× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e3a2d9d8eef268fafbeaeaf36b05c94ce9a4cf725c77dcf49d8c42d0fe012014
File name: sh.exe
Detection ratio: 14 / 65
Analysis date: 2019-02-20 11:16:24 UTC ( 3 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190219
AhnLab-V3 Trojan/Win32.Injector.C3025400 20190220
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181023
Cylance Unsafe 20190220
eGambit Unsafe.AI_Score_89% 20190220
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Injector.EDSE 20190220
Kaspersky UDS:DangerousObject.Multi.Generic 20190220
Microsoft Trojan:Win32/Fuery.B!cl 20190220
Palo Alto Networks (Known Signatures) generic.ml 20190220
Panda Trj/GdSda.A 20190219
Qihoo-360 HEUR/QVM03.0.5A5A.Malware.Gen 20190220
Trapmine malicious.moderate.ml.score 20190123
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190220
Ad-Aware 20190220
AegisLab 20190220
Alibaba 20180921
ALYac 20190219
Antiy-AVL 20190220
Arcabit 20190220
Avast 20190220
Avast-Mobile 20190220
AVG 20190220
Avira (no cloud) 20190219
Babable 20180917
Baidu 20190214
BitDefender 20190219
CAT-QuickHeal 20190219
ClamAV 20190219
CMC 20190220
Comodo 20190219
Cybereason 20190109
Cyren 20190219
DrWeb 20190220
Emsisoft 20190220
F-Secure 20190220
Fortinet 20190219
GData 20190220
Ikarus 20190220
Sophos ML 20181128
Jiangmin 20190220
K7AntiVirus 20190220
K7GW 20190219
Kingsoft 20190220
Malwarebytes 20190219
MAX 20190220
McAfee 20190220
McAfee-GW-Edition 20190219
eScan 20190219
NANO-Antivirus 20190220
Rising 20190220
SentinelOne (Static ML) 20190203
Sophos AV 20190220
SUPERAntiSpyware 20190213
Symantec 20190219
Symantec Mobile Insight 20190206
TACHYON 20190220
Tencent 20190220
TheHacker 20190217
TotalDefense 20190219
Trustlook 20190220
VBA32 20190220
ViRobot 20190220
Webroot 20190220
Yandex 20190219
Zoner 20190219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Antitryptic

Product SSTERLIGT
Original name Spaltemenu3.exe
Internal name Spaltemenu3
File version 1.07.0009
Description REPOLARIZATION
Comments Assembly8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-19 22:01:41
Entry Point 0x00001384
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
_allmul
_adj_fprem
Ord(709)
__vbaObjVar
Ord(693)
_adj_fdiv_r
Ord(100)
__vbaHresultCheckObj
__vbaI2Var
_CIlog
Ord(616)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
__vbaI4Var
__vbaFreeStr
__vbaLateIdCallLd
__vbaStrI2
__vbaFreeStrList
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(648)
Ord(594)
__vbaStrToUnicode
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaFreeVar
__vbaBoolVarNull
__vbaFileOpen
Ord(571)
Ord(696)
Ord(606)
EVENT_SINK_Release
__vbaVarTstEq
Ord(593)
__vbaVarLateMemCallLdRf
_adj_fdivr_m32i
__vbaStrCat
__vbaChkstk
__vbaErase
__vbaVarLateMemSt
__vbaVarForNext
__vbaFreeVarList
Ord(618)
__vbaExitProc
__vbaAryConstruct2
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
__vbaVarTstGt
_CIcos
Ord(628)
__vbaVarMove
__vbaFPInt
__vbaStrUI1
__vbaNew2
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
Ord(535)
Ord(685)
__vbaOnError
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarForInit
__vbaStrCopy
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaVarCopy
_CIatan
__vbaLateMemCall
__vbaObjSet
_CIexp
__vbaStrToAnsi
_CItan
Ord(598)
__vbaFpI2
Number of PE resources by type
RT_ICON 4
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
CodeSize
827392

SubsystemVersion
4.0

Comments
Assembly8

InitializedDataSize
28672

ImageVersion
1.7

ProductName
SSTERLIGT

FileVersionNumber
1.7.0.9

UninitializedDataSize
0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Spaltemenu3.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.07.0009

TimeStamp
2019:02:19 23:01:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Spaltemenu3

ProductVersion
1.07.0009

FileDescription
REPOLARIZATION

OSVersion
4.0

FileOS
Win32

LegalCopyright
Antitryptic

MachineType
Intel 386 or later, and compatibles

LegalTrademarks
seismo

FileSubtype
0

ProductVersionNumber
1.7.0.9

EntryPoint
0x1384

ObjectFileType
Executable application

File identification
MD5 d42cb82f651b95a04c829c711cb57ae5
SHA1 077ab110dd53eefdc25b7c6886765f53c55b266d
SHA256 e3a2d9d8eef268fafbeaeaf36b05c94ce9a4cf725c77dcf49d8c42d0fe012014
ssdeep
12288:njxSGGGGGjMbrbuCtYGcGpfEbasc+FLcHNBbrpyZG7TcUCFoaqufps6zlu:nFMzZtYGcGdEb9c+d2brpW+crF+uS6

authentihash ea273fdb2c5cddfdb2bf1c783a8ba034cf0aece74aa3a5e61ceb8d8ad928fadf
imphash 811e03b8e99f6cc2c5f7e56e00c90fde
File size 824.0 KB ( 843776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-20 11:16:24 UTC ( 3 months ago )
Last submission 2019-02-21 20:46:56 UTC ( 3 months ago )
File names e3a2d9d8eef268fafbeaeaf36b05c94ce9a4cf725c77dcf49d8c42d0fe012014.exe
Spaltemenu3.exe
sh.exe
Spaltemenu3
sh.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!