× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e37fb85043aaa9100382b320e83e5fe73a35c7a4b79dcdccde09053cb3c19178
File name: zbetcheckin_tracker_lisb.jpg
Detection ratio: 27 / 65
Analysis date: 2019-02-20 19:56:59 UTC ( 2 months, 4 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190220
Ad-Aware Gen:Variant.Mikey.94152 20190220
ALYac Gen:Variant.Mikey.94152 20190220
Arcabit Trojan.Mikey.D16FC8 20190220
Avast Win32:Trojan-gen 20190220
AVG Win32:Trojan-gen 20190220
BitDefender Gen:Variant.Mikey.94152 20190220
CrowdStrike Falcon (ML) win/malicious_confidence_90% (D) 20190211
Cylance Unsafe 20190220
DrWeb Trojan.PWS.Spy.21017 20190220
Emsisoft Gen:Variant.Mikey.94152 (B) 20190220
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GPLR 20190220
GData Gen:Variant.Mikey.94152 20190220
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0054754e1 ) 20190220
K7GW Trojan ( 0054754e1 ) 20190220
MAX malware (ai score=85) 20190220
McAfee GenericRXGZ-ZY!1C4CBAC44480 20190220
eScan Gen:Variant.Mikey.94152 20190220
NANO-Antivirus Trojan.Win32.Propagate.fnfalr 20190220
Panda Trj/GdSda.A 20190220
Qihoo-360 HEUR/QVM07.1.5C6F.Malware.Gen 20190220
Rising Trojan.GenKryptik!8.AA55/N3#88% (RDM+:cmRtazp7W4ZZEOGP10OmJcL94HNb) 20190220
SentinelOne (Static ML) static engine - malicious 20190203
Trapmine malicious.moderate.ml.score 20190123
VBA32 BScope.Trojan.NetWire 20190220
AegisLab 20190220
AhnLab-V3 20190220
Alibaba 20180921
Antiy-AVL 20190220
Avast-Mobile 20190220
Avira (no cloud) 20190220
Babable 20180917
Baidu 20190214
CAT-QuickHeal 20190220
ClamAV 20190220
CMC 20190220
Comodo 20190220
Cybereason 20190109
Cyren 20190220
eGambit 20190220
F-Secure 20190220
Fortinet 20190220
Ikarus 20190220
Jiangmin 20190220
Kaspersky 20190220
Kingsoft 20190220
Malwarebytes 20190220
McAfee-GW-Edition 20190220
Microsoft 20190220
Palo Alto Networks (Known Signatures) 20190220
Sophos AV 20190220
SUPERAntiSpyware 20190213
Symantec 20190220
Symantec Mobile Insight 20190220
TACHYON 20190220
Tencent 20190220
TheHacker 20190217
TotalDefense 20190220
Trustlook 20190220
ViRobot 20190220
Webroot 20190220
Yandex 20190219
ZoneAlarm by Check Point 20190220
Zoner 20190219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 11:19:52
Entry Point 0x0000A06B
Number of sections 6
PE sections
PE imports
CloseServiceHandle
RegCloseKey
OpenServiceA
CreateServiceA
RegSetValueExA
ControlService
StartServiceA
RegCreateKeyExA
DeleteService
RegOpenKeyExA
OpenSCManagerA
GetWindowExtEx
SetMapMode
SetBkMode
PatBlt
SaveDC
TextOutA
LPtoDP
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
SelectObject
DeleteObject
IntersectClipRect
BitBlt
SetTextColor
GetObjectA
CreateBitmap
RectVisible
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
GetTextExtentPointA
CreateCompatibleDC
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
GetTextColor
CreateSolidBrush
DPtoLP
Escape
GetViewportExtEx
GetBkColor
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
HeapDestroy
IsBadCodePtr
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GlobalFindAtomA
ExitProcess
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GetProcAddress
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
CompareStringA
DuplicateHandle
GlobalLock
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
SizeofResource
HeapCreate
VirtualFree
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
SysFreeString
SysAllocStringByteLen
Ord(253)
SetFocus
GetMessagePos
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GetWindowLongA
GrayStringA
CopyRect
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetWindowTextLengthA
CopyAcceleratorTableA
ClientToScreen
GetTopWindow
ExcludeUpdateRgn
GetActiveWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EnumWindows
ShowWindow
GetPropA
GetNextDlgGroupItem
ValidateRect
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
GetWindowPlacement
LoadStringW
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetSubMenu
CreateWindowExA
SetWindowContextHelpId
GetSysColorBrush
IsWindowUnicode
ReleaseDC
DestroyWindow
IsChild
IsDialogMessageA
MapWindowPoints
BeginPaint
OffsetRect
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
PostMessageA
DrawIcon
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
DrawFocusRect
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetSystemMenu
GetDC
SetForegroundWindow
PostThreadMessageA
DrawTextA
IntersectRect
EndDialog
HideCaret
CharNextA
GetCapture
MessageBeep
ShowCaret
AppendMenuA
UnhookWindowsHookEx
RegisterClipboardFormatA
MoveWindow
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
GetDesktopWindow
WinHelpA
SetRect
InvalidateRect
wsprintfA
DefDlgProcA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA
OleUninitialize
CLSIDFromString
OleInitialize
StgCreateDocfileOnILockBytes
OleFlushClipboard
CoGetClassObject
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CoTaskMemFree
CreateILockBytesOnHGlobal
CoTaskMemAlloc
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:12:06 12:19:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
139264

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
221184

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0xa06b

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 1c4cbac44480772670eb06ef45df48d0
SHA1 583fc932b4fc4646eb76de13b2ed6c14a15e199e
SHA256 e37fb85043aaa9100382b320e83e5fe73a35c7a4b79dcdccde09053cb3c19178
ssdeep
6144:qNfE2xGhgxIc2jT7z5Pktg63IWeI5Szuhy9A1+C9j:qN82xGIL2jTSIVuM9Yp

authentihash 0fcff7cd0aa3120f818e16cd9c89e3dcb1ebef45ed96f51ba82ace75fa2b54bb
imphash 67604d0130ea34b2604dd17a7979034e
File size 356.0 KB ( 364544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-20 19:56:59 UTC ( 2 months, 4 weeks ago )
Last submission 2019-02-24 01:59:17 UTC ( 2 months, 3 weeks ago )
File names 1c4cbac44480772670eb06ef45df48d0.virobj
zbetcheckin_tracker_lisb.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs