× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d30c2d77df65b72f1f84448d9403910daca9d205d9f9d885f0144acfb00d7c43
File name: ZZ.exe
Detection ratio: 15 / 65
Analysis date: 2019-02-27 17:35:57 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) win/malicious_confidence_80% (D) 20190212
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Injector.EDXO 20190227
Ikarus Trojan.Crypt.Malcert 20190227
Sophos ML heuristic 20181128
McAfee Fareit-FNG!ABE49C1752E6 20190227
McAfee-GW-Edition Fareit-FNG!ABE49C1752E6 20190227
Microsoft Trojan:Win32/Fuerboos.E!cl 20190227
Palo Alto Networks (Known Signatures) generic.ml 20190227
Qihoo-360 HEUR/QVM03.0.8335.Malware.Gen 20190227
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190227
Tencent Win32.Trojan.Inject.Auto 20190227
Trapmine malicious.high.ml.score 20190123
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190227
Acronis 20190222
Ad-Aware 20190227
AegisLab 20190227
AhnLab-V3 20190227
Alibaba 20180921
ALYac 20190227
Antiy-AVL 20190227
Arcabit 20190227
Avast 20190227
Avast-Mobile 20190227
AVG 20190227
Avira (no cloud) 20190227
Babable 20180918
Baidu 20190215
BitDefender 20190227
Bkav 20190227
CAT-QuickHeal 20190225
ClamAV 20190227
CMC 20190227
Comodo 20190227
Cybereason 20190109
Cyren 20190227
DrWeb 20190227
eGambit 20190227
Emsisoft 20190227
F-Prot 20190227
F-Secure 20190227
Fortinet 20190227
GData 20190227
Jiangmin 20190227
K7AntiVirus 20190227
K7GW 20190227
Kaspersky 20190227
Kingsoft 20190227
Malwarebytes 20190227
MAX 20190227
eScan 20190227
NANO-Antivirus 20190227
Panda 20190227
Sophos AV 20190227
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
TACHYON 20190227
TheHacker 20190225
TotalDefense 20190227
Trustlook 20190227
VBA32 20190227
ViRobot 20190227
Webroot 20190227
Yandex 20190226
Zoner 20190227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product SUASIVE
Original name unarched.exe
Internal name unarched
File version 1.01.0008
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 12:00 PM 3/8/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-18 03:58:53
Entry Point 0x0000106C
Number of sections 3
PE sections
Overlays
MD5 f328e234c3cc4d8424a59518d3c775f0
File type data
Offset 503808
Size 2304
Entropy 7.64
PE imports
EVENT_SINK_QueryInterface
Ord(583)
__vbaExceptHandler
Ord(100)
MethCallEngine
Ord(526)
EVENT_SINK_Release
Ord(595)
EVENT_SINK_AddRef
Ord(629)
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.1

FileSubtype
0

FileVersionNumber
1.1.0.8

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x106c

OriginalFileName
unarched.exe

MIMEType
application/octet-stream

FileVersion
1.01.0008

TimeStamp
2013:07:18 05:58:53+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
unarched

ProductVersion
1.01.0008

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CONSECRATES

CodeSize
487424

ProductName
SUASIVE

ProductVersionNumber
1.1.0.8

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 abe49c1752e601f5ea56984b121ca762
SHA1 275246cbcc0b88b12a3ba9d12b8a439d425b4d1d
SHA256 d30c2d77df65b72f1f84448d9403910daca9d205d9f9d885f0144acfb00d7c43
ssdeep
12288:DZ0XFJfDwDxtyWsNNzfK6liLCziqEFMxytmvsedWPKeVgJ43Xuh2KLDIzvOWwwzo:CV1DwDkzzfK6YLpqEFMxytmvseQKeVg1

authentihash 99ca8d619d94f22a5d2b0a35a6cb87c5b290d2213204fbca132d0f9bea46d727
imphash 69d66f22779e18d63ce32dd3e92fe1df
File size 494.3 KB ( 506112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-02-27 17:35:57 UTC ( 2 months, 3 weeks ago )
Last submission 2019-02-27 17:35:57 UTC ( 2 months, 3 weeks ago )
File names ZZ.exe
unarched
ZZ.exe
unarched.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.