× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e6414ece33b4b874d4a00b5b107470d4c1292769743dd879099c54faed8b95a4
File name: 1a18ddd8b3c3c0948f39e010461d12e5f381f3c4
Detection ratio: 36 / 65
Analysis date: 2017-09-29 21:31:30 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12418910 20170929
AegisLab Ml.Attribute.Gen!c 20170929
Arcabit Trojan.Generic.DBD7F5E 20170929
Avast Win32:Malware-gen 20170929
AVG Win32:Malware-gen 20170929
Avira (no cloud) TR/AD.PandaBanker.gafen 20170929
AVware Trojan.Win32.Generic!BT 20170929
BitDefender Trojan.GenericKD.12418910 20170929
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170929
Cyren W32/Trojan.NBYO-2120 20170929
DrWeb Trojan.PWS.Panda.11620 20170929
Emsisoft Trojan.GenericKD.12418910 (B) 20170929
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Spy.Zbot.ACZ 20170929
F-Secure Trojan.GenericKD.12418910 20170929
Fortinet W32/Injector.DQCO!tr 20170929
GData Trojan.GenericKD.12418910 20170929
Sophos ML heuristic 20170914
K7GW Spyware ( 00515d081 ) 20170929
Kaspersky Trojan.Win32.VBKryjetor.aouo 20170929
MAX malware (ai score=99) 20170929
McAfee RDN/Generic.bfr 20170929
McAfee-GW-Edition BehavesLike.Win32.Trojan.dh 20170929
eScan Trojan.GenericKD.12418910 20170929
Palo Alto Networks (Known Signatures) generic.ml 20170929
Panda Trj/GdSda.A 20170929
Rising Spyware.Zbot!8.16B (CLOUD) 20170929
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Generic-S 20170929
Symantec Trojan.Gen 20170929
Tencent Win32.Trojan.Vbkryjetor.Akyp 20170929
TrendMicro TROJ_GEN.R002C0WIT17 20170929
TrendMicro-HouseCall TROJ_GEN.R002C0WIT17 20170929
VIPRE Trojan.Win32.Generic!BT 20170929
ZoneAlarm by Check Point Trojan.Win32.VBKryjetor.aouo 20170929
AhnLab-V3 20170929
Alibaba 20170911
ALYac 20170929
Antiy-AVL 20170929
Avast-Mobile 20170929
Baidu 20170929
CAT-QuickHeal 20170929
ClamAV 20170929
CMC 20170928
Comodo 20170929
F-Prot 20170929
Ikarus 20170929
Jiangmin 20170929
K7AntiVirus 20170928
Kingsoft 20170929
Malwarebytes 20170929
Microsoft 20170929
NANO-Antivirus 20170929
nProtect 20170929
Qihoo-360 20170929
SUPERAntiSpyware 20170929
Symantec Mobile Insight 20170928
TheHacker 20170928
TotalDefense 20170929
Trustlook 20170929
VBA32 20170929
ViRobot 20170929
Webroot 20170929
WhiteArmor 20170927
Yandex 20170908
Zillya 20170929
Zoner 20170929
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Chauna
Original name Alloquy8.exe
Internal name Alloquy8
File version 9.08.0003
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-27 16:26:48
Entry Point 0x000012DC
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(546)
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaVarDup
_adj_fdivr_m64
_adj_fprem
Ord(661)
Ord(685)
_adj_fpatan
Ord(663)
EVENT_SINK_AddRef
Ord(693)
_adj_fdiv_m32i
Ord(540)
Ord(666)
Ord(647)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaStrMove
_adj_fdiv_r
Ord(100)
Ord(672)
__vbaFreeVar
Ord(547)
_CItan
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
_allmul
__vbaStrVarVal
_CIcos
Ord(595)
_adj_fptan
__vbaI2Var
Ord(610)
Ord(581)
__vbaObjSet
Ord(538)
Ord(613)
__vbaVarMove
_CIatan
Ord(608)
__vbaFreeStr
__vbaR8IntI4
_adj_fdivr_m32i
__vbaStrComp
_CIexp
__vbaStrI2
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
Ord(543)
__vbaFreeStrList
Ord(609)
Ord(598)
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
9.8

FileSubtype
0

FileVersionNumber
9.8.0.3

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x12dc

OriginalFileName
Alloquy8.exe

MIMEType
application/octet-stream

FileVersion
9.08.0003

TimeStamp
2017:09:27 17:26:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Alloquy8

ProductVersion
9.08.0003

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Itibiti Inc.

CodeSize
262144

ProductName
Chauna

ProductVersionNumber
9.8.0.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e1e710859fb79647f2fc4c335920fec5
SHA1 032792862dbdcac9ad737f7b19d66941f0191ad1
SHA256 e6414ece33b4b874d4a00b5b107470d4c1292769743dd879099c54faed8b95a4
ssdeep
3072:MDFTe7mAsZcwiqIbmFqrMLLqbIS9zcJTMXmW2+bX2tGGrlHtGlB+oTkD:wFiMuOEmFmMLWESW4me65rxtIDY

authentihash 9556885170f857c3b492f5abd3d7ef142e99ba2f034410b136a0c8c323d71574
imphash 45a42dc95bf4c6ace5d9a696f089956c
File size 272.0 KB ( 278528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-28 03:47:08 UTC ( 1 year, 4 months ago )
Last submission 2018-05-10 00:24:07 UTC ( 9 months, 1 week ago )
File names 1a18ddd8b3c3c0948f39e010461d12e5f381f3c4
Alloquy8
1sotuuzewecxoopiduqme_output2ED5DA0.exe
Alloquy8.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications