× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d4ff0ff97846ad44287c6028cb45a4ed075b65928088e9d2810c808b5362a58b
File name: 1ulxomeobigohiwhufovi.exe
Detection ratio: 43 / 61
Analysis date: 2017-06-19 12:19:10 UTC ( 2 days, 23 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5369509 20170619
AegisLab Ransom.Hplocky.Sme!c 20170618
AhnLab-V3 Trojan/Win32.Upatre.C2007144 20170619
ALYac Trojan.GenericKD.5369572 20170619
Arcabit Trojan.Generic.D51EEA5 20170619
Avast Win32:Trojan-gen 20170619
AVG Win32:Trojan-gen 20170619
Avira (no cloud) TR/Crypt.ZPACK.zgxqc 20170619
AVware Trojan.Win32.Generic!BT 20170619
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20170619
BitDefender Trojan.GenericKD.5369509 20170619
CAT-QuickHeal TrojanDownloader.Upatre 20170619
CrowdStrike Falcon (ML) malicious_confidence_69% (W) 20170420
Cyren W32/Trojan.ICRQ-2464 20170619
DrWeb Trojan.PWS.Panda.11620 20170619
Emsisoft Trojan.GenericKD.5369509 (B) 20170619
Endgame malicious (high confidence) 20170615
ESET-NOD32 Win32/Spy.Zbot.ACO 20170619
F-Secure Trojan.GenericKD.5369509 20170619
Fortinet W32/Zbot.ACO!tr.spy 20170619
GData Trojan.GenericKD.5369509 20170619
Ikarus Trojan-Spy.Agent 20170619
Invincea heuristic 20170607
K7AntiVirus Spyware ( 004f9b491 ) 20170619
K7GW Spyware ( 004f9b491 ) 20170619
Kaspersky Trojan-Downloader.Win32.Upatre.fziq 20170619
Malwarebytes Trojan.MalPack 20170619
McAfee RDN/Generic Downloader.x 20170619
McAfee-GW-Edition RDN/Generic Downloader.x 20170619
eScan Trojan.GenericKD.5369509 20170619
nProtect Trojan-Downloader/W32.Upatre.310272.B 20170619
Palo Alto Networks (Known Signatures) generic.ml 20170619
Panda Trj/CI.A 20170618
Qihoo-360 Win32/Trojan.Downloader.66a 20170619
Rising Trojan.Ransom-Locky!8.4655 (cloud:TtWMETesBYD) 20170619
Sophos Mal/Generic-S 20170619
Symantec Trojan Horse 20170619
TrendMicro Ransom_HPLOCKY.SME 20170619
TrendMicro-HouseCall Ransom_HPLOCKY.SME 20170619
VIPRE Trojan.Win32.Generic!BT 20170619
ViRobot Trojan.Win32.U.Agent.310272.B[h] 20170619
Webroot W32.Trojan.Gen 20170619
ZoneAlarm by Check Point Trojan-Downloader.Win32.Upatre.fziq 20170619
Alibaba 20170619
Antiy-AVL 20170619
Bkav 20170616
ClamAV 20170619
CMC 20170619
Comodo 20170619
F-Prot 20170619
Jiangmin 20170619
Kingsoft 20170619
Microsoft 20170618
NANO-Antivirus 20170619
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170619
Symantec Mobile Insight 20170614
Tencent 20170619
TheHacker 20170618
Trustlook 20170619
VBA32 20170619
WhiteArmor 20170616
Yandex 20170616
Zillya 20170619
Zoner 20170619
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
DraftKings (c) 2015 Company

