× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d511ea53f500da9e831ba3393914619555dbe05d2c5719a2f4c23742ca74c816
File name: 34frgegrg.exe
Detection ratio: 6 / 53
Analysis date: 2016-02-03 17:07:51 UTC ( 3 years ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20160203
Kaspersky UDS:DangerousObject.Multi.Generic 20160203
McAfee-GW-Edition BehavesLike.Win32.Sality.fh 20160203
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20160203
Rising PE:Malware.RDM.44!5.32 [F] 20160203
Symantec Suspicious.Cloud.7.F 20160202
Ad-Aware 20160203
Yandex 20160202
AhnLab-V3 20160203
Alibaba 20160203
ALYac 20160203
Antiy-AVL 20160203
Arcabit 20160203
Avast 20160203
AVG 20160203
Avira (no cloud) 20160203
Baidu-International 20160203
BitDefender 20160203
Bkav 20160203
ByteHero 20160203
CAT-QuickHeal 20160203
ClamAV 20160203
Comodo 20160203
Cyren 20160203
DrWeb 20160203
Emsisoft 20160203
ESET-NOD32 20160203
F-Prot 20160129
F-Secure 20160203
Fortinet 20160203
GData 20160203
Ikarus 20160203
Jiangmin 20160203
K7AntiVirus 20160203
K7GW 20160203
Malwarebytes 20160203
McAfee 20160203
Microsoft 20160203
eScan 20160203
NANO-Antivirus 20160203
nProtect 20160201
Panda 20160202
Sophos AV 20160203
SUPERAntiSpyware 20160203
Tencent 20160203
TheHacker 20160202
TrendMicro 20160203
TrendMicro-HouseCall 20160203
VBA32 20160203
VIPRE 20160203
ViRobot 20160203
Zillya 20160202
Zoner 20160203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2006-2014

Product LogicalSell
Original name LogicalSell.exe
Description Adding Cautionary Quotation Spec Determine
Comments Adding Cautionary Quotation Spec Determine
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-03 14:55:11
Entry Point 0x0000877D
Number of sections 5
PE sections
PE imports
GetTokenInformation
SetSecurityDescriptorDacl
FreeSid
CopySid
AccessCheck
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetEntriesInAclA
GetLengthSid
CryptEnumProviderTypesA
ImageList_BeginDrag
ImageList_Destroy
ImageList_Draw
ImageList_Create
ImageList_DragMove
ImageList_DragLeave
Ord(17)
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
DeleteDC
CreateHalftonePalette
BitBlt
GetPaletteEntries
GetDIBits
SelectObject
CreateRectRgnIndirect
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetSystemInfo
GetConsoleCP
OpenSemaphoreA
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
GetConsoleWindow
SetConsoleScreenBufferSize
GetModuleFileNameA
RaiseException
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
FileTimeToLocalFileTime
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
OpenProcess
UnhandledExceptionFilter
GetModuleHandleW
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
LeaveCriticalSection
FileTimeToSystemTime
GetProcessHeap
SetStdHandle
GetModuleHandleA
QueryPerformanceFrequency
ReleaseSemaphore
GetCPInfo
GetStringTypeA
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
FindNextFileW
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
ExpandEnvironmentStringsA
TlsFree
LocalFree
TerminateProcess
RtlUnwind
QueryPerformanceCounter
WriteConsoleA
IsValidCodePage
HeapCreate
SetLastError
SetConsoleWindowInfo
VirtualFree
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
LocalAlloc
WriteConsoleW
CloseHandle
DsReplicaGetInfoW
VariantInit
SysAllocStringLen
GetModuleBaseNameA
GetModuleFileNameExA
EnumProcessModules
RasValidateEntryNameA
RasDialDlgA
StrFormatByteSizeA
lineGetLineDevStatus
EnumDesktopsA
SetWindowRgn
EndDialog
BeginPaint
ReleaseCapture
DestroyMenu
PostQuitMessage
SetWindowPos
GetDesktopWindow
GetSystemMetrics
IsWindow
GetWindowRect
EndPaint
SetCapture
SetMenuItemInfoA
GetWindowDC
SetWindowLongA
DialogBoxParamA
GetDC
ReleaseDC
SendDlgItemMessageA
GetClientRect
GetDlgItem
RegisterClassA
GetWindowLongA
LoadCursorA
LoadIconA
GetMenuItemInfoA
GetSysColorBrush
LoadImageA
wsprintfA
PtInRect
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
CoCreateActivity
CoUninitialize
CoInitializeEx
CoCreateInstance
CoInitialize
PdhOpenLogA
PdhOpenQueryA
PdhCloseLog
PdhCloseQuery
Number of PE resources by type
RT_STRING 8
RT_ICON 5
RT_RCDATA 4
RT_BITMAP 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 23
PE resources
Debug information
ExifTool file metadata
CodeSize
177664

SubsystemVersion
5.0

Comments
Adding Cautionary Quotation Spec Determine

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.7.4.5

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Adding Cautionary Quotation Spec Determine

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
136192

PrivateBuild
7.7.4.5

EntryPoint
0x877d

OriginalFileName
LogicalSell.exe

MIMEType
application/octet-stream

LegalCopyright
2006-2014

TimeStamp
2016:02:03 15:55:11+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
7.7.4.5

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CACE Technologies, Inc.

LegalTrademarks
2006-2014

ProductName
LogicalSell

ProductVersionNumber
7.7.4.5

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 a9a6d0f6e1266dafd869ce61daedf2a6
SHA1 caf22ef1d06ca587e3705bbebb4305accb51c100
SHA256 d511ea53f500da9e831ba3393914619555dbe05d2c5719a2f4c23742ca74c816
ssdeep
6144:L4I/z1O3VmuWC2qtvftovsNbNY7P8CatjPoO/c:5/RO3wuWCDFokNReZ

authentihash 9aa74f90108202815ffc99ba341a508543c79ade0268cedb940d1df6cbae2898
imphash d1c1cb151aead525fe0c61b5fb472992
File size 307.5 KB ( 314880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-03 15:36:16 UTC ( 3 years ago )
Last submission 2018-10-25 21:15:22 UTC ( 3 months, 3 weeks ago )
File names 34frgegrg.exe_
34frgegrg.exe
dridex13.exe
34frgegrg(1).exe
a9a6d0f6e1266dafd869ce61daedf2a6.vir
34frgegrg.exe
LogicalSell.exe
a9a6d0f6e1266dafd869ce61daedf2a6.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened service managers
Opened services
Runtime DLLs
UDP communications