× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dada5048ba6c71de5deb41e1d57c172fa003f51b79254963f64cae884b63e080
File name: DADA5048BA6C71DE5DEB41E1D57C172FA003F51B79254963F64CAE884B63E080
Detection ratio: 11 / 71
Analysis date: 2019-01-28 05:00:56 UTC ( 3 months, 3 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181023
Cylance Unsafe 20190128
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20190128
McAfee-GW-Edition BehavesLike.Win32.Fareit.fc 20190127
Qihoo-360 HEUR/QVM03.0.D78B.Malware.Gen 20190128
SentinelOne (Static ML) static engine - malicious 20190124
Symantec ML.Attribute.HighConfidence 20190127
Trapmine malicious.high.ml.score 20190123
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190128
Acronis 20190124
Ad-Aware 20190128
AegisLab 20190128
AhnLab-V3 20190128
Alibaba 20180921
ALYac 20190128
Antiy-AVL 20190128
Arcabit 20190128
Avast 20190128
Avast-Mobile 20190127
AVG 20190128
Avira (no cloud) 20190127
Babable 20180918
Baidu 20190125
BitDefender 20190128
Bkav 20190125
CAT-QuickHeal 20190127
ClamAV 20190128
CMC 20190127
Comodo 20190128
Cybereason 20190109
Cyren 20190128
DrWeb 20190128
eGambit 20190128
Emsisoft 20190128
ESET-NOD32 20190127
F-Prot 20190128
F-Secure 20190128
Fortinet 20190128
GData 20190128
Ikarus 20190127
Jiangmin 20190128
K7AntiVirus 20190128
K7GW 20190127
Kingsoft 20190128
Malwarebytes 20190128
MAX 20190128
McAfee 20190128
Microsoft 20190128
eScan 20190128
NANO-Antivirus 20190128
Palo Alto Networks (Known Signatures) 20190128
Panda 20190127
Rising 20190128
Sophos AV 20190128
SUPERAntiSpyware 20190123
TACHYON 20190128
Tencent 20190128
TheHacker 20190125
TotalDefense 20190127
TrendMicro 20190128
TrendMicro-HouseCall 20190128
Trustlook 20190128
VBA32 20190125
VIPRE 20190128
ViRobot 20190128
Webroot 20190128
Yandex 20190125
Zillya 20190125
Zoner 20190125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
lEXUuS

Product lEXUuS
Original name umeddelsommmes.exe
Internal name umeddelsommmes
File version 5.03.0004
Description lEXUuS
Comments lEXUuS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-27 23:23:12
Entry Point 0x000013C4
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(523)
Ord(546)
_adj_fpatan
__vbaEnd
__vbaStrCmp
_allmul
_adj_fdivr_m64
__vbaPrintObj
_adj_fprem
Ord(514)
Ord(596)
Ord(678)
Ord(525)
Ord(619)
Ord(512)
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(526)
_adj_fdivr_m32i
Ord(693)
Ord(629)
Ord(675)
EVENT_SINK_QueryInterface
Ord(591)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
__vbaStrToUnicode
_adj_fdivr_m16i
EVENT_SINK_Release
Ord(589)
Ord(100)
Ord(677)
__vbaVarAdd
_CItan
__vbaFreeVar
Ord(519)
Ord(547)
__vbaExitProc
__vbaAryConstruct2
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaLenBstrB
__vbaStrCopy
_CIcos
__vbaVarTstEq
_adj_fptan
Ord(685)
__vbaVarDup
__vbaObjSet
__vbaI4Var
__vbaVarMove
_CIatan
__vbaNew2
_adj_fdiv_r
__vbaOnError
__vbaFileCloseAll
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(543)
__vbaR8FixI4
__vbaFreeStrList
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
lEXUuS

SubsystemVersion
4.0

Comments
lEXUuS

InitializedDataSize
20480

ImageVersion
5.3

ProductName
lEXUuS

FileVersionNumber
5.3.0.4

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
umeddelsommmes.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.03.0004

TimeStamp
2019:01:27 15:23:12-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
umeddelsommmes

ProductVersion
5.03.0004

FileDescription
lEXUuS

OSVersion
4.0

FileOS
Win32

LegalCopyright
lEXUuS

MachineType
Intel 386 or later, and compatibles

CompanyName
AMOco

CodeSize
360448

FileSubtype
0

ProductVersionNumber
5.3.0.4

EntryPoint
0x13c4

ObjectFileType
Executable application

Execution parents
File identification
MD5 d814c0a0fd68d4171a7eef8a0f069042
SHA1 3972bfa3584ad33026fb6bf48fcb2f01a0c67e25
SHA256 dada5048ba6c71de5deb41e1d57c172fa003f51b79254963f64cae884b63e080
ssdeep
3072:YYbpUmc9UxTma51bL8He+QR29DK8Rgi7Sxlur8MNmFWC5XTlmG+zIi08gZA03C+e:Omc9WTH+QY9DK8n7VxNeHA1RgJJfjc

authentihash 27a78b3fe61955c451348520c32bb289ada9e38502f610f6706619599361e4f0
imphash 61049d75980c4f838c567ae4e37f99e3
File size 376.0 KB ( 385024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (68.2%)
Win64 Executable (generic) (22.9%)
Win32 Executable (generic) (3.7%)
OS/2 Executable (generic) (1.6%)
Generic Win/DOS Executable (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-28 05:00:26 UTC ( 3 months, 3 weeks ago )
Last submission 2019-01-30 17:18:03 UTC ( 3 months, 3 weeks ago )
File names umeddelsommmes.exe
umeddelsommmes
xibpipi.exe
fb55a8cc0.exe
fb55A8CC0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!