× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e19d906df2c4c655c8ba2a222779bb544897436f52203bc103379d4254f436ad
File name: doc_10_01_2019_id90783654752.exe.1
Detection ratio: 13 / 70
Analysis date: 2019-01-11 17:00:21 UTC ( 1 month, 1 week ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Banload.C2908154 20190111
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181023
Cylance Unsafe 20190111
eGambit PE.Heur.InvalidSig 20190111
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.ECHF 20190111
Fortinet W32/Banload.YEZ!tr 20190111
Sophos ML heuristic 20181128
Malwarebytes Trojan.Downloader 20190111
Microsoft TrojanDownloader:Win32/Banload 20190111
Qihoo-360 HEUR/QVM05.1.7AB5.Malware.Gen 20190111
Rising Downloader.Banload!8.15B (TFE:dGZlOgTT2mtc5YNKCA) 20190111
Symantec ML.Attribute.HighConfidence 20190111
Acronis 20190111
Ad-Aware 20190111
AegisLab 20190111
Alibaba 20180921
Antiy-AVL 20190111
Arcabit 20190111
Avast 20190111
Avast-Mobile 20190111
AVG 20190111
Avira (no cloud) 20190111
Babable 20180918
Baidu 20190111
BitDefender 20190111
Bkav 20190108
CAT-QuickHeal 20190111
ClamAV 20190111
CMC 20190110
Comodo 20190111
Cybereason 20190109
Cyren 20190111
DrWeb 20190111
Emsisoft 20190111
F-Prot 20190111
F-Secure 20190111
GData 20190111
Ikarus 20190111
Jiangmin 20190111
K7AntiVirus 20190111
K7GW 20190111
Kaspersky 20190111
Kingsoft 20190111
MAX 20190111
McAfee 20190111
McAfee-GW-Edition 20190111
eScan 20190111
NANO-Antivirus 20190111
Palo Alto Networks (Known Signatures) 20190111
Panda 20190111
SentinelOne (Static ML) 20181223
Sophos AV 20190111
SUPERAntiSpyware 20190109
TACHYON 20190111
Tencent 20190111
TheHacker 20190106
TotalDefense 20190111
Trapmine 20190103
TrendMicro 20190111
TrendMicro-HouseCall 20190111
Trustlook 20190111
VBA32 20190111
VIPRE 20190111
ViRobot 20190111
Webroot 20190111
Yandex 20190111
Zillya 20190110
ZoneAlarm by Check Point 20190111
Zoner 20190111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998-2015 VMware, Inc.FOriginalFilename

