× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e337532ca1cdca0aabe5436c1cf17bd36e6f4b3f143f4f397eaa25b9e719aa3e
File name: _groupshedule.exe
Detection ratio: 15 / 67
Analysis date: 2017-11-29 16:25:19 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20171129
AVG FileRepMalware 20171129
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171129
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171129
Endgame malicious (high confidence) 20171024
Fortinet W32/Kryptik.FZTF!tr 20171129
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171129
McAfee-GW-Edition BehavesLike.Win32.Virut.ch 20171129
Qihoo-360 HEUR/QVM20.1.8381.Malware.Gen 20171129
SentinelOne (Static ML) static engine - malicious 20171113
Symantec Trojan.Emotet 20171129
Webroot W32.Trojan.Emotet 20171129
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171129
Ad-Aware 20171129
AegisLab 20171129
AhnLab-V3 20171129
Alibaba 20171129
ALYac 20171129
Antiy-AVL 20171129
Arcabit 20171129
Avast-Mobile 20171129
Avira (no cloud) 20171129
AVware 20171129
BitDefender 20171129
Bkav 20171129
CAT-QuickHeal 20171129
ClamAV 20171129
CMC 20171126
Comodo 20171129
Cybereason 20171103
Cyren 20171129
DrWeb 20171129
eGambit 20171129
Emsisoft 20171129
ESET-NOD32 20171129
F-Prot 20171129
F-Secure 20171129
GData 20171129
Ikarus 20171129
Jiangmin 20171129
K7AntiVirus 20171129
K7GW 20171129
Kingsoft 20171129
Malwarebytes 20171129
MAX 20171129
McAfee 20171129
Microsoft 20171129
eScan 20171129
NANO-Antivirus 20171129
nProtect 20171129
Palo Alto Networks (Known Signatures) 20171129
Panda 20171129
Rising 20171129
Sophos AV 20171129
SUPERAntiSpyware 20171129
Symantec Mobile Insight 20171129
Tencent 20171129
TheHacker 20171126
TrendMicro 20171129
TrendMicro-HouseCall 20171129
Trustlook 20171129
VBA32 20171129
VIPRE 20171129
ViRobot 20171129
WhiteArmor 20171104
Yandex 20171120
Zillya 20171129
Zoner 20171129
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Config JB C

Product Config Toolzz JB
Original name config
Internal name jb
File version 6.1.7600.
Description JB
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-29 23:02:35
Entry Point 0x00001910
Number of sections 7
PE sections
PE imports
DeregisterEventSource
CM_Get_First_Log_Conf
GetTickCount64
GetSystemTime
GetLastError
CreateThread
WaitForSingleObject
lstrlenA
lstrcmpA
ContinueDebugEvent
OpenMutexA
GetSystemDefaultLCID
Sleep
CloseHandle
GetCurrentThreadId
DsMakePasswordCredentialsW
VarI4FromUI1
SysFreeString
SysAllocString
SetupDiGetClassDevPropertySheetsW
wsprintfA
GetSystemMetrics
CountClipboardFormats
AnyPopup
CharNextA
GetFocus
AddMonitorA
IsValidURL
Number of PE resources by type
RT_DIALOG 15
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ITALIAN 18
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.11

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.0.0

LanguageCode
Italian

FileFlagsMask
0x003f

FileDescription
JB

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
110592

EntryPoint
0x1910

OriginalFileName
config

MIMEType
application/octet-stream

LegalCopyright
Config JB C

FileVersion
6.1.7600.

TimeStamp
2017:11:30 00:02:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
jb

ProductVersion
6.1.7600.

SubsystemVersion
4.1

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Config Toolzz

CodeSize
0

ProductName
Config Toolzz JB

ProductVersionNumber
1.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 08dac501e5f6146cfc32d76ac9a08baa
SHA1 e6d76f38331353efe26cd3a31efcc28577342f25
SHA256 e337532ca1cdca0aabe5436c1cf17bd36e6f4b3f143f4f397eaa25b9e719aa3e
ssdeep
1536:/uVeiAXRVwPP9FLyEnuLt4FDItSDryx5wy4vHifkYK+aOYfhTM1wz4wr2vGqzt:/uEZXRVwH9FTl0SD+TwRvCfsKYp4Gn8

authentihash 75aaf44692eee39fa4707ed90081e73a0e94567705316dceba3323eeb92aeb8f
imphash 36d1e304a38c23122a8bfcabf9d03444
File size 120.0 KB ( 122880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-29 14:05:51 UTC ( 10 months, 3 weeks ago )
Last submission 2018-05-08 03:58:16 UTC ( 5 months, 2 weeks ago )
File names _groupshedule.exe
systemdefrag.exe
As7buhatrlHXA7.exe
bld.exe
asl.exe
36693136.exe
cm.exe
qj.exe
cardsvc.exe
config
31188072.exe
jb
11_groupshedule.ex_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!