× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e615e4c9c2829c025f4a8ca9d95660542cc8363d19185b7a427cfd4f21e189bb
File name: pryc2.tkn
Detection ratio: 6 / 69
Analysis date: 2018-12-05 12:28:47 UTC ( 4 months, 2 weeks ago ) View latest
Antivirus Result Update
Cylance Unsafe 20181205
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Rising Malware.Heuristic!ET#96% (RDM+:cmRtazrO7/TEdmsS8t+PrzUGy8C7) 20181205
Trapmine suspicious.low.ml.score 20181128
Webroot W32.Trojan.Gen 20181205
Ad-Aware 20181205
AegisLab 20181205
AhnLab-V3 20181205
Alibaba 20180921
ALYac 20181205
Antiy-AVL 20181205
Arcabit 20181205
Avast 20181205
Avast-Mobile 20181205
AVG 20181205
Avira (no cloud) 20181205
Babable 20180918
Baidu 20181205
BitDefender 20181205
Bkav 20181203
CAT-QuickHeal 20181205
ClamAV 20181203
CMC 20181204
Comodo 20181205
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cyren 20181205
DrWeb 20181205
eGambit 20181205
Emsisoft 20181205
ESET-NOD32 20181205
F-Prot 20181205
F-Secure 20181205
Fortinet 20181205
GData 20181205
Ikarus 20181204
Jiangmin 20181205
K7AntiVirus 20181205
K7GW 20181205
Kaspersky 20181204
Kingsoft 20181205
Malwarebytes 20181205
MAX 20181205
McAfee 20181205
McAfee-GW-Edition 20181205
Microsoft 20181205
eScan 20181205
NANO-Antivirus 20181205
Palo Alto Networks (Known Signatures) 20181205
Panda 20181204
Qihoo-360 20181205
SentinelOne (Static ML) 20181011
Sophos AV 20181205
SUPERAntiSpyware 20181205
Symantec 20181205
Symantec Mobile Insight 20181204
TACHYON 20181205
Tencent 20181205
TheHacker 20181202
TrendMicro 20181205
TrendMicro-HouseCall 20181205
Trustlook 20181205
VBA32 20181205
VIPRE 20181205
ViRobot 20181205
Yandex 20181204
Zillya 20181204
ZoneAlarm by Check Point 20181205
Zoner 20181205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2004 Contact At Once! Thing. All rights reserved.

Product Crosswhy
Original name similarhole.exe
Internal name Crosswhy
File version 10.4.33.74
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-05 11:21:14
Entry Point 0x00002615
Number of sections 4
PE sections
PE imports
ImageList_DragMove
ImageList_ReplaceIcon
ImageList_DragShowNolock
GetOpenFileNameA
ReplaceTextA
GetSaveFileNameA
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
TextOutA
Escape
SetViewportExtEx
GetLastError
GetEnvironmentVariableA
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
VirtualProtect
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
GetCurrentDirectoryA
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
EncodePointer
GetProcessHeap
SetStdHandle
GetFileTime
RaiseException
GetCPInfo
TlsFree
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetSystemDirectoryA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
WideCharToMultiByte
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
GetEnvironmentStringsW
TlsGetValue
Sleep
SetLastError
TlsSetValue
HeapAlloc
GetCurrentThreadId
WriteConsoleW
LeaveCriticalSection
SetFocus
GetMessageA
EmptyClipboard
IntersectRect
BeginPaint
GetClassInfoExA
DestroyMenu
CheckMenuRadioItem
MapWindowPoints
GetSystemMetrics
AppendMenuA
InflateRect
PostMessageA
DrawIcon
CallWindowProcA
IsWindowEnabled
RegisterClassExA
EndDeferWindowPos
InvalidateRect
GetWindowTextLengthA
ValidateRect
DispatchMessageA
LoadImageA
GetClassNameA
GetFocus
GetCursorPos
ExitWindowsEx
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.4.33.74

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
97792

EntryPoint
0x2615

OriginalFileName
similarhole.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2004 Contact At Once! Thing. All rights reserved.

FileVersion
10.4.33.74

TimeStamp
2015:12:05 12:21:14+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Crosswhy

ProductVersion
10.4.33.74

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Contact At Once! Thing

CodeSize
222208

ProductName
Crosswhy

ProductVersionNumber
10.4.33.74

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c01dd82bde54b4a3b4617c691e4bae5f
SHA1 e52484d47611c0cdf4f81dca9693d648f235cc32
SHA256 e615e4c9c2829c025f4a8ca9d95660542cc8363d19185b7a427cfd4f21e189bb
ssdeep
6144:wvjx9KYNo0F3YZVF1E64mEKnuMjv/bVsHUCNpVdto:wvjxgYNoEGVFcZMfG0Gp/t

authentihash 9af1c7be2318aae4dd86477b3d6ea1579e24147c9ff0ff6ed377ada369a364db
imphash 7b3f6a3ca60f6d74b6abc175d2732842
File size 252.0 KB ( 258048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-05 12:28:47 UTC ( 4 months, 2 weeks ago )
Last submission 2018-12-05 12:28:47 UTC ( 4 months, 2 weeks ago )
File names pryc2.tkn
similarhole.exe
Crosswhy
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!