× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e67b11b034329e738255894d5b75f0e94cc3be882278e1ecd57757557819bf52
File name: .
Detection ratio: 29 / 70
Analysis date: 2019-01-20 18:25:28 UTC ( 1 month, 4 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.DNVH 20190120
AhnLab-V3 Trojan/Win32.Emotet.C2926648 20190120
Antiy-AVL Trojan[Banker]/Win32.IcedID 20190120
Arcabit Trojan.Agent.DNVH 20190120
Avast Win32:Trojan-gen 20190120
AVG Win32:Trojan-gen 20190120
BitDefender Trojan.Agent.DNVH 20190120
Cylance Unsafe 20190120
DrWeb Trojan.Inject3.12194 20190120
Emsisoft Trojan.Agent.DNVH (B) 20190120
ESET-NOD32 a variant of Win32/Kryptik.GORQ 20190120
F-Secure Trojan.Agent.DNVH 20190120
Fortinet W32/Generic.AP.2605AC!tr 20190120
GData Trojan.Agent.DNVH 20190120
Ikarus Trojan-Banker.IcedID 20190120
Kaspersky HEUR:Trojan.Win32.Generic 20190120
Malwarebytes Trojan.Banker 20190120
MAX malware (ai score=87) 20190120
McAfee GenericRXGU-VN!ED54831E84A7 20190120
McAfee-GW-Edition GenericRXGU-VN!ED54831E84A7 20190120
Microsoft Trojan:Win32/Emotet.SK 20190120
eScan Trojan.Agent.DNVH 20190120
NANO-Antivirus Trojan.Win32.Inject3.fmdpjt 20190120
Panda Trj/GdSda.A 20190120
Qihoo-360 HEUR/QVM10.1.ADA7.Malware.Gen 20190120
Rising Trojan.GenKryptik!8.AA55 (RDM+:cmRtazqd27jUdGP7moKOJgQWyipA) 20190120
Symantec ML.Attribute.HighConfidence 20190119
Webroot W32.Trojan.Gen 20190120
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190120
Acronis 20190119
AegisLab 20190120
Alibaba 20180921
Avast-Mobile 20190117
Avira (no cloud) 20190120
AVware 20180925
Babable 20180917
Baidu 20190117
Bkav 20190118
CAT-QuickHeal 20190120
ClamAV 20190120
CMC 20190120
Comodo 20190120
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190120
eGambit 20190120
Endgame 20181108
F-Prot 20190120
Sophos ML 20181128
Jiangmin 20190120
K7AntiVirus 20190119
K7GW 20190119
Kingsoft 20190120
Palo Alto Networks (Known Signatures) 20190120
SentinelOne (Static ML) 20190118
Sophos AV 20190119
SUPERAntiSpyware 20190116
TACHYON 20190119
Tencent 20190120
TheHacker 20190118
TotalDefense 20190120
Trapmine 20190102
TrendMicro 20190120
TrendMicro-HouseCall 20190120
Trustlook 20190120
VBA32 20190118
ViRobot 20190120
Yandex 20190117
Zillya 20190118
Zoner 20190119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2019 Steadboat Timecorrect

Product Skava Lost Spotair
Original name Spotair.exe
Internal name Skava LostWhosight Stickslave
File version 15.8.46.57
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-15 11:35:08
Entry Point 0x00002873
Number of sections 4
PE sections
Overlays
MD5 23524b8e963ad55ef8d7beae4b1507d6
File type data
Offset 275456
Size 12
Entropy 2.86
PE imports
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetLocalTime
FindFirstChangeNotificationW
HeapSetInformation
GetCurrentProcess
GetWindowsDirectoryW
DecodePointer
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
VirtualProtectEx
GetFileType
ExitProcess
GetFileTime
RaiseException
GetCPInfo
LoadLibraryW
MoveFileExW
GetSystemDirectoryW
GetDiskFreeSpaceW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
HeapValidate
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TlsFree
TerminateProcess
FindCloseChangeNotification
InterlockedDecrement
IsValidCodePage
HeapCreate
CreateFileW
DeleteCriticalSection
Sleep
FindNextChangeNotification
GetTickCount
TlsSetValue
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
GetEnvironmentVariableW
SetLastError
InterlockedIncrement
SetupFindFirstLineW
SetupRemoveSectionFromDiskSpaceListW
SetupAddInstallSectionToDiskSpaceListW
SetupInstallFromInfSectionW
SetupFindNextLine
SetupInstallServicesFromInfSectionW
SetupRemoveInstallSectionFromDiskSpaceListW
SetupAddSectionToDiskSpaceListW
ShowWindow
Number of PE resources by type
RT_ICON 8
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
276992

ImageVersion
0.0

ProductName
Skava Lost Spotair

FileVersionNumber
15.8.46.57

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
Spotair.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
15.8.46.57

TimeStamp
2012:01:15 03:35:08-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
Skava LostWhosight Stickslave

ProductVersion
15.8.46.57

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright 2019 Steadboat Timecorrect

MachineType
Intel 386 or later, and compatibles

CompanyName
Skava Lost

CodeSize
75776

FileSubtype
0

ProductVersionNumber
15.8.46.57

EntryPoint
0x2873

ObjectFileType
Executable application

File identification
MD5 ed54831e84a7a31f1a43c7dca771e3c8
SHA1 54a56be1ee32afa053c37f48a2d323d34c681de6
SHA256 e67b11b034329e738255894d5b75f0e94cc3be882278e1ecd57757557819bf52
ssdeep
3072:Mizkk1XY1PODELBQY55XBV10lH3L39iM3q/O5W1w:MDk1XYoyDXAL3Mvm8C

authentihash 04bed6327f4134e87a3c1c677fa130c90d5304eb75dd22220583d7bdbae6baf4
imphash 4fd63c100c24baad2386672074140630
File size 269.0 KB ( 275468 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-01-20 18:25:28 UTC ( 1 month, 4 weeks ago )
Last submission 2019-01-20 18:25:28 UTC ( 1 month, 4 weeks ago )
File names Skava LostWhosight Stickslave
Spotair.exe
.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.