× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ded1225cd191437012f85fc61b741ada1656d3ad649281722b6dfc25e9c1a1cc
File name: 3289fkjsdfyu3.bin
Detection ratio: 39 / 70
Analysis date: 2019-01-04 07:59:02 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40880186 20190104
AhnLab-V3 Malware/Win32.Trojanspy.C2909634 20190104
Arcabit Trojan.Generic.D26FC83A 20190104
Avast Win32:Malware-gen 20190104
AVG Win32:Malware-gen 20190104
BitDefender Trojan.GenericKD.40880186 20190104
CAT-QuickHeal Trojan.Fuerboos 20190103
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.85977e 20180225
Cylance Unsafe 20190104
Cyren W32/Trojan.WQLZ-6754 20190104
Emsisoft Trojan.GenericKD.40880186 (B) 20190104
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOEU 20190104
F-Secure Trojan.GenericKD.40880186 20190104
Fortinet W32/GenKryptik.CVFM!tr 20190104
GData Trojan.GenericKD.40880186 20190104
Ikarus Trojan-Ransom.GandCrab 20190104
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0054486b1 ) 20190104
K7GW Trojan ( 0054486b1 ) 20190104
Kaspersky Backdoor.Win32.Androm.qzdf 20190104
McAfee RDN/Generic.dx 20190104
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20190104
Microsoft Trojan:Win32/Tiggre!plock 20190104
eScan Trojan.GenericKD.40880186 20190104
NANO-Antivirus Trojan.Win32.Androm.flqiiw 20190104
Palo Alto Networks (Known Signatures) generic.ml 20190104
Panda Trj/Genetic.gen 20190103
Qihoo-360 Win32/Backdoor.9b4 20190104
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20190104
Sophos AV Mal/Generic-S 20190104
Symantec Trojan.Gen.2 20190104
Tencent Win32.Backdoor.Androm.Lkdy 20190104
Trapmine malicious.high.ml.score 20190103
TrendMicro TrojanSpy.Win32.URSNIF.AMY 20190104
TrendMicro-HouseCall TrojanSpy.Win32.URSNIF.AMY 20190104
Webroot W32.Trojan.Emotet 20190104
ZoneAlarm by Check Point Backdoor.Win32.Androm.qzdf 20190104
Acronis 20181227
AegisLab 20190104
Alibaba 20180921
Antiy-AVL 20190104
Avast-Mobile 20190103
Avira (no cloud) 20190104
Babable 20180918
Baidu 20190104
Bkav 20190103
ClamAV 20190104
CMC 20190103
Comodo 20190104
DrWeb 20190104
eGambit 20190104
F-Prot 20190104
Jiangmin 20190104
Kingsoft 20190104
Malwarebytes 20190104
MAX 20190104
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190102
TACHYON 20190104
TheHacker 20181230
TotalDefense 20190103
Trustlook 20190104
VBA32 20181229
VIPRE 20190102
ViRobot 20190103
Yandex 20181229
Zillya 20190103
Zoner 20190104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1999 - 2014

