× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ec34da06340a0513004bb4333b5b2e2631384ad4bfd81d8da89c4c7b88d7c929
File name: c317928244449da734d4c99178a7596c534e8570
Detection ratio: 7 / 56
Analysis date: 2015-06-25 01:02:07 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.ZBot 20150624
Avast Win32:Malware-gen 20150625
Bkav HW32.Packed.3C09 20150625
ESET-NOD32 Win32/Spy.Zbot.ACB 20150624
Panda Trj/Chgt.O 20150624
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20150623
Symantec WS.Reputation.1 20150625
Ad-Aware 20150625
AegisLab 20150624
Yandex 20150624
Alibaba 20150624
ALYac 20150625
Antiy-AVL 20150625
Arcabit 20150625
AVG 20150624
Avira (no cloud) 20150625
AVware 20150625
Baidu-International 20150624
BitDefender 20150625
ByteHero 20150625
CAT-QuickHeal 20150624
ClamAV 20150624
Comodo 20150625
Cyren 20150625
DrWeb 20150625
Emsisoft 20150625
F-Prot 20150624
F-Secure 20150624
Fortinet 20150625
GData 20150625
Ikarus 20150625
Jiangmin 20150624
K7AntiVirus 20150624
K7GW 20150624
Kaspersky 20150624
Kingsoft 20150625
Malwarebytes 20150625
McAfee 20150625
McAfee-GW-Edition 20150625
Microsoft 20150625
eScan 20150625
NANO-Antivirus 20150625
nProtect 20150624
Qihoo-360 20150625
Sophos AV 20150625
SUPERAntiSpyware 20150625
Tencent 20150625
TheHacker 20150624
TotalDefense 20150624
TrendMicro 20150625
TrendMicro-HouseCall 20150625
VBA32 20150624
VIPRE 20150625
ViRobot 20150625
Zillya 20150624
Zoner 20150625
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2014 Atomic Object

Product CaughtBeen
Original name artmy.exe
Internal name CaughtBeen
File version 12.7.5976.7328
Description CaughtBeen
Comments CaughtBeen
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-23 17:26:11
Entry Point 0x000023EF
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
SetTapeParameters
HeapDestroy
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetOEMCP
TerminateProcess
LCMapStringA
InitializeCriticalSection
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Comments
CaughtBeen

InitializedDataSize
7450624

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
12.7.5976.7328

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
CaughtBeen

CharacterSet
Unicode

LinkerVersion
8.0

EntryPoint
0x23ef

OriginalFileName
artmy.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005-2014 Atomic Object

FileVersion
12.7.5976.7328

TimeStamp
2015:06:23 18:26:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CaughtBeen

ProductVersion
12.7.5976.7328

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Atomic Object

CodeSize
151552

ProductName
CaughtBeen

ProductVersionNumber
12.7.5976.7328

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 c6690f55eda74571614d0c0cc6041140
SHA1 c317928244449da734d4c99178a7596c534e8570
SHA256 ec34da06340a0513004bb4333b5b2e2631384ad4bfd81d8da89c4c7b88d7c929
ssdeep
6144:r8TRzCKLdfRcnl6ram/qTbfH+4FylIwlPRXk:ruuKLZ2nl6r5sbfhABP

authentihash 1c1ce6a46bfd95c8a5f31b3f128f8713611ef7a8b6a06b10353f69b026052d9f
imphash 4edb5a47aaa6d4282e57c4ad0e6783d3
File size 236.0 KB ( 241664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-25 01:02:07 UTC ( 3 years, 9 months ago )
Last submission 2017-05-11 12:12:20 UTC ( 1 year, 10 months ago )
File names Ycofy.exe
CaughtBeen
artmy.exe
c6690f55eda74571614d0c0cc6041140.virobj
virussign.com_c6690f55eda74571614d0c0cc6041140.vir
8iwI2XmU.doc
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R01TC0CG215.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs