× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e9f0608ebc21790eefe18372c5a4633eba33b47f705495f3a473dc7c6a830c39
File name: daddy.exe
Detection ratio: 18 / 67
Analysis date: 2018-04-17 06:57:48 UTC ( 10 months, 1 week ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Fareit.R225432 20180417
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9709 20180417
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170201
Cylance Unsafe 20180417
Cyren W32/VBKrypt.E.gen!Eldorado 20180417
DrWeb Trojan.PWS.Stealer.21240 20180417
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Injector.DXJT 20180417
F-Prot W32/VBKrypt.E.gen!Eldorado 20180417
Fortinet W32/GenKryptik.BXBP!tr 20180417
GData Win32.Trojan.Injector.NA 20180417
Sophos ML heuristic 20180121
Malwarebytes Spyware.HawkEyeKeyLogger 20180417
McAfee GenericR-MJM!0B8AE9287B7D 20180417
Palo Alto Networks (Known Signatures) generic.ml 20180417
Qihoo-360 HEUR/QVM03.0.8B01.Malware.Gen 20180417
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180417
Ad-Aware 20180417
AegisLab 20180417
Alibaba 20180417
ALYac 20180417
Antiy-AVL 20180417
Arcabit 20180417
Avast 20180417
Avast-Mobile 20180416
AVG 20180417
Avira (no cloud) 20180416
AVware 20180417
BitDefender 20180417
Bkav 20180410
CAT-QuickHeal 20180417
ClamAV 20180417
CMC 20180416
Comodo 20180417
Cybereason None
eGambit 20180417
Emsisoft 20180417
F-Secure 20180416
Ikarus 20180416
Jiangmin 20180417
K7AntiVirus 20180417
K7GW 20180417
Kaspersky 20180417
Kingsoft 20180417
MAX 20180417
McAfee-GW-Edition 20180417
Microsoft 20180417
eScan 20180417
NANO-Antivirus 20180416
nProtect 20180417
Panda 20180416
Rising 20180417
Sophos AV 20180417
SUPERAntiSpyware 20180417
Symantec Mobile Insight 20180412
Tencent 20180417
TheHacker 20180415
TotalDefense 20180417
TrendMicro 20180417
TrendMicro-HouseCall 20180417
Trustlook 20180417
VBA32 20180414
VIPRE 20180417
ViRobot 20180417
Webroot 20180417
WhiteArmor 20180408
Yandex 20180414
Zillya 20180416
ZoneAlarm by Check Point 20180417
Zoner 20180416
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
BITCoin PROject

Product XPLOde
Original name Phenotypes8.exe
Internal name Phenotypes8
File version 1.02
Comments KASPersky lAB
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-16 12:23:00
Entry Point 0x0000125C
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
_CIcos
__vbaGenerateBoundsError
_allmul
Ord(616)
_adj_fdivr_m64
_adj_fprem
__vbaStrComp
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(526)
EVENT_SINK_QueryInterface
Ord(583)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaUbound
EVENT_SINK_Release
Ord(563)
_adj_fdiv_r
Ord(100)
__vbaVarAdd
__vbaFreeVar
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
Ord(606)
__vbaVarTstGt
__vbaInStrVarB
Ord(595)
__vbaVarTstEq
_adj_fptan
_CItan
Ord(537)
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
_adj_fdivr_m32i
__vbaRedim
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaFPFix
__vbaVarDup
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
ASTOnsoft lTD.

UninitializedDataSize
0

Comments
KASPersky lAB

InitializedDataSize
24576

ImageVersion
1.2

ProductName
XPLOde

FileVersionNumber
1.2.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Phenotypes8.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.02

TimeStamp
2018:04:16 14:23:00+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Phenotypes8

ProductVersion
1.02

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

LegalCopyright
BITCoin PROject

MachineType
Intel 386 or later, and compatibles

CodeSize
647168

FileSubtype
0

ProductVersionNumber
1.2.0.0

EntryPoint
0x125c

ObjectFileType
Executable application

File identification
MD5 0b8ae9287b7d3314335c6f607827305a
SHA1 15f2977dd2e0ca7823276d25cc3244f21f4d05e0
SHA256 e9f0608ebc21790eefe18372c5a4633eba33b47f705495f3a473dc7c6a830c39
ssdeep
12288:oWbJ63bxERUxYCkDViQ1Bts0aTUkH5w2:oWb4kUxYCkDViQ1BtiokH5B

authentihash dcab675ed452406195b5d9c377b1439e61506369b707d969181ba0f13c082fa9
imphash c5d53134b4b2222c9992c37a86ce1693
File size 660.0 KB ( 675840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-17 06:57:48 UTC ( 10 months, 1 week ago )
Last submission 2018-05-25 17:52:50 UTC ( 8 months, 4 weeks ago )
File names 0b8ae9287b7d3314335c6f607827305a.dat
10de8d3525323a31878b88733f0bb1dc10ab62e6
Phenotypes8.exe
daddy.exe
Phenotypes8
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.