× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cfdd3a78a895b3f49a39402eb28b0d2134cc3086849a41a6fdfe7d829a0d4dcd
File name: ActiveX.exe
Detection ratio: 58 / 66
Analysis date: 2017-12-30 19:32:44 UTC ( 5 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.75 20171225
AegisLab Backdoor.W32.Rbot.hyj!c 20171230
AhnLab-V3 Trojan/Win32.Bifrose.R1707 20171230
ALYac Gen:Variant.Barys.75 20171230
Arcabit Trojan.Barys.75 20171230
Avast Win32:Rootkit-gen [Rtk] 20171230
AVG Win32:Rootkit-gen [Rtk] 20171230
Avira (no cloud) TR/Crypt.CFI.Gen 20171230
AVware Packed.Win32.Rebhip.a (v) 20171230
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9980 20171227
BitDefender Gen:Variant.Barys.75 20171230
Bkav W32.KazureAJ.Trojan 20171229
CAT-QuickHeal VirTool.DelfInject.AF 20171230
CMC Trojan-Dropper.Win32.Agent!O 20171229
Comodo Backdoor.Win32.Curioso.~dy02 20171230
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.1b8fb7 20171103
Cylance Unsafe 20171230
Cyren W32/Bredolab.O.gen!Eldorado 20171230
DrWeb Trojan.DownLoader.50961 20171230
Emsisoft Gen:Variant.Barys.75 (B) 20171230
Endgame malicious (high confidence) 20171130
ESET-NOD32 Win32/TrojanDropper.Delf.NJH 20171230
F-Prot W32/Bredolab.O.gen!Eldorado 20171230
F-Secure Trojan:W32/Agent.DQKQ 20171230
Fortinet W32/Refroso.BKBI!tr 20171230
GData Gen:Variant.Barys.75 20171230
Sophos ML heuristic 20170914
Jiangmin Backdoor/RBot.tkd 20171230
K7AntiVirus Trojan ( 001788e91 ) 20171230
K7GW Trojan ( 001788e91 ) 20171230
Kaspersky Backdoor.Win32.Rbot.aliu 20171230
Kingsoft Win32.Hack.Rbot.(kcloud) 20171230
Malwarebytes Trojan.MalPack.Generic 20171230
MAX malware (ai score=100) 20171230
McAfee RDN/BackDoor-CEP 20171230
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.gc 20171230
eScan Gen:Variant.Barys.75 20171230
NANO-Antivirus Trojan.Win32.Llac.dvxar 20171230
nProtect Backdoor/W32.RBot.418064 20171230
Palo Alto Networks (Known Signatures) generic.ml 20171230
Panda Generic Malware 20171230
Qihoo-360 Win32/Trojan.e6d 20171230
Rising Backdoor.Rbot!8.2D8 (TFE:5:qOgAOUmdRYQ) 20171230
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Mal/BigMole-B 20171230
Symantec Backdoor.Bifrose!gen 20171229
Tencent Suspicious.Heuristic.Gen.b.0 20171230
TheHacker Trojan/Dropper.Delf.njh 20171229
TrendMicro TROJ_BRDLAB.SMEP 20171230
TrendMicro-HouseCall TROJ_BRDLAB.SMEP 20171230
VBA32 Trojan.Llac 20171229
VIPRE Packed.Win32.Rebhip.a (v) 20171230
ViRobot Backdoor.Win32.A.Rbot.418064 20171230
Webroot W32.Malware.Gen 20171230
Yandex Worm.Rebhip.Gen.2 20171229
Zillya Backdoor.RBot.Win32.27870 20171229
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171230
Alibaba 20171229
Antiy-AVL 20171230
Avast-Mobile 20171229
ClamAV 20171230
eGambit 20171230
Microsoft 20171230
SUPERAntiSpyware 20171230
Symantec Mobile Insight 20171230
Trustlook 20171230
WhiteArmor 20171226
Zoner 20171230
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1, 0, 0, 1
Description Protected Application
Comments Is protected with Teggo MoleBox 4.2321
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00001004
Number of sections 4
PE sections
Overlays
MD5 b147a3cdcfdcc9499521aa2add0e5bb8
File type data
Offset 417792
Size 272
Entropy 6.68
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegSetValueA
RegDeleteValueA
RegCreateKeyA
RegEnumKeyA
RegEnumValueA
GetCurrentProcess
HeapFree
CreateFileA
GetModuleHandleA
HeapCreate
LCMapStringA
HeapDestroy
HeapAlloc
CloseHandle
VirtualProtect
ExitProcess
GetProcAddress
RtlUnwind
LoadLibraryA
wsprintfA
CreateWindowExA
SetWindowLongA
CloseWindow
CharLowerBuffA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
Struct(25) 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Is protected with Teggo MoleBox 4.2321

LinkerVersion
4.21

ImageVersion
0.0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x1004

MIMEType
application/octet-stream

FileVersion
1, 0, 0, 1

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 0, 0, 1

FileDescription
Protected Application

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
397312

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 185c8d11c0611cae7c81f4458bf1adea
SHA1 6128cc714ab2c12a3fe6e18991e1172a2bbdc1a1
SHA256 cfdd3a78a895b3f49a39402eb28b0d2134cc3086849a41a6fdfe7d829a0d4dcd
ssdeep
12288:x+uEVYYmBd2VgoWNKKliZ8qRP/FwKSJeku:xVEVYYU2AK8qRXFmJW

authentihash 7c3f55660b5f051ba6d114a5fda1f317d3fd13431d411e343980589e5f417471
imphash 39165092bc84217b39cecd014bee10b0
File size 408.3 KB ( 418064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2011-08-06 20:03:40 UTC ( 6 years, 10 months ago )
Last submission 2017-12-30 19:32:44 UTC ( 5 months, 2 weeks ago )
File names 9623050f-3203-4a96-b297-99a83c7c463d
ActiveX.exe
08.exe
ActiveX.exe
1042745
output.1671433.txt
file-4122874_exe
90e28dd5-b509-449b-9c55-c5a6aa1c4044
ActiveX.exe
ActiveX.exe
0e46d7be-81da-4526-aa08-fea7494d9f76
myfile
185c8d11c0611cae7c81f4458bf1adea.exe
1671433
ActiveX.ex_
185C8D11C0611CAE7C81F4458BF1ADEA
185c8d11c0611cae7c81f4458bf1adea
test.txt
cfdd3a78a895b3f49a39402eb28b0d2134cc3086849a41a6fdfe7d829a0d4dcd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!