× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d3e2200d344446cb8da94e345fe1c33120b8f02065998abfd0892655870263d4
File name: tolu17.jpg
Detection ratio: 31 / 67
Analysis date: 2019-03-19 10:24:57 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.41124250 20190319
AhnLab-V3 Trojan/Win32.Agent.C3105000 20190319
ALYac Trojan.GenericKD.41124250 20190319
Arcabit Trojan.Generic.D273819A 20190319
Avast Win32:Trojan-gen 20190319
AVG Win32:Trojan-gen 20190319
BitDefender Trojan.GenericKD.41124250 20190319
CrowdStrike Falcon (ML) win/malicious_confidence_80% (W) 20190212
Emsisoft Trojan.GenericKD.41124250 (B) 20190319
ESET-NOD32 a variant of Win32/Injector.EEHT 20190319
Fortinet W32/Injector.EEHT!tr 20190319
GData Win32.Trojan-Stealer.FormBook.5ZG11Y 20190319
Ikarus Trojan.Crypt 20190319
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 0054a15d1 ) 20190319
K7GW Trojan ( 0054a15d1 ) 20190319
Kaspersky Trojan-Spy.Win32.Noon.abyh 20190319
MAX malware (ai score=82) 20190319
McAfee RDN/Generic.dx 20190319
McAfee-GW-Edition Artemis!Trojan 20190319
Microsoft Trojan:Win32/Zpevdo.B 20190319
eScan Trojan.GenericKD.41124250 20190319
Palo Alto Networks (Known Signatures) generic.ml 20190319
Qihoo-360 Win32/Trojan.Spy.833 20190319
Rising Trojan.Injector!8.C4 (CLOUD) 20190319
Sophos AV Troj/Formboo-IZ 20190319
Tencent Win32.Trojan-spy.Noon.Llrj 20190319
Trapmine malicious.moderate.ml.score 20190301
TrendMicro-HouseCall TROJ_FRS.0NZ900CI19 20190319
VBA32 BScope.Trojan.Encoder 20190319
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.abyh 20190319
Acronis 20190318
AegisLab 20190319
Alibaba 20190306
Antiy-AVL 20190319
Avast-Mobile 20190319
Avira (no cloud) 20190319
Babable 20180918
Baidu 20190318
Bkav 20190318
CAT-QuickHeal 20190318
ClamAV 20190319
CMC 20190319
Comodo 20190319
Cybereason 20190109
Cyren 20190319
DrWeb 20190319
eGambit 20190319
Endgame 20190215
F-Prot 20190319
F-Secure 20190319
Jiangmin 20190319
Kingsoft 20190319
Malwarebytes 20190319
NANO-Antivirus 20190319
Panda 20190319
SentinelOne (Static ML) 20190317
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TACHYON 20190319
TheHacker 20190315
TotalDefense 20190318
Trustlook 20190319
VIPRE 20190316
ViRobot 20190319
Yandex 20190318
Zillya 20190318
Zoner 20190318
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©General Catalyst Partners 2000 - 2014 KG and its Licensors