Product VMware WorkstationLProductVersion
Original name vmnetcfglib.dll
Internal name vmnetcfgh"LegalCopyright
File version 12.0.0 build-29855960InternalName
Description Virtual Network Editor ApplicationHFileVersion
Signature verification The digital signature of the object did not verify.
Signing date 5:56 PM 1/11/2019
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00261294
Number of sections 8
PE sections
Overlays
MD5 02f6d45434210a0bb4640fa525e53ec5
File type data
Offset 3471360
Size 7000
Entropy 7.32
PE imports
RegFlushKey
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_Replace
InitCommonControls
ImageList_SetDragCursorImage
ImageList_Read
ImageList_GetDragImage
ImageList_Create
ImageList_DragMove
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_DragShowNolock
ImageList_Remove
ImageList_EndDrag
ChooseColorA
ReplaceTextA
FindTextA
PolyPolyline
SetMapMode
GetWindowOrgEx
GetNearestColor
SetTextAlign
GetTextMetricsA
CombineRgn
GetViewportOrgEx
GetTextExtentPointA
SetPixel
IntersectClipRect
CopyEnhMetaFileA
CreatePalette
CreateDIBitmap
GetDIBits
GetEnhMetaFileBits
GetDCOrgEx
StretchBlt
Pie
SetWindowExtEx
Arc
SetViewportExtEx
ExtCreatePen
SetBkColor
SetWinMetaFileBits
GetBkColor
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
SetStretchBltMode
GetCurrentPositionEx
TextOutA
CreateFontIndirectA
LPtoDP
GetPixel
GetBrushOrgEx
ExcludeClipRect
SetBkMode
BitBlt
EnumFontFamiliesA
GetDeviceCaps
CreateBrushIndirect
SelectPalette
CreateEnhMetaFileA
ExtSelectClipRgn
CloseEnhMetaFile
SetROP2
SetDIBColorTable
SetPixelV
DeleteObject
CreatePenIndirect
PatBlt
CreatePen
GetClipBox
Rectangle
GetObjectA
LineTo
DeleteDC
GetEnhMetaFileDescriptionA
RealizePalette
SetEnhMetaFileBits
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
ExtTextOutA
UnrealizeObject
GdiFlush
SelectClipRgn
RoundRect
GetTextAlign
GetTextExtentPoint32A
GetWinMetaFileBits
GetEnhMetaFileHeader
GetPaletteEntries
SetWindowOrgEx
CreatePolygonRgn
Polygon
CreateHalftonePalette
GetBkMode
SaveDC
MaskBlt
GetEnhMetaFilePaletteEntries
RestoreDC
GetBitmapBits
GetBitmapDimensionEx
CreateDIBSection
SetTextColor
MoveToEx
SetViewportOrgEx
CreateCompatibleDC
SetBrushOrgEx
CreateRectRgn
SelectObject
CreateCompatibleBitmap
CreateSolidBrush
Polyline
CreateFontIndirectW
Ellipse
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
OpenFileMappingA
SetErrorMode
GetTempPathA
WideCharToMultiByte
InterlockedExchange
WriteFile
GetDiskFreeSpaceA
GetFullPathNameA
SetEvent
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
GetStringTypeExA
GlobalFindAtomA
HeapAlloc
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
FindNextChangeNotification
CreateMutexA
GetModuleHandleA
CreateThread
GetExitCodeThread
GlobalAddAtomA
MulDiv
ExitThread
GlobalMemoryStatus
FindCloseChangeNotification
GlobalAlloc
SearchPathA
SetEndOfFile
GetCurrentThreadId
GetProcAddress
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
GetDateFormatA
GetFileSize
OpenProcess
FindFirstChangeNotificationA
ReadProcessMemory
GetCPInfo
GetUserDefaultLCID
GetProcessHeap
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
InterlockedIncrement
ResetEvent
GetComputerNameA
FindNextFileA
WaitForMultipleObjects
GlobalLock
CreateEventA
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
GlobalDeleteAtom
VirtualAllocEx
GetSystemInfo
lstrlenA
GlobalFree
GetThreadLocale
GlobalUnlock
IsDBCSLeadByte
VirtualQuery
FileTimeToLocalFileTime
SizeofResource
VirtualFreeEx
GetCurrentProcessId
LockResource
GetCurrentDirectoryA
GetCommandLineA
RaiseException
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
FreeResource
VirtualFree
Sleep
IsBadReadPtr
FindResourceA
VirtualAlloc
CompareStringA
CreateStreamOnHGlobal
OleUninitialize
OleDraw
IsEqualGUID
OleInitialize
ProgIDFromCLSID
IsAccelerator
CoCreateInstance
CLSIDFromProgID
CoUninitialize
StringFromCLSID
CoGetClassObject
OleSetMenuDescriptor
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
SafeArrayCreate
GetActiveObject
VariantInit
CreateErrorInfo
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayUnaccessData
VariantCopyInd
SafeArrayDestroy
SafeArrayGetUBound
SysFreeString
VariantChangeType
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayCopy
SetErrorInfo
SysAllocStringLen
VariantClear
SysReAllocStringLen
VariantCopy
GetErrorInfo
SafeArrayPutElement
SHGetFileInfoA
ShellExecuteExA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA
RedrawWindow
GetMessagePos
SetWindowRgn
DestroyWindow
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
OemToCharBuffA
DispatchMessageA
EndPaint
ScrollWindowEx
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
CopyRect
DrawIcon
GetMessageTime
CopyImage
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
CharLowerBuffA
SetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
GetKeyboardState
ClientToScreen
GetTopWindow
ShowCursor
GetWindowTextW
EnumClipboardFormats
GetWindowTextLengthW
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
SetClassLongA
GetPropA
GetMenuState
CharToOemBuffA
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
ChildWindowFromPoint
IsCharAlphaA
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
InsertMenuItemA
CreatePopupMenu
GetIconInfo
LoadStringA
SetParent
SetClipboardData
GetSystemMetrics
IsZoomed
GetWindowPlacement
GetKeyboardLayoutList
DrawMenuBar
CharLowerA
IsWindow
IsIconic
RegisterClassA
GetDCEx
GetMenuItemCount
GetWindowLongA
SetTimer
OemToCharA
GetActiveWindow
ShowOwnedPopups
FillRect
EnumThreadWindows
CharNextA
GetSysColorBrush
CreateMenu
WindowFromDC
IsChild
IsDialogMessageA
SetFocus
MapVirtualKeyA
SetCapture
BeginPaint
OffsetRect
GetScrollPos
CopyIcon
KillTimer
ClipCursor
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
MapWindowPoints
IsCharAlphaNumericA
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
EnumChildWindows
GetScrollRange
SetWindowLongA
SetKeyboardState
RemovePropA
SetWindowTextA
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
CreateWindowExA
BringWindowToTop
ScreenToClient
GetClassLongA
InsertMenuA
FindWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
ValidateRect
GetKeyboardLayout
GetSystemMenu
GetDC
SetForegroundWindow
OpenClipboard
EmptyClipboard
DrawTextA
IntersectRect
GetScrollInfo
CreateIconIndirect
GetCapture
WaitMessage
FindWindowA
MessageBeep
GetCaretPos
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
MessageBoxIndirectA
MoveWindow
CallWindowProcA
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LoadKeyboardLayoutA
GetMenuItemRect
GetSysColor
SetScrollInfo
GetMenuItemInfoA
SystemParametersInfoA
GetDoubleClickTime
DestroyIcon
GetKeyNameTextA
IsWindowVisible
GetDesktopWindow
GetClipboardData
CharToOemA
SystemParametersInfoW
WinHelpA
UnionRect
FrameRect
SetRect
DeleteMenu
InvalidateRect
DefFrameProcA
CreateIcon
IsRectEmpty
GetCursor
GetFocus
CloseClipboard
GetKeyboardType
SetMenu
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_STRING 58
RT_BITMAP 52
RT_RCDATA 18
RT_GROUP_CURSOR 10
RT_CURSOR 10
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 127
ENGLISH US 12
ENGLISH NEUTRAL 7
RUSSIAN 2
PORTUGUESE BRAZILIAN 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
978944

