× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e24b5ca9ad9eb806e0ba59faae2ed14c47491b5731acf7e6d10315d37bac5e28
File name: mr.jpg
Detection ratio: 30 / 69
Analysis date: 2019-02-08 13:31:32 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.460645 20190208
ALYac Gen:Variant.Razy.460645 20190208
Arcabit Trojan.Razy.D70765 20190208
Avast Win32:Malware-gen 20190208
AVG Win32:Malware-gen 20190208
BitDefender Gen:Variant.Razy.460645 20190208
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181023
Cylance Unsafe 20190208
Cyren W32/Fareit.HR.gen!Eldorado 20190208
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.EDKJ 20190208
F-Prot W32/Fareit.HR.gen!Eldorado 20190208
Fortinet W32/Injector.EDKB!tr 20190208
GData Gen:Variant.Razy.460645 20190208
Ikarus Trojan.Crypt.Malcert 20190208
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0054726f1 ) 20190208
K7GW Trojan ( 0054726f1 ) 20190208
Kaspersky Trojan-Spy.Win32.Noon.zni 20190208
MAX malware (ai score=86) 20190208
McAfee Fareit-FNR!E70D5994C9B8 20190208
Microsoft Trojan:Win32/Emelent.E!cl 20190208
eScan Gen:Variant.Razy.460645 20190208
Qihoo-360 HEUR/QVM03.0.1757.Malware.Gen 20190208
Rising Trojan.Injector!1.B459 (CLASSIC) 20190208
SentinelOne (Static ML) static engine - malicious 20190203
Symantec Downloader.Ponik 20190208
Trapmine malicious.moderate.ml.score 20190123
TrendMicro-HouseCall TROJ_GEN.R020C0OB719 20190208
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.zni 20190208
Acronis 20190208
AegisLab 20190208
AhnLab-V3 20190208
Alibaba 20180921
Antiy-AVL 20190208
Avast-Mobile 20190208
Avira (no cloud) 20190208
Babable 20180918
Baidu 20190202
Bkav 20190201
CAT-QuickHeal 20190208
ClamAV 20190208
CMC 20190208
Comodo 20190208
Cybereason 20190109
DrWeb 20190208
eGambit 20190208
Emsisoft 20190208
F-Secure 20190208
Jiangmin 20190208
Kingsoft 20190208
Malwarebytes 20190208
McAfee-GW-Edition 20190208
NANO-Antivirus 20190208
Palo Alto Networks (Known Signatures) 20190208
Panda 20190208
Sophos AV 20190208
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190207
TACHYON 20190208
Tencent 20190208
TheHacker 20190203
Trustlook 20190208
VBA32 20190208
VIPRE 20190208
ViRobot 20190208
Webroot 20190208
Yandex 20190208
Zillya 20190208
Zoner 20190208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
euonymus

Product drapdeberry
Original name Tavish7.exe
Internal name Tavish7
File version 1.02.0009
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 1:23 PM 3/5/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-11-05 14:22:18
Entry Point 0x00001094
Number of sections 3
PE sections
Overlays
MD5 bda6ca1a2eb3325d0836b4390735e0d8
File type data
Offset 614400
Size 3896
Entropy 7.63
PE imports
EVENT_SINK_QueryInterface
__vbaExceptHandler
Ord(100)
MethCallEngine
DllFunctionCall
Ord(573)
ProcCallEngine
Ord(617)
Ord(596)
Ord(575)
EVENT_SINK_Release
EVENT_SINK_AddRef
Ord(650)
Ord(693)
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
565248

SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
1.2

FileSubtype
0

FileVersionNumber
1.2.0.9

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
49152

EntryPoint
0x1094

OriginalFileName
Tavish7.exe

MIMEType
application/octet-stream

LegalCopyright
euonymus

FileVersion
1.02.0009

TimeStamp
2006:11:05 06:22:18-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
Tavish7

ProductVersion
1.02.0009

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

LegalTrademarks
GAWISH

ProductName
drapdeberry

ProductVersionNumber
1.2.0.9

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e70d5994c9b8ff4d772f74f459b3e07d
SHA1 8d5031fe4fa0f81894fda192e83571d57bd86afc
SHA256 e24b5ca9ad9eb806e0ba59faae2ed14c47491b5731acf7e6d10315d37bac5e28
ssdeep
12288:F2FazoYFuAoSSVEFWlrRf0BsiJakuuuxdwnuRWxcnIKjl1+aLl:BF5oS2HRf0BpJaktuxdwnuRhIKjlUE

authentihash 2ff534855c6d7bc42d3c63e728c581ce0db388a3bbe364e1e8341c49f4c6fdbc
imphash aacebdb5462c60c2c21e020410d28208
File size 603.8 KB ( 618296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-02-08 13:31:32 UTC ( 3 months, 1 week ago )
Last submission 2019-02-15 10:19:24 UTC ( 3 months ago )
File names mr.jpg
Tavish7.exe
e24b5ca9ad9eb806e0ba59faae2ed14c47491b5731acf7e6d10315d37bac5e28.exe
Tavish7
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.