Product Persistently
Original name Persistently
Internal name Persistently
File version 6.5.4.4
Description Gov Wrist Identifiers
Comments Gov Wrist Identifiers
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-27 13:42:03
Entry Point 0x0000C57D
Number of sections 9
PE sections
PE imports
CryptDestroyKey
CryptGetUserKey
RegOpenKeyA
RegCloseKey
CryptAcquireContextA
RegSetValueA
CryptReleaseContext
CryptGetKeyParam
IsTextUnicode
CryptGenKey
AVIFileEndRecord
AVIStreamWrite
AVIGetFromClipboard
AVIMakeFileFromStreams
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
GetOpenFileNameA
CommDlgExtendedError
CertFreeCertificateContext
CertOpenSystemStoreA
CertFindCertificateInStore
CreateRoundRectRgn
CreateDCA
GetCurrentObject
EndPage
TextOutW
CreateBitmap
StartDocA
BitBlt
GetStockObject
CreateCompatibleBitmap
TextOutA
DeleteDC
SelectObject
CreateRectRgnIndirect
SetPixelV
StartPage
CreateDIBSection
CreateCompatibleDC
DeleteObject
Ellipse
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
GetThreadLocale
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
lstrlenW
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
IsValidCodePage
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetStartupInfoW
SetStdHandle
RaiseException
GetCPInfo
TlsFree
GetModuleHandleA
GetDiskFreeSpaceW
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
GetModuleFileNameA
GetModuleHandleExW
SetCommState
OutputDebugStringW
SetLastError
CreateFileW
GetCommState
VirtualFree
TlsGetValue
Sleep
FormatMessageA
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
GetProcessHeap
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
LoadTypeLibEx
GetModuleFileNameExA
EnumProcessModules
Shell_NotifyIconA
SHGetSpecialFolderLocation
SHGetFolderPathA
InitializeSecurityContextA
AcquireCredentialsHandleA
AcceptSecurityContext
GetParent
UpdateWindow
EndDialog
BeginPaint
EnumWindows
DefWindowProcW
PostQuitMessage
DefWindowProcA
ShowWindow
GetWindowThreadProcessId
SendDlgItemMessageA
MessageBoxW
AppendMenuA
DispatchMessageA
DrawIcon
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
GetDC
RegisterClassExA
GetCursorPos
ReleaseDC
SetWindowTextA
UnregisterClassA
RegisterClassW
SendMessageA
GetClientRect
GetDlgItem
ChangeClipboardChain
RegisterClassA
TrackPopupMenuEx
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
FillRect
AdjustWindowRect
GetSysColorBrush
LoadImageA
CreateWindowExW
DestroyWindow
WSAStartup
gethostbyname
closesocket
socket
connect
ImageRvaToVa
CreateBindCtx
CoRegisterClassObject
RegisterFormatEnumerator
CreateFormatEnumerator
ObtainUserAgentString
PE exports
Number of PE resources by type
RT_STRING 11
RT_CURSOR 10
HTML_IMG 7
RT_ICON 6
RT_GROUP_CURSOR 4
GDATA 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 44
PE resources
Debug information
ExifTool file metadata
CodeSize
98816

SubsystemVersion
5.1

Comments
Gov Wrist Identifiers

Languages
English

InitializedDataSize
758784

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.5.4.4

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Gov Wrist Identifiers

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
12.0

PrivateBuild
6.5.4.4

EntryPoint
0xc57d

OriginalFileName
Persistently

MIMEType
application/octet-stream

LegalCopyright
Copyright 1999 - 2014

FileVersion
6.5.4.4

TimeStamp
2018:12:27 14:42:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Persistently

ProductVersion
6.5.4.4

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Okta

LegalTrademarks
Copyright 1999 - 2014

ProductName
Persistently

ProductVersionNumber
6.5.4.4

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 35962d585977e5216174e8a724e21633
SHA1 a6b47cd02e6e167f2a033bc99791b39c73bcc562
SHA256 ded1225cd191437012f85fc61b741ada1656d3ad649281722b6dfc25e9c1a1cc
ssdeep
24576:7Zc07fjoOTj6FHdsVinYDZ73DIDS1x4KaiIx:1c07fjXCHuDZSS1x4Kaz

authentihash fe3d6b9853d1cabb255d820b80496a278e7667f1add12bc36fa2390758b9f658
imphash 7a94a2a38267726ba68228c27385e347
File size 838.5 KB ( 858624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-28 00:52:12 UTC ( 1 month, 2 weeks ago )
Last submission 2018-12-28 02:24:13 UTC ( 1 month, 2 weeks ago )
File names 3289fkjsdfyu3.bin.exe
3289fkjsdfyu3.bin
Persistently
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Searched windows
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.