ImageVersion
0.0

ProductName
VMware Workstation

FileVersionNumber
12.0.0.64202

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

OriginalFileName
vmnetcfglib.dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
12.0.0 build-2985596

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
vmnetcfg

ProductVersion
12.0.0 build-2985596

FileDescription
Virtual Network Editor Application

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 1998-2015 VMware, Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
VMware, Inc.

CodeSize
2491392

FileSubtype
0

ProductVersionNumber
12.0.0.64202

EntryPoint
0x261294

ObjectFileType
Executable application

File identification
MD5 6c3077491954582f951c6290438832a9
SHA1 85749b85bda9392ebec283f3c9e7574748332f38
SHA256 e19d906df2c4c655c8ba2a222779bb544897436f52203bc103379d4254f436ad
ssdeep
98304:g8CCn4nM+CmlG9Dhc7XmycDxivSU0WQWH7FVEBU:gpSeMHmlG9Dhc7XcN8SUb0U

authentihash bc4be8090876c29813c1fbdd4a667950bcfe2418f62085c0988c7511c2a65874
imphash 794f3c767d32f3a64589501efd27de21
File size 3.3 MB ( 3478360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (76.0%)
Win32 Executable Delphi generic (9.2%)
DOS Borland compiled Executable (generic) (6.5%)
Win32 Executable (generic) (2.9%)
Win16/32 Executable Delphi generic (1.3%)
Tags
peexe bobsoft overlay

VirusTotal metadata
First submission 2019-01-11 17:00:21 UTC ( 1 month, 1 week ago )
Last submission 2019-01-11 17:00:21 UTC ( 1 month, 1 week ago )
File names vmnetcfglib.dll
doc_10_01_2019_id90783654752.exe.1
doc-10-01-2019-id90783654752.exe";filename*=UTF-8''doc-10-01-2019-id90783654752.exe
vmnetcfgh"LegalCopyright
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections