:56:19+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dbatter

ProductVersion
1.03.0005

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
dbatter

LegalTrademarks
dbatter Trademark

ProductName
dbatter Recovery Tool

ProductVersionNumber
1.3.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 d70ff9fc99f90d69a92adaa02fd58cd3
SHA1 666ac3ae2ae87f90d430330102afaec7a11808f1
SHA256 c62495a039a7973429e0d9181ae45eb231832026cd6bde1251ace42f6764ec68
ssdeep
6144:1G5hoyFCd/GXXmsio9tHhWI0KNr5L4XGcat+VM6mCSkppUVNG:6hFYdOmsiGbNlWGcatlZepF

authentihash 46b96341222a8f401c49fe985489079feb251c12ebabbc3c6d14c106850ade3e
imphash 862ce0115ed32230b61a5c09d0594fd7
File size 829.2 KB ( 849096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-11-17 06:26:16 UTC ( 1 year, 4 months ago )
Last submission 2018-05-15 00:07:07 UTC ( 10 months, 1 week ago )
File names VirusShare_d70ff9fc99f90d69a92adaa02fd58cd3
DDF_outputCEAA78F.exe
DDF_outputCEAA78F[1].exe
output.112463868.txt
VIRUSSHARE_D70FF9FC99F90D69A92ADAA02FD58CD3
dbatter.exe
dbatter
1024-666ac3ae2ae87f90d430330102afaec7a11808f1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications