× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e4e6ec2634266dbc1d7f168abf343f4eca7434ea60cb11b71d073480b09345b3
File name: ZYKLON
Detection ratio: 21 / 59
Analysis date: 2017-06-15 12:04:34 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20170615
Avira (no cloud) TR/Dropper.VB.fsmem 20170615
Bkav HW32.Packed.47C9 20170615
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170420
Endgame malicious (moderate confidence) 20170614
Fortinet W32/Injector.DPFI!tr 20170615
Ikarus Win32.Outbreak 20170615
Sophos ML heuristic 20170607
Kaspersky Trojan.Win32.VBKryjetor.amko 20170615
McAfee Artemis!2337667916B5 20170615
McAfee-GW-Edition BehavesLike.Win32.Sality.rc 20170615
Palo Alto Networks (Known Signatures) generic.ml 20170615
Panda Trj/Agent.CRR 20170614
Qihoo-360 HEUR/QVM03.0.D6CB.Malware.Gen 20170615
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Mal/FareitVB-M 20170615
Symantec Trojan.Klonzyrat 20170615
Tencent Win32.Trojan.Inject.Auto 20170615
ViRobot Trojan.Win32.Agent.4980736.A[h] 20170615
Webroot W32.Trojan.Gen 20170615
ZoneAlarm by Check Point Trojan.Win32.VBKryjetor.amko 20170615
Ad-Aware 20170615
AhnLab-V3 20170615
Alibaba 20170615
ALYac 20170615
Arcabit 20170615
Avast 20170615
AVG 20170615
AVware 20170615
Baidu 20170615
BitDefender 20170615
CAT-QuickHeal 20170615
ClamAV 20170615
CMC 20170615
Comodo 20170615
Cyren 20170615
DrWeb 20170615
Emsisoft 20170615
ESET-NOD32 20170615
F-Prot 20170615
F-Secure 20170615
GData 20170615
Jiangmin 20170615
K7AntiVirus 20170615
K7GW 20170615
Kingsoft 20170615
Malwarebytes 20170615
Microsoft 20170615
eScan 20170615
NANO-Antivirus 20170615
nProtect 20170615
Rising 20170615
SUPERAntiSpyware 20170615
Symantec Mobile Insight 20170614
TheHacker 20170615
TrendMicro-HouseCall 20170615
Trustlook 20170615
VBA32 20170615
VIPRE 20170615
WhiteArmor 20170614
Yandex 20170614
Zillya 20170614
Zoner 20170615
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

Product Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus
Original name Plidelige.exe
Internal name Plidelige
File version 1.00
Description Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus
Comments Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-14 22:38:33
Entry Point 0x00001094
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(681)
__vbaExceptHandler
Ord(521)
Ord(100)
Ord(695)
DllFunctionCall
Ord(661)
EVENT_SINK_Release
EVENT_SINK_AddRef
Ord(609)
Ord(598)
MethCallEngine
Ord(581)
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
LegalTrademarks
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

SubsystemVersion
4.0

Comments
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x0000

FileDescription
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

CharacterSet
Unicode

InitializedDataSize
24576

EntryPoint
0x1094

OriginalFileName
Plidelige.exe

MIMEType
application/octet-stream

LegalCopyright
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

FileVersion
1.0

TimeStamp
2017:06:14 23:38:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Plidelige

ProductVersion
1.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Popstar

CodeSize
4972544

ProductName
Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus Acus

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 2337667916b576561f1ecd3fed5f838f
SHA1 e67015f79c953da6d177d1ce484303b97b86d13a
SHA256 e4e6ec2634266dbc1d7f168abf343f4eca7434ea60cb11b71d073480b09345b3
ssdeep
98304:SFprQPMsKdJfVB/6ZYE+3bz+150zQJgF9XrL5MVQMZbcKfVcXTUb/f:SFprQknDf3rE23+150zhF9XrFMVJZgKh

authentihash d68e0630c8190a73d102088b5c0d03abedbacf4078101e4695517d26abb6cd0c
imphash 2f3608e9d983363c6ebcf6d7416b1d72
File size 4.8 MB ( 4980736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2017-06-15 00:58:42 UTC ( 1 year, 8 months ago )
Last submission 2017-06-19 17:31:21 UTC ( 1 year, 8 months ago )
File names Plidelige
troll.jpg.exe
Plidelige.exe
troll.jpg
24871.exe
ZYKLON
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications