× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e44854495b59108997d56a597461ccb504bdf6333a21ddb43ecc27ddef2049b2
File name: sakabin.exe
Detection ratio: 18 / 69
Analysis date: 2019-04-17 09:12:09 UTC ( 1 month ago ) View latest
Antivirus Result Update
Acronis suspicious 20190415
AVG FileRepMalware 20190417
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cylance Unsafe 20190417
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win32/Kryptik.GSEL 20190417
FireEye Generic.mg.23de717949e0f10a 20190417
GData Win32.Trojan-Stealer.FormBook.00W682 20190417
Ikarus Win32.Outbreak 20190416
Sophos ML heuristic 20190313
K7GW Trojan ( 0054c2a81 ) 20190417
McAfee Artemis!23DE717949E0 20190417
McAfee-GW-Edition BehavesLike.Win32.Dropper.hh 20190416
Microsoft PUA:Win32/Puwaders.B!ml 20190417
Palo Alto Networks (Known Signatures) generic.ml 20190417
Qihoo-360 HEUR/QVM07.1.94EF.Malware.Gen 20190417
SentinelOne (Static ML) DFI - Suspicious PE 20190407
Trapmine malicious.high.ml.score 20190325
Ad-Aware 20190417
AegisLab 20190417
AhnLab-V3 20190417
Alibaba 20190402
Antiy-AVL 20190417
Arcabit 20190417
Avast 20190417
Avast-Mobile 20190415
Avira (no cloud) 20190417
Babable 20180918
Baidu 20190318
BitDefender 20190417
Bkav 20190416
CAT-QuickHeal 20190416
ClamAV 20190416
CMC 20190321
Comodo 20190417
Cybereason 20190403
Cyren 20190417
DrWeb 20190417
eGambit 20190417
Emsisoft 20190417
F-Prot 20190417
F-Secure 20190416
Fortinet 20190417
Jiangmin 20190417
K7AntiVirus 20190417
Kaspersky 20190417
Kingsoft 20190417
Malwarebytes 20190417
MAX 20190417
eScan 20190417
NANO-Antivirus 20190417
Panda 20190416
Rising 20190417
Sophos AV 20190417
SUPERAntiSpyware 20190410
Symantec Mobile Insight 20190410
TACHYON 20190417
Tencent 20190417
TheHacker 20190411
TotalDefense 20190416
TrendMicro 20190417
TrendMicro-HouseCall 20190417
Trustlook 20190417
VBA32 20190416
VIPRE 20190413
ViRobot 20190417
Yandex 20190416
Zillya 20190416
ZoneAlarm by Check Point 20190417
Zoner 20190417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2001

