× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cba41d3308a8af462e296c1b574b7a821e2bf6e99981b8b2c2986a036b2d289d
File name: order2.class
Detection ratio: 10 / 66
Analysis date: 2018-04-18 12:08:36 UTC ( 10 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.XPACK.Gen2 20180418
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9995 20180417
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Endgame malicious (high confidence) 20180403
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180418
Palo Alto Networks (Known Signatures) generic.ml 20180418
Symantec ML.Attribute.HighConfidence 20180418
Webroot W32.Trojan.Emotet 20180418
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180418
Ad-Aware 20180418
AegisLab 20180418
AhnLab-V3 20180418
Alibaba 20180418
ALYac 20180418
Antiy-AVL 20180418
Arcabit 20180418
Avast 20180418
Avast-Mobile 20180418
AVG 20180418
AVware 20180418
BitDefender 20180418
Bkav 20180410
CAT-QuickHeal 20180418
ClamAV 20180418
CMC 20180418
Comodo 20180418
Cybereason None
Cylance 20180418
Cyren 20180418
DrWeb 20180418
eGambit 20180418
Emsisoft 20180418
ESET-NOD32 20180418
F-Prot 20180418
F-Secure 20180418
Fortinet 20180418
GData 20180418
Ikarus 20180418
Jiangmin 20180418
K7AntiVirus 20180418
K7GW 20180418
Kingsoft 20180418
Malwarebytes 20180418
MAX 20180418
McAfee 20180418
McAfee-GW-Edition 20180417
Microsoft 20180418
eScan 20180418
NANO-Antivirus 20180418
nProtect 20180418
Panda 20180417
Qihoo-360 20180418
Rising 20180418
SentinelOne (Static ML) 20180225
Sophos AV 20180418
SUPERAntiSpyware 20180418
Symantec Mobile Insight 20180412
Tencent 20180418
TheHacker 20180415
TrendMicro 20180418
TrendMicro-HouseCall 20180418
Trustlook 20180418
VBA32 20180418
VIPRE 20180418
ViRobot 20180418
WhiteArmor 20180408
Yandex 20180417
Zillya 20180418
Zoner 20180418
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Air Add
Original name Air Add.exe
Description Air Add
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-17 19:07:23
Entry Point 0x0008294F
Number of sections 5
PE sections
PE imports
SystemFunction036
SetPixel
OffsetViewportOrgEx
ScaleViewportExtEx
SelectObject
SetWindowExtEx
PatBlt
GetTextExtentPoint32W
StretchBlt
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetStdHandle
RtlUnwind
FindFirstChangeNotificationW
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
InitializeSListHead
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
TlsFree
ReadFile
SetEndOfFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
FindNextFileW
GetOEMCP
TerminateProcess
GetModuleHandleExW
IsValidCodePage
CreateFileW
FindClose
TlsGetValue
Sleep
SetLastError
ReadConsoleW
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcAddress
WriteConsoleW
LeaveCriticalSection
MapWindowPoints
ValidateRect
GetSystemMetrics
LoadImageW
GetClassNameW
InsertMenuItemW
BeginPaint
SetDlgItemInt
IsWindowEnabled
CheckMenuRadioItem
PostMessageW
InvalidateRect
GetDlgItemInt
DispatchMessageW
OpenClipboard
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
OleSetContainedObject
CoSuspendClassObjects
StgCreateDocfile
OleCreate
Number of PE resources by type
RT_ICON 7
RT_RCDATA 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 13
PE resources
Debug information
ExifTool file metadata
LegalTrademarks
Air Add

SubsystemVersion
6.0

LinkerVersion
14.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
15.3.4735.7730

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Air Add

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
671232

EntryPoint
0x8294f

OriginalFileName
Air Add.exe

MIMEType
application/octet-stream

TimeStamp
2017:04:17 20:07:23+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
15, 3, 4735, 7730

UninitializedDataSize
0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
you

CodeSize
595456

ProductName
Air Add

ProductVersionNumber
15.3.4735.7730

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1cddd038c41188aebb015c94df7e56d1
SHA1 d392888e8b56afca736a0c2ed775c413055c9ce1
SHA256 cba41d3308a8af462e296c1b574b7a821e2bf6e99981b8b2c2986a036b2d289d
ssdeep
12288:HJOfjZqCqlmQ13CPw3BD2swdOezSaX/KKDyF28wJFVqPR6NGuhXIts4IX/Y5DB7O:pe16CY3IFKa/qPQsuRws4Iuv0P

authentihash 1758f8c3180d0111c062bfd147d8de7780192bde55a956512d13ecd484b924c0
imphash d603f1002438171b3eb4cbd873cb767c
File size 1.1 MB ( 1192960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-18 12:08:36 UTC ( 10 months ago )
Last submission 2018-05-27 17:10:59 UTC ( 8 months, 3 weeks ago )
File names test.exe
order4.class
Air Add.exe
crypt_0001_1042a.exe
order3.class
order5.class
4bed3a3a368917cdb3dddff87ab53a100f18f202
order1.class
order2.class
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!