× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d50907c56708bc15bb8705ab35a0d47883f18d1317acc6c1648d5512bd6e565c
File name: explorer.exe
Detection ratio: 8 / 66
Analysis date: 2018-05-28 16:58:51 UTC ( 8 months, 3 weeks ago ) View latest
Antivirus Result Update
Cylance Unsafe 20180528
Endgame malicious (high confidence) 20180507
Sophos ML heuristic 20180503
Kaspersky UDS:DangerousObject.Multi.Generic 20180528
Qihoo-360 HEUR/QVM03.0.7801.Malware.Gen 20180528
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180528
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180528
Ad-Aware 20180528
AegisLab 20180528
AhnLab-V3 20180528
Alibaba 20180528
ALYac 20180528
Antiy-AVL 20180528
Arcabit 20180528
Avast 20180528
Avast-Mobile 20180527
AVG 20180528
Avira (no cloud) 20180528
AVware 20180528
Babable 20180406
Baidu 20180528
BitDefender 20180528
Bkav 20180528
CAT-QuickHeal 20180528
ClamAV 20180528
CMC 20180528
Comodo 20180528
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cyren 20180528
DrWeb 20180528
eGambit 20180528
Emsisoft 20180528
ESET-NOD32 20180528
F-Prot 20180528
F-Secure 20180528
Fortinet 20180528
GData 20180528
Ikarus 20180528
Jiangmin 20180528
K7AntiVirus 20180528
K7GW 20180528
Kingsoft 20180528
Malwarebytes 20180528
MAX 20180528
McAfee 20180528
McAfee-GW-Edition 20180528
Microsoft 20180528
eScan 20180528
NANO-Antivirus 20180528
nProtect 20180528
Palo Alto Networks (Known Signatures) 20180528
Panda 20180528
Rising 20180528
Sophos AV 20180528
SUPERAntiSpyware 20180528
Symantec Mobile Insight 20180525
Tencent 20180528
TheHacker 20180524
TotalDefense 20180528
TrendMicro 20180528
TrendMicro-HouseCall 20180528
Trustlook 20180528
VBA32 20180528
VIPRE 20180528
ViRobot 20180528
Webroot 20180528
Yandex 20180528
Zillya 20180528
Zoner 20180528
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
LASTPASS

Product opERA SOFTWARe ASX
Original name Hankering.exe
Internal name Hankering
File version 2.00
Comments opERA SOFTWARe ASI
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-19 21:14:00
Entry Point 0x0000122C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaEnd
__vbaStrCmp
_allmul
_adj_fdivr_m64
_adj_fprem
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
__vbaGenerateBoundsError
Ord(629)
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaUI1I2
__vbaFreeVar
__vbaAryConstruct2
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
_CIcos
__vbaVarTstEq
_adj_fptan
Ord(685)
_CItan
__vbaObjSet
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
_adj_fprem1
_adj_fdivr_m32
__vbaVarDup
__vbaFpI4
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
opERA SOFTWARe ASI

InitializedDataSize
24576

ImageVersion
2.0

ProductName
opERA SOFTWARe ASX

FileVersionNumber
2.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Hankering.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.0

TimeStamp
2011:04:19 22:14:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Hankering

ProductVersion
2.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
LASTPASS

MachineType
Intel 386 or later, and compatibles

CodeSize
770048

FileSubtype
0

ProductVersionNumber
2.0.0.0

EntryPoint
0x122c

ObjectFileType
Executable application

File identification
MD5 b3ee0b9f84a72d9dda720df99f14064b
SHA1 d0d6c1a8f71a3cfd4cbc2a8a39cde979901fd359
SHA256 d50907c56708bc15bb8705ab35a0d47883f18d1317acc6c1648d5512bd6e565c
ssdeep
12288:UzLN9B6AgTNUeG1UXCzLBHT3OQ0fLHVBwHaY2:UncAENUecUynBeL1BwHa

authentihash e9cbfe2bb17bc523deb7d8c73c3e8d05415b367652823642df46f5d434dea84d
imphash 31137c2f49450d51cdc36598afc0872a
File size 776.0 KB ( 794624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-28 16:58:51 UTC ( 8 months, 3 weeks ago )
Last submission 2018-05-29 08:51:42 UTC ( 8 months, 3 weeks ago )
File names OM Group Inc(08).gxe
Hankering.exe
Hankering
explorer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!