× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ebecb74b4fc9dd33d0fbea870741ea8e7d02f98de8ef5da3490716aa4976238b
File name: ebecb74b4fc9dd33d0fbea870741ea8e7d02f98de8ef5da3490716aa4976238b
Detection ratio: 10 / 65
Analysis date: 2018-11-11 01:43:12 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Bkav HW32.Packed. 20181110
Cybereason malicious.22bc36 20180225
Cylance Unsafe 20181111
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181108
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20181110
NANO-Antivirus Virus.Win32.Gen.ccmw 20181111
Qihoo-360 HEUR/QVM20.1.1FE1.Malware.Gen 20181111
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181110
Ad-Aware 20181111
AegisLab 20181110
AhnLab-V3 20181110
Alibaba 20180921
ALYac 20181110
Antiy-AVL 20181111
Arcabit 20181111
Avast 20181110
Avast-Mobile 20181110
AVG 20181110
Avira (no cloud) 20181110
Baidu 20181109
BitDefender 20181111
CAT-QuickHeal 20181108
ClamAV 20181111
CMC 20181110
CrowdStrike Falcon (ML) 20181022
Cyren 20181110
DrWeb 20181111
Emsisoft 20181111
ESET-NOD32 20181111
F-Prot 20181111
F-Secure 20181111
Fortinet 20181110
GData 20181111
Ikarus 20181110
Jiangmin 20181111
K7AntiVirus 20181110
K7GW 20181109
Kaspersky 20181111
Kingsoft 20181111
Malwarebytes 20181111
MAX 20181111
McAfee 20181111
Microsoft 20181111
eScan 20181110
Palo Alto Networks (Known Signatures) 20181111
Panda 20181110
Rising 20181110
Sophos AV 20181110
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181110
Tencent 20181111
TheHacker 20181108
TotalDefense 20181110
TrendMicro 20181111
TrendMicro-HouseCall 20181110
Trustlook 20181111
VBA32 20181109
ViRobot 20181110
Webroot 20181111
Yandex 20181109
Zillya 20181109
ZoneAlarm by Check Point 20181110
Zoner 20181111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Internal name sims
Description Poomare
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1996-06-16 22:07:08
Entry Point 0x00003670
Number of sections 6
PE sections
PE imports
RegGetKeySecurity
SetKernelObjectSecurity
GetSecurityDescriptorControl
GetDeviceCaps
SwapBuffers
Chord
SetColorSpace
CloseMetaFile
Arc
EndPath
GetFontLanguageInfo
GetIfTable
GetLastError
GetLogicalProcessorInformation
GetTimeZoneInformation
SetConsoleCP
FindCloseChangeNotification
GetCommandLineW
GetConsoleDisplayMode
GetSystemTimeAsFileTime
GetSystemTimes
GetCurrentThreadId
GetProcessIdOfThread
VerifyScripts
GetEnvironmentVariableW
SetCurrentConsoleFontEx
NdrUserMarshalBufferSize
SetupDiOpenClassRegKey
StrCmpLogicalW
SHSetValueA
StrRChrIW
GetCursorPos
GetCaretBlinkTime
DdeUninitialize
GetCursorInfo
ShowOwnedPopups
IsGUIThread
MoveWindow
DeferWindowPos
GetClientRect
GetAncestor
InternetAutodialHangup
InternetConfirmZoneCrossing
iswlower
CoDisconnectContext
OleFlushClipboard
Number of PE resources by type
RT_STRING 3
RT_VERSION 1
Number of PE resources by language
NORWEGIAN BOKMAL 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
15.0

ImageVersion
1.1

FileVersionNumber
1.6.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Poomare

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

Ht
Microsoft Corporation. All r

EntryPoint
0x3670

MIMEType
application/octet-stream

TimeStamp
1996:06:17 00:07:08+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
sims

SubsystemVersion
5.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Micr

TVersion
1.0

CodeSize
12288

FileSubtype
0

ProductVersionNumber
1.6.0.0

InitializedDataSize
126976

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6de876f0d13220473f87d8eb08c2e693
SHA1 184c74d22bc363bfe1f09944f3c88c19c0a8d50f
SHA256 ebecb74b4fc9dd33d0fbea870741ea8e7d02f98de8ef5da3490716aa4976238b
ssdeep
1536:G5W/6C+Vp2ZpvCl4as40k2Yj5HkojE/Pa3Nclv37L8QutMPWos/wV+uvElG+6qgl:GS6C9gmakV/Pn9uw0qElG+6qkFr

authentihash abc10df5b32c4d033b16192fdac7e9878dba7fe43fcdd609c64f38e595d58c37
imphash baa2ccc662f7da99d33da9daec80eb85
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-11 01:43:12 UTC ( 3 months, 1 week ago )
Last submission 2018-11-16 05:32:04 UTC ( 3 months ago )
File names sims
8466.exe
4.exe
84426678.exe
76.exe
controlasp.exe
6de876f0d13220473f87d8eb08c2e693
9.exe
controlasp.exe
7.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!