× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dc0f5f7d2b62ea27a20985d37b964d0ec3bbfdf8c0abf58add4d867fc1ec57bd
Detection ratio: 12 / 66
Analysis date: 2018-05-03 15:50:39 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
AegisLab Possible.Hpgen.Gen!c 20180503
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20180503
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20180418
Cylance Unsafe 20180503
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/GenKryptik.BYSS 20180503
Sophos ML heuristic 20180121
Palo Alto Networks (Known Signatures) generic.ml 20180503
Qihoo-360 HEUR/QVM10.1.EB41.Malware.Gen 20180503
Sophos AV Mal/Generic-S 20180503
Symantec Packed.Generic.523 20180503
Webroot W32.Trojan.Emotet 20180503
Ad-Aware 20180503
AhnLab-V3 20180503
Alibaba 20180503
ALYac 20180503
Antiy-AVL 20180503
Arcabit 20180503
Avast 20180503
Avast-Mobile 20180503
AVG 20180503
Avira (no cloud) 20180503
AVware 20180428
Babable 20180406
BitDefender 20180503
Bkav 20180503
CAT-QuickHeal 20180503
ClamAV 20180503
CMC 20180503
Comodo 20180503
Cybereason None
Cyren 20180503
DrWeb 20180503
eGambit 20180503
Emsisoft 20180503
F-Prot 20180503
F-Secure 20180503
Fortinet 20180503
GData 20180503
Jiangmin 20180503
K7AntiVirus 20180503
K7GW 20180503
Kaspersky 20180503
Kingsoft 20180503
Malwarebytes 20180503
MAX 20180503
McAfee 20180503
McAfee-GW-Edition 20180503
Microsoft 20180503
eScan 20180503
NANO-Antivirus 20180503
nProtect 20180503
Panda 20180503
Rising 20180503
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180503
Symantec Mobile Insight 20180501
Tencent 20180503
TheHacker 20180430
TrendMicro 20180503
TrendMicro-HouseCall 20180503
Trustlook 20180503
VBA32 20180503
VIPRE 20180503
ViRobot 20180503
Yandex 20180503
Zillya 20180503
ZoneAlarm by Check Point 20180503
Zoner 20180502
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 5, 8, 4908, 1814
Description Bit Practice
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-05-03 10:02:22
Entry Point 0x00097556
Number of sections 4
PE sections
PE imports
SetBkMode
MoveToEx
IntersectClipRect
GetStdHandle
WaitForSingleObject
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
TlsGetValue
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
CreateThread
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
ResetEvent
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetShortPathNameW
GetConsoleCP
GetEnvironmentStringsW
FindFirstChangeNotificationW
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
InterlockedCompareExchange
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
OpenMutexW
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
MapDialogRect
EndDialog
ReleaseCapture
LoadIconW
GetMessageW
CloseClipboard
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoRevokeClassObject
OleSetContainedObject
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 8
PE resources
Debug information
ExifTool file metadata
CodeSize
687616

UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
5.8.4908.1814

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Bit Practice

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
356864

EntryPoint
0x97556

MIMEType
application/octet-stream

FileVersion
5, 8, 4908, 1814

TimeStamp
2011:05:03 11:02:22+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5, 8, 4908, 1814

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Reply Sight

LegalTrademarks
Bit Practice

FileSubtype
0

ProductVersionNumber
5.8.4908.1814

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1ac26838cbac0c595fca2aef8fb42291
SHA1 dfdbe5b5b5fdd28226771c95b0cf8f44f4710031
SHA256 dc0f5f7d2b62ea27a20985d37b964d0ec3bbfdf8c0abf58add4d867fc1ec57bd
ssdeep
24576:yxCsRAwA+fJHR2wb5iZ2Fpuo9kWI/MMH:ps2wA+pEwdiUio9FKlH

authentihash 675be328b09d9d3dcb14edcfad85b7cc91f5b5d394c0f83554b1559f5d6b2e95
imphash 44a0624b2e82c549efdae11a2a12a068
File size 935.5 KB ( 957952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-03 15:23:57 UTC ( 9 months, 2 weeks ago )
Last submission 2018-05-26 18:04:41 UTC ( 8 months, 3 weeks ago )
File names crypt_0002_1055a (1).exe
poop4.yarn
crypt_0002_1055a.exe
poop9.yarn
poop3.yarn
poop5.yarn
unker2.yarn
unker5.yarn
poop1.yarn
poop10.yarn
poop6.yarn
poop7.yarn
crypt_0002_1055a.exe
unker1.yarn
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Runtime DLLs