Product DictionaryEditor Application
Original name DictionaryEditor.EXE
Internal name DictionaryEditor
File version 1, 0, 0, 1
Description DictionaryEditor MFC Application
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-29 07:25:35
Entry Point 0x00009F70
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegSetValueExA
RegQueryValueA
RegQueryValueExA
RegSetValueA
RegOpenKeyExA
RegDeleteValueA
GetFileSecurityA
RegCreateKeyExA
SetFileSecurityA
RegEnumKeyA
RegCreateKeyA
Ord(17)
ImageList_Destroy
SetMapMode
PatBlt
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
CreateRectRgnIndirect
CombineRgn
GetClipBox
GetDeviceCaps
ExcludeClipRect
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
SelectObject
IntersectClipRect
BitBlt
GetCharWidthA
SetTextColor
CreatePatternBrush
GetObjectA
CreateFontA
CreateBitmap
RectVisible
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
GetTextExtentPointA
SetTextAlign
SelectClipRgn
CreateCompatibleDC
StretchDIBits
ScaleViewportExtEx
CreateRectRgn
DeleteObject
GetTextExtentPoint32A
CreateCompatibleBitmap
SetWindowExtEx
CreateSolidBrush
Escape
SetBkColor
SetViewportExtEx
SetRectRgn
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
HeapDestroy
IsBadCodePtr
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
MoveFileA
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
GetStringTypeExA
SetLastError
GlobalFindAtomA
HeapAlloc
GetModuleFileNameA
GetVolumeInformationA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GetPrivateProfileIntA
DeleteFileA
GetProcAddress
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
GetDiskFreeSpaceA
GetProfileStringA
CompareStringA
GetTempFileNameA
DuplicateHandle
GlobalLock
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
GetShortPathNameA
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
SizeofResource
WideCharToMultiByte
HeapCreate
lstrcpyA
VirtualFree
Sleep
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
SHGetFileInfoA
DragAcceptFiles
ExtractIconA
DragFinish
DragQueryFileA
MapWindowPoints
GetMessagePos
SetMenuItemBitmaps
MoveWindow
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GetWindowLongA
GrayStringA
WindowFromPoint
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
CreateWindowExA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
LoadAcceleratorsA
GetWindowTextLengthA
ClientToScreen
GetTopWindow
LockWindowUpdate
GetMenuStringA
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
ShowWindow
GetPropA
GetDesktopWindow
EnableWindow
ExcludeUpdateRgn
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
SetParent
IsZoomed
GetWindowPlacement
EnableMenuItem
InvertRect
TabbedTextOutA
GetSubMenu
GetDCEx
GetActiveWindow
ShowOwnedPopups
FillRect
CopyRect
DeferWindowPos
IsWindowUnicode
DestroyWindow
IsChild
IsDialogMessageA
SetFocus
SetCapture
BeginPaint
OffsetRect
KillTimer
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
RegisterClassA
PostMessageA
ReleaseCapture
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
DrawFocusRect
GetLastActivePopup
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ScreenToClient
GetClassLongA
InsertMenuA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetSystemMenu
ReuseDDElParam
GetDC
SetForegroundWindow
ReleaseDC
IntersectRect
EndDialog
LoadMenuA
HideCaret
CharNextA
GetCapture
ShowCaret
GetSysColorBrush
BeginDeferWindowPos
AppendMenuA
SetMenu
UnregisterClassA
SetRectEmpty
CallWindowProcA
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
IsWindowVisible
UnpackDDElParam
WinHelpA
SetRect
DeleteMenu
InvalidateRect
wsprintfA
TranslateAcceleratorA
DefDlgProcA
ValidateRect
IsRectEmpty
GetClassNameA
GetFocus
ModifyMenuA
UnhookWindowsHookEx
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA
Number of PE resources by type
RT_STRING 25
RT_BITMAP 5
RT_ICON 4
RT_DIALOG 3
RT_CURSOR 2
RT_GROUP_ICON 2
RT_GROUP_CURSOR 1
Struct(241) 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 26
ENGLISH UK 20
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
122880

ImageVersion
0.0

ProductName
DictionaryEditor Application

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
DictionaryEditor.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 1

TimeStamp
2017:08:29 09:25:35+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
DictionaryEditor

ProductVersion
1, 0, 0, 1

FileDescription
DictionaryEditor MFC Application

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright (C) 2001

MachineType
Intel 386 or later, and compatibles

CodeSize
217088

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x9f70

ObjectFileType
Executable application

File identification
MD5 23de717949e0f10a22f6eccd57eae027
SHA1 20e0d05dc3ec171d34d7edb82293df763ebb19fc
SHA256 e44854495b59108997d56a597461ccb504bdf6333a21ddb43ecc27ddef2049b2
ssdeep
12288:uzCwbBs3QuLVFmHv6Iw49j1IiPzSRaSaS6Hwyj:uzCuBs3QhJ+Mr

authentihash b4e212413030ce6881257fae34f59736c4c1b348d8a84a3657d334eaf9eb8bbf
imphash a2570c2ff356db6ab2abed16524ce9e8
File size 548.0 KB ( 561152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.8%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2019-04-16 20:08:37 UTC ( 1 month ago )
Last submission 2019-04-22 10:45:24 UTC ( 3 weeks, 6 days ago )
File names e44854495b59108997d56a597461ccb504bdf6333a21ddb43ecc27ddef2049b2.bin
DictionaryEditor.EXE
sakabin.exe
DictionaryEditor
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Code injections in the following processes
Runtime DLLs