× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e11e8b39f785b2184f68369e2e1300530572725073e66117b83be0a84f82355a
File name: Lasttt
Detection ratio: 58 / 66
Analysis date: 2018-04-02 22:24:56 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.51713 20180402
AegisLab Troj.Dropper.W32.Injector.avvq!c 20180402
AhnLab-V3 Win-Trojan/Meroweq.69632 20180402
ALYac Backdoor.RAT.Xtreme 20180402
Antiy-AVL Trojan[Dropper]/Win32.Injector 20180402
Arcabit Trojan.Kazy.DCA01 20180402
Avast Win32:Trojan-gen 20180402
AVG Win32:Trojan-gen 20180402
Avira (no cloud) TR/Dropper.Gen 20180402
AVware Trojan.Win32.Generic!BT 20180402
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180402
BitDefender Gen:Variant.Kazy.51713 20180402
CAT-QuickHeal Trojan.Meroweq 20180402
CMC Trojan-Dropper.Win32.Injector!O 20180402
Comodo TrojWare.Win32.TrojanDownloader.VB.PMEA 20180402
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cybereason malicious.b94c68 20180225
Cylance Unsafe 20180402
Cyren W32/VBTrojan.17B!Generic 20180402
DrWeb Trojan.DownLoader5.31791 20180402
eGambit Unsafe.AI_Score_65% 20180402
Emsisoft Gen:Variant.Kazy.51713 (B) 20180402
Endgame malicious (high confidence) 20180316
ESET-NOD32 Win32/Delf.OAZ 20180402
F-Prot W32/VBTrojan.17B!Generic 20180402
F-Secure Gen:Variant.Kazy.51713 20180402
Fortinet W32/WBNA.IPA!worm 20180402
GData Gen:Variant.Kazy.51713 20180402
Ikarus Worm.Win32.VBNA 20180402
Sophos ML heuristic 20180121
Jiangmin TrojanDropper.Injector.awje 20180402
K7AntiVirus Backdoor ( 04c502b11 ) 20180402
K7GW Backdoor ( 04c502b11 ) 20180402
Kaspersky Trojan-Dropper.Win32.Injector.avvq 20180402
Kingsoft Win32.Troj.Injector.(kcloud) 20180402
MAX malware (ai score=99) 20180402
McAfee GenericRXCD-UD!41A2159B94C6 20180402
McAfee-GW-Edition BehavesLike.Win32.VBObfus.kt 20180402
Microsoft Trojan:Win32/Meroweq.A 20180402
eScan Gen:Variant.Kazy.51713 20180402
NANO-Antivirus Trojan.Win32.Dwn.dzqdft 20180402
nProtect Trojan-Dropper/W32.Injector.69632.N 20180402
Palo Alto Networks (Known Signatures) generic.ml 20180402
Panda Generic Malware 20180402
Qihoo-360 HEUR/Malware.QVM03.Gen 20180402
Rising Malware.Undefined!8.C (TFE:3:FeeFGo7k16Q) 20180402
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/VB-FVC 20180402
Symantec Downloader 20180402
Tencent Win32.Trojan-dropper.Injector.Pbyw 20180402
TheHacker Trojan/Dropper.Injector.avvq 20180330
TrendMicro BKDR_BREUT.A 20180402
TrendMicro-HouseCall BKDR_BREUT.A 20180402
VBA32 TrojanDropper.Injector 20180402
VIPRE Trojan.Win32.Generic!BT 20180402
Yandex Trojan.DR.Injector!cTo/6MLWJZ8 20180331
Zillya Dropper.Injector.Win32.8420 20180402
ZoneAlarm by Check Point Trojan-Dropper.Win32.Injector.avvq 20180402
Alibaba 20180402
Avast-Mobile 20180402
Bkav 20180402
ClamAV 20180402
Malwarebytes 20180402
SUPERAntiSpyware 20180402
Symantec Mobile Insight 20180401
Trustlook 20180402
ViRobot 20180402
WhiteArmor 20180324
Zoner 20180401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Love maker
Original name Lasttt.exe
Internal name Lasttt
File version 1.02.0003
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-31 01:04:41
Entry Point 0x00001114
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(537)
Ord(648)
Ord(570)
Ord(572)
Ord(607)
Ord(525)
Ord(712)
Ord(576)
__vbaExceptHandler
MethCallEngine
DllFunctionCall
Ord(608)
Ord(516)
EVENT_SINK_AddRef
Ord(100)
ProcCallEngine
Ord(606)
EVENT_SINK_Release
Ord(616)
Ord(593)
Ord(581)
Ord(528)
Ord(716)
Ord(644)
Ord(631)
Ord(619)
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.2

FileSubtype
0

FileVersionNumber
1.2.0.3

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x1114

OriginalFileName
Lasttt.exe

MIMEType
application/octet-stream

FileVersion
1.02.0003

TimeStamp
2011:12:31 02:04:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Lasttt

ProductVersion
1.02.0003

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
61440

ProductName
Love maker

ProductVersionNumber
1.2.0.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 41a2159b94c6883f03d2d901428a5891
SHA1 2c938f4e85d53aa23e9af39085d1199e138618b6
SHA256 e11e8b39f785b2184f68369e2e1300530572725073e66117b83be0a84f82355a
ssdeep
1536:cfJg9RNYsWrNeislTOlZ5X5eo+nfWY50KMdAvDjefuWJovdsG9wJJAhSMm:p9RNYsKsiJoVaJAhrm

authentihash cc83f1807e1cac0bfca997867718027fa2e5a1fc8f039eb4d61d566f87962009
imphash 28134b0bfd246450453362e019bc6462
File size 68.0 KB ( 69632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2012-01-05 07:47:52 UTC ( 6 years, 5 months ago )
Last submission 2018-04-02 22:24:56 UTC ( 2 months, 2 weeks ago )
File names svhost2.exe
2012010
e11e8b39f785b2184f68369e2e1300530572725073e66117b83be0a84f82355a
new2.exe
Lasttt.exe
svhost.exe
8.exe
XtremeRAT_svhost2.exe
Lasttt
file-3372025_exe
12cd9ac6-b3d5-47bf-8b85-d7be3cc6a887
2c938f4e85d53aa23e9af39085d1199e138618b6.bin
XtremeRAT_svhost2.exe_ 41A2159B94C6883F03D2D901428A5891
a1154605-8cfa-422a-ac58-05a88fa2941b
01.exe
41A2159B94C6883F03D2D901428A5891
E11E8B39F785B2184F68369E2E1300530572725073E66117B83BE0A84F82355A.exe
41a2159b94c6883f03d2d901428a5891.exe_ 41A2159B94C6883F03D2D901428A5891
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!