× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ce327c1a690c180388ac00ca40451118caddab3b1d5432d8ebf766174e923d3b
File name: fogliodati(2)
Detection ratio: 3 / 67
Analysis date: 2018-06-27 08:32:51 UTC ( 11 months ago ) View latest
Antivirus Result Update
Bkav W32.eHeur.Malware14 20180626
Cylance Unsafe 20180627
VBA32 Malware-Cryptor.Limpopo 20180626
Ad-Aware 20180627
AegisLab 20180627
AhnLab-V3 20180627
Alibaba 20180627
ALYac 20180627
Antiy-AVL 20180627
Arcabit 20180627
Avast 20180627
Avast-Mobile 20180627
AVG 20180627
Avira (no cloud) 20180627
AVware 20180627
Babable 20180406
Baidu 20180627
BitDefender 20180627
CAT-QuickHeal 20180627
ClamAV 20180627
CMC 20180627
Comodo 20180627
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cyren 20180627
DrWeb 20180627
eGambit 20180627
Emsisoft 20180627
Endgame 20180612
ESET-NOD32 20180627
F-Prot 20180627
F-Secure 20180627
Fortinet 20180627
GData 20180627
Ikarus 20180626
Sophos ML 20180601
Jiangmin 20180627
K7AntiVirus 20180627
K7GW 20180627
Kaspersky 20180627
Kingsoft 20180627
Malwarebytes 20180627
MAX 20180627
McAfee 20180627
McAfee-GW-Edition 20180627
Microsoft 20180627
eScan 20180627
NANO-Antivirus 20180627
Palo Alto Networks (Known Signatures) 20180627
Panda 20180626
Qihoo-360 20180627
Rising 20180627
SentinelOne (Static ML) 20180618
Sophos AV 20180627
SUPERAntiSpyware 20180627
Symantec 20180627
Symantec Mobile Insight 20180626
TACHYON 20180627
Tencent 20180627
TheHacker 20180624
TrendMicro 20180627
TrendMicro-HouseCall 20180627
Trustlook 20180627
VIPRE 20180627
ViRobot 20180627
Webroot 20180627
Yandex 20180626
Zillya 20180626
ZoneAlarm by Check Point 20180627
Zoner 20180627
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C)Bdrive Inc 2007-2015

Product Halleys
File version 2.8.4.9
Description Associate Garbage Kvm
Comments Associate Garbage Kvm
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-26 19:03:23
Entry Point 0x000537B0
Number of sections 3
PE sections
PE imports
RegCloseKey
InitCommonControlsEx
DeleteDC
ImmGetDefaultIMEWnd
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
NetShareGetInfo
VarUI4FromStr
wglMakeCurrent
SetupDiGetClassDevsA
ExtractIconExA
SHCreateShellPalette
PlaySoundW
GdiplusStartup
CoInitialize
Number of PE resources by type
RT_ACCELERATOR 10
RT_ICON 7
Struct(998) 3
TYPELIB 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 25
PE resources
ExifTool file metadata
CodeSize
90112

SubsystemVersion
5.0

Comments
Associate Garbage Kvm

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.8.4.9

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Associate Garbage Kvm

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
102400

PrivateBuild
2.8.4.9

EntryPoint
0x537b0

MIMEType
application/octet-stream

LegalCopyright
(C)Bdrive Inc 2007-2015

FileVersion
2.8.4.9

TimeStamp
2018:06:26 20:03:23+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.8.4.9

UninitializedDataSize
249856

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bdrive Inc

LegalTrademarks
(C)Bdrive Inc 2007-2015

ProductName
Halleys

ProductVersionNumber
2.8.4.9

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 856a792e418146bbf302a5ac9ab69fb7
SHA1 1885d123ee6de5a04eba19b28175cc36d2510ae2
SHA256 ce327c1a690c180388ac00ca40451118caddab3b1d5432d8ebf766174e923d3b
ssdeep
3072:/HSZ29ycS+b/cVJvvFSXbRPKGamOBJWDHZws9BLJTVJkiVPFfBJRGl6ST4E:fSUJTcnvvsRPKGamOBALCnl6G4E

authentihash 08c56171fbfd03d2af3e61730adc059d79ecbd07059e7b574f8a4bd3f5daef46
imphash ad5fbc5a28f12aeb95f9abc69c34e48c
File size 187.5 KB ( 192000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-06-27 08:12:08 UTC ( 11 months ago )
Last submission 2018-09-10 06:59:03 UTC ( 8 months, 2 weeks ago )
File names fogliodati
hgjvwefs.exe
fogliodati(2)
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Searched windows
Runtime DLLs