Product Account Coach
Internal name Account Coach
Description Barrier Condemned Suspicion Unlink
Comments Barrier Condemned Suspicion Unlink
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-16 08:52:20
Entry Point 0x00009CF2
Number of sections 5
PE sections
PE imports
AVIFileEndRecord
AVIMakeFileFromStreams
AVIFileOpenW
AVIGetFromClipboard
ImageList_Create
Ord(17)
GetObjectA
ExcludeClipRect
FillRgn
DeleteObject
CreateSolidBrush
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
UnmapViewOfFile
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
GlobalAlloc
RtlUnwind
GetLocalTime
RaiseException
GetCommandLineA
DeleteCriticalSection
GetCurrentProcess
GetVolumeInformationA
GetStartupInfoW
GetCurrentDirectoryW
GetConsoleMode
DecodePointer
GetCurrentProcessId
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
FindVolumeMountPointClose
GlobalLock
LeaveCriticalSection
EncodePointer
GetProcessHeap
SetStdHandle
MapViewOfFile
FindNextVolumeMountPointA
GetCPInfo
GetModuleFileNameW
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
FindFirstFileA
FormatMessageA
SetUnhandledExceptionFilter
WriteFile
InterlockedIncrement
CloseHandle
IsProcessorFeaturePresent
CreateFileMappingA
GetACP
HeapReAlloc
GetStringTypeW
OutputDebugStringA
TerminateProcess
InterlockedDecrement
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
SetLastError
CreateFileW
VirtualQuery
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
FindFirstVolumeMountPointA
WriteConsoleW
GetProcAddress
acmDriverDetailsA
acmDriverOpen
ICGetInfo
SystemTimeToVariantTime
SafeArrayGetUBound
VariantTimeToSystemTime
VariantCopyInd
VariantInit
RpcRevertToSelf
GetMessageA
GetParent
GetCursorInfo
IntersectRect
BeginPaint
EnumWindows
CreateIconIndirect
PostQuitMessage
DefWindowProcA
ShowWindow
SetWindowPos
GetWindowThreadProcessId
GetSystemMetrics
IsWindow
GetWindowRect
DispatchMessageA
EndPaint
WindowFromPoint
MessageBoxA
GetWindowDC
SetWindowLongA
TranslateMessage
IsWindowEnabled
GetDC
GetCursorPos
ReleaseDC
CreatePopupMenu
GetWindowLongA
SendMessageA
GetClientRect
CreateDialogParamA
SetRect
InsertMenuA
wsprintfA
LoadCursorA
DlgDirListA
CopyRect
CallWindowProcA
RedrawWindow
SetCursor
IsDialogMessageA
DestroyWindow
GetThemeBackgroundContentRect
IsThemeActive
OpenThemeData
DrawThemeParentBackground
CloseThemeData
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
FtpSetCurrentDirectoryA
OpenDriver
SendDriverMessage
CloseDriver
ImageNtHeader
RevokeDragDrop
RegisterDragDrop
CoInitialize
Number of PE resources by type
RT_DIALOG 9
RT_STRING 7
RT_ICON 6
BIN 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
DANISH DEFAULT 28
PE resources
ExifTool file metadata
LegalTrademarks
DraftKings (c) 2015 Company

SubsystemVersion
6.0

Comments
Barrier Condemned Suspicion Unlink

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.9.3.7

LanguageCode
Danish

FileFlagsMask
0x003f

FileDescription
Barrier Condemned Suspicion Unlink

CharacterSet
Unicode

InitializedDataSize
221184

PrivateBuild
5.9.3.7

EntryPoint
0x9cf2

MIMEType
application/octet-stream

LegalCopyright
DraftKings (c) 2015 Company

TimeStamp
2017:06:16 09:52:20+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Account Coach

ProductVersion
5.9.3.7

UninitializedDataSize
0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
DraftKings

CodeSize
88064

ProductName
Account Coach

ProductVersionNumber
5.9.3.7

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 ab3d52507fcc1fa133e9f1d024ad79b0
SHA1 0ab0f85879631b24b8346a616e1a483f1da0f72b
SHA256 d4ff0ff97846ad44287c6028cb45a4ed075b65928088e9d2810c808b5362a58b
ssdeep
6144:ULeUCSXHDM3FrGRrEGWg25aHkVfKH111111111111111111111111u1111111115:ULenSXHDM32EGWcHkpKH11111111111o

authentihash 0e4e6fdbd8356f0e535df4c92e04a5db66a6e802c778740a7a49822ed31cbb75
imphash 0dfbfe5d2c8083d4c404974c514ddfa8
File size 303.0 KB ( 310272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Clipper DOS Executable (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-06-16 10:24:50 UTC ( 6 days, 1 hour ago )
Last submission 2017-06-19 12:19:10 UTC ( 2 days, 23 hours ago )
File names 1ulxomeobigohiwhufovi.exe
malware
1ulxomeobigohiwhufovi.exe
1ulxomeobigohiwhufovi.exe
content
1ulxomeobigohiwhufovi.exe
Account Coach
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!