× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ca9df1b8b996a8ad8953a2fe3ef367a33ee72c095aefafcb360c8e6b81ac0fe5
File name: ca9df1b8b996a8ad8953a2fe3ef367a33ee72c095aefafcb360c8e6b81ac0fe5
Detection ratio: 11 / 68
Analysis date: 2018-08-29 00:16:17 UTC ( 8 months, 4 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9919 20180828
CMC Trojan-Spy.Win32.Zbot!O 20180828
Comodo TrojWare.Win32.Injector.ADML 20180828
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20180723
Cylance Unsafe 20180829
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.DZXD 20180828
Sophos ML heuristic 20180717
McAfee Packed-FLC!3353AA0F74A0 20180828
McAfee-GW-Edition Packed-FLC!3353AA0F74A0 20180828
Rising Malware.Heuristic!ET#94% (RDM+:cmRtazo6f2f7YmAhzT2y8oPM5BzG) 20180828
Ad-Aware 20180829
AegisLab 20180828
AhnLab-V3 20180828
Alibaba 20180713
ALYac 20180828
Antiy-AVL 20180829
Arcabit 20180828
Avast 20180828
Avast-Mobile 20180828
AVG 20180828
Avira (no cloud) 20180829
AVware 20180823
Babable 20180822
BitDefender 20180828
Bkav 20180828
CAT-QuickHeal 20180828
ClamAV 20180828
Cybereason 20180225
Cyren 20180828
DrWeb 20180828
eGambit 20180829
Emsisoft 20180828
F-Prot 20180828
F-Secure 20180829
Fortinet 20180828
GData 20180828
Ikarus 20180828
Jiangmin 20180829
K7AntiVirus 20180828
K7GW 20180828
Kaspersky 20180829
Kingsoft 20180829
Malwarebytes 20180828
MAX 20180829
Microsoft 20180828
eScan 20180828
NANO-Antivirus 20180828
Palo Alto Networks (Known Signatures) 20180829
Panda 20180828
Qihoo-360 20180829
SentinelOne (Static ML) 20180701
Sophos AV 20180828
SUPERAntiSpyware 20180828
Symantec 20180829
Symantec Mobile Insight 20180822
TACHYON 20180828
Tencent 20180829
TheHacker 20180824
TotalDefense 20180828
TrendMicro 20180828
TrendMicro-HouseCall 20180828
Trustlook 20180829
VBA32 20180828
VIPRE 20180828
ViRobot 20180828
Webroot 20180829
Yandex 20180827
Zillya 20180828
ZoneAlarm by Check Point 20180828
Zoner 20180828
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.1.1.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000196F4
Number of sections 8
PE sections
PE imports
RegFlushKey
RegCloseKey
OpenProcessToken
RegQueryValueExA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
GetDeviceCaps
SetROP2
DeleteDC
GetSystemPaletteEntries
SetBkMode
MoveToEx
CreatePalette
GetStockObject
GetCurrentPositionEx
SelectPalette
CreateFontIndirectA
GetTextMetricsA
UnrealizeObject
CreatePenIndirect
CreateBrushIndirect
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
FileTimeToDosDateTime
lstrlenA
GetModuleFileNameW
GetStringTypeExA
WaitForSingleObject
FreeLibrary
MulDiv
IsDebuggerPresent
ExitProcess
GetThreadLocale
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
CopyFileW
DeleteCriticalSection
GetStartupInfoA
GetDateFormatA
LoadLibraryExA
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
CreateDirectoryA
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
GetFullPathNameA
SetFilePointer
GetTempPathA
RaiseException
CompareStringA
CloseHandle
WideCharToMultiByte
GetModuleHandleA
FindFirstFileA
GetCurrentProcessId
WriteFile
GetCurrentProcess
ReadFile
ResetEvent
lstrcpynA
GetACP
GetDiskFreeSpaceA
CreateThread
GetCurrentThreadId
FreeResource
FileTimeToLocalFileTime
SetFileAttributesA
SetEvent
LocalFree
FindResourceA
CreateProcessA
EnumCalendarInfoA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
CreateEventA
FindClose
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetTickCount
GetVersion
LeaveCriticalSection
VirtualAlloc
GetFileSize
InterlockedIncrement
RtlSetProcessIsCritical
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetCursorPos
MessageBoxExA
GetWindowTextLengthA
GetSysColor
LoadIconA
ReleaseDC
LoadStringA
CharNextA
EnumWindows
MessageBoxA
GetWindowTextA
GetSystemMetrics
GetKeyboardType
GetDC
CharToOemA
Number of PE resources by type
RT_ICON 14
RT_STRING 7
RT_RCDATA 4
RT_VERSION 2
RT_GROUP_ICON 2
Number of PE resources by language
POLISH DEFAULT 18
ENGLISH US 10
ENGLISH PHILIPPINES 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
1.1.1.0

LanguageCode
Unknown (400A)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
295424

EntryPoint
0x196f4

MIMEType
application/octet-stream

FileVersion
1.1.1.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
109568

FileSubtype
0

ProductVersionNumber
1.1.1.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 3353aa0f74a014e8dc2a156dea615403
SHA1 b994da93627836071f725aab916aac3627b9ed48
SHA256 ca9df1b8b996a8ad8953a2fe3ef367a33ee72c095aefafcb360c8e6b81ac0fe5
ssdeep
6144:4HOYuPU17TLgNuMxt70CAkh28NNNNNNNNNNc:4VuPU1zO702hu

authentihash 5e4910d9f95af17a5ad0390248e3d2c5d1e3c3d0e746d479de22cb26afc922c9
imphash ede4ba6204d0154a9bcd87db7d18160c
File size 396.5 KB ( 406016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 7 (96.1%)
Win32 Executable Delphi generic (2.0%)
Win32 Executable (generic) (0.6%)
Win16/32 Executable Delphi generic (0.2%)
OS/2 Executable (generic) (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-29 00:16:17 UTC ( 8 months, 4 weeks ago )
Last submission 2018-08-29 00:16:17 UTC ( 8 months, 4 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.