Product Zam Innerve
Original name Zam Innerve
Internal name Zam Innerve
File version 9.5.71.105
Description Tuplets Bold
Comments Tuplets Bold
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-17 19:48:40
Entry Point 0x0001565C
Number of sections 4
PE sections
PE imports
GetTokenInformation
RegDeleteKeyA
RegEnumKeyExA
RegCloseKey
OpenProcessToken
ObjectDeleteAuditAlarmA
DeregisterEventSource
RegQueryValueExA
RegSetValueExA
RegisterEventSourceA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
ObjectCloseAuditAlarmA
ReportEventA
RegQueryInfoKeyA
InitCommonControlsEx
Ord(328)
_TrackMouseEvent
GetObjectA
CreateCompatibleDC
DeleteDC
SetBkMode
CreatePen
GetStockObject
TextOutA
CreateFontIndirectA
Rectangle
SelectObject
DPtoLP
SetTextColor
RoundRect
DeleteObject
CreateHatchBrush
ImmGetDefaultIMEWnd
GetStdHandle
GetConsoleOutputCP
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
FindResourceExA
SetStdHandle
GetTempPathA
GetCPInfo
lstrcmpiA
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
InitializeCriticalSection
LoadResource
TlsGetValue
OutputDebugStringA
SetLastError
GetEnvironmentVariableA
GetModuleFileNameW
CopyFileA
HeapAlloc
GetVersionExA
GetModuleFileNameA
GetPriorityClass
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
TerminateProcess
WriteConsoleA
GlobalAlloc
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
DeleteFileA
GetWindowsDirectoryA
GlobalLock
GetProcessHeap
GetCurrentThreadId
lstrcpyA
CompareStringA
GetProcAddress
SetCommState
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
lstrlenA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
GetCommState
lstrlenW
GetEnvironmentStrings
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SizeofResource
CreateProcessA
IsValidCodePage
HeapCreate
VirtualQuery
VirtualFree
Sleep
FindResourceA
VirtualAlloc
TransparentBlt
VarUI4FromStr
DragFinish
ExtractIconExA
DragAcceptFiles
SHBrowseForFolderA
SHQueryRecycleBinA
SHEmptyRecycleBinA
DragQueryFileA
ShellExecuteA
PathUnquoteSpacesA
PathMatchSpecA
PathAppendA
MapWindowPoints
DestroyMenu
PostQuitMessage
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GetWindowLongA
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
UnregisterClassA
SendMessageA
GetClientRect
LoadAcceleratorsA
GetWindowTextLengthA
GetActiveWindow
LoadImageA
GetWindowTextA
PtInRect
GetMessageA
GetUserObjectInformationW
GetParent
UpdateWindow
SetPropA
ShowWindow
GetPropA
LockWindowUpdate
GetDlgItemTextA
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
InsertMenuItemA
GetIconInfo
LoadStringA
SetClipboardData
RegisterClassA
DrawFocusRect
CreateWindowExA
FillRect
CharNextA
DeferWindowPos
DestroyWindow
IsDialogMessageA
SetFocus
PostMessageA
BeginPaint
OffsetRect
GetMonitorInfoA
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
GetWindowRect
SetCapture
ReleaseCapture
SetWindowLongA
GetProcessWindowStation
SetWindowTextA
CheckMenuItem
GetSubMenu
CreateMenu
GetDlgItem
CreateDialogParamA
ScreenToClient
LoadCursorA
TrackPopupMenu
AttachThreadInput
GetSystemMenu
OpenClipboard
EmptyClipboard
DrawTextA
GetScrollRange
EndDialog
LoadMenuA
GetCapture
BeginDeferWindowPos
AppendMenuA
DrawFrameControl
SetDlgItemTextA
SetRectEmpty
MessageBoxA
IsMenu
DialogBoxParamA
GetSysColor
CopyImage
EndDeferWindowPos
SystemParametersInfoA
GetDCEx
MonitorFromWindow
InvalidateRect
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
SetCursor
GetPrinterDriverDirectoryA
ImageRvaToVa
UnDecorateSymbolName
ImagehlpApiVersion
ImageRvaToSection
GdipCloneImage
GdipFree
GdipSaveImageToFile
GdipAlloc
GdipDisposeImage
GdipLoadImageFromFile
GdiplusStartup
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
Number of PE resources by type
BINDATA 11
TYPELIB 9
RT_GROUP_CURSOR 7
RT_ICON 6
RT_CURSOR 3
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 41
PE resources
Debug information
ExifTool file metadata
CodeSize
179200

SubsystemVersion
5.0

Comments
Tuplets Bold

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.5.71.105

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Tuplets Bold

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
466432

PrivateBuild
9.5.71.105

EntryPoint
0x1565c

OriginalFileName
Zam Innerve

MIMEType
application/octet-stream

LegalCopyright
Copyright General Catalyst Partners 2000 - 2014 KG and its Licensors

FileVersion
9.5.71.105

TimeStamp
2019:03:17 20:48:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Zam Innerve

ProductVersion
9.5.71.105

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
General Catalyst Partners

LegalTrademarks
Copyright General Catalyst Partners 2000 - 2014 KG and its Licensors

ProductName
Zam Innerve

ProductVersionNumber
9.5.71.105

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3997962140d133840c25f1550c21f690
SHA1 a12fe1bdaac4bbaf5eec3828cc4f9eece1c2c1b3
SHA256 d3e2200d344446cb8da94e345fe1c33120b8f02065998abfd0892655870263d4
ssdeep
12288:Q2hv6ZD7kDXvs+Sk8/pNupfBBfHGFFjgiCyEAArXC1Xi0XzQOWwkB:QI6+XvWX/pNupfB5utLCJAAryTjTWzB

authentihash 832801f58ae4f570f4f0263667d83867befd957db5cea8a510ad10da566b425d
imphash 72a04b6e2526c21f64dc5c5106e69acd
File size 631.5 KB ( 646656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-18 07:19:52 UTC ( 2 months, 1 week ago )
Last submission 2019-03-18 07:20:03 UTC ( 2 months, 1 week ago )
File names Zam Innerve
tolu17.jpg
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Runtime DLLs