× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ee09a25255f767321026dbff7d13f22924d72c88bb3e8969cb3d21d2ea383203
File name: ee09a25255f767321026dbff7d13f22924d72c88bb3e8969cb3d21d2ea383203
Detection ratio: 43 / 68
Analysis date: 2017-12-24 03:54:49 UTC ( 12 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12696331 20171224
AegisLab Filerepmalware.Gen!c 20171224
ALYac Trojan.GenericKD.12696331 20171224
Antiy-AVL Trojan/Win32.TSGeneric 20171224
Arcabit Trojan.Generic.DC1BB0B 20171224
Avast FileRepMalware 20171224
AVG FileRepMalware 20171224
Avira (no cloud) TR/Crypt.ZPACK.yqzoc 20171223
AVware Trojan.Win32.Generic!BT 20171224
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171222
BitDefender Trojan.GenericKD.12696331 20171224
Bkav HW32.Packed.B9FB 20171222
ClamAV Win.Trojan.Emotet-6406814-0 20171223
Comodo UnclassifiedMalware 20171224
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.b0006c 20171103
Cylance Unsafe 20171224
Cyren W32/Trojan.MKJE-5690 20171224
eGambit Unsafe.AI_Score_87% 20171224
Emsisoft Trojan.GenericKD.12696331 (B) 20171224
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/GenKryptik.BJTX 20171223
F-Secure Trojan.GenericKD.12696331 20171224
Fortinet W32/Kryptik.FZTF!tr 20171224
GData Trojan.GenericKD.12696331 20171224
Ikarus Trojan.Win32.Krypt 20171223
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Dovs.ekl 20171224
Malwarebytes Trojan.Emotet 20171224
MAX malware (ai score=100) 20171224
McAfee RDN/Generic.hbg 20171224
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20171224
eScan Trojan.GenericKD.12696331 20171224
Palo Alto Networks (Known Signatures) generic.ml 20171224
Panda Trj/RnkBend.A 20171223
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/EncPk-ANR 20171224
Symantec Trojan.Emotet 20171223
Tencent Win32.Trojan.Dovs.Htvm 20171224
TrendMicro-HouseCall Suspicious_GEN.F47V1223 20171224
VIPRE Trojan.Win32.Generic!BT 20171224
Webroot W32.Trojan.Emotet 20171224
ZoneAlarm by Check Point Trojan.Win32.Dovs.ekl 20171224
AhnLab-V3 20171223
Alibaba 20171222
Avast-Mobile 20171223
CAT-QuickHeal 20171223
CMC 20171223
DrWeb 20171224
F-Prot 20171224
Jiangmin 20171221
K7AntiVirus 20171224
K7GW 20171223
Kingsoft 20171224
Microsoft 20171224
NANO-Antivirus 20171224
nProtect 20171224
Qihoo-360 20171224
Rising 20171224
SUPERAntiSpyware 20171223
Symantec Mobile Insight 20171222
TheHacker 20171219
TotalDefense 20171223
TrendMicro 20171224
Trustlook 20171224
VBA32 20171222
ViRobot 20171223
WhiteArmor 20171204
Yandex 20171222
Zillya 20171222
Zoner 20171224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2008-2015 Pritek .com

Product Pritek Highspeed WDE Scanner and Editor for Balo
Original name PSEB.exe
Internal name PSEB.exe
File version 1, 1, 2, 0
Description Pritek Highspeed WDE Scanner and Editor for Baloo
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-23 09:21:37
Entry Point 0x00001630
Number of sections 5
PE sections
PE imports
CryptDuplicateHash
RegSetValueExW
PrintDlgW
ExtTextOutA
TranslateCharsetInfo
CreateFontIndirectW
CallNamedPipeW
GetCurrentProcess
Module32First
GetPrivateProfileIntA
GetSystemDefaultLCID
GetTempPathW
Sleep
GetThreadLocale
GetProcessWorkingSetSize
IsValidLocale
GetVersionExA
SetLastError
GetStartupInfoW
MprAdminMIBEntryCreate
PathFindFileNameA
PathIsDirectoryW
DrawTextA
EnumDisplayDevicesA
GetCaretBlinkTime
InternalGetWindowText
timeGetSystemTime
CryptCATEnumerateCatAttr
CreateBindCtx
Number of PE resources by type
RT_DIALOG 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
13.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.2.0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

FileDescription
Pritek Highspeed WDE Scanner and Editor for Baloo

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
90112

EntryPoint
0x1630

OriginalFileName
PSEB.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2008-2015 Pritek .com

FileVersion
1, 1, 2, 0

TimeStamp
2017:12:23 10:21:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PSEB.exe

ProductVersion
1, 1, 2, 0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Pritek

CodeSize
0

ProductName
Pritek Highspeed WDE Scanner and Editor for Balo

ProductVersionNumber
1.1.2.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9c2245cf031ad8d3232c1c224c497f03
SHA1 cb6903eb0006c68a8049f672504f0dd4ae264fe1
SHA256 ee09a25255f767321026dbff7d13f22924d72c88bb3e8969cb3d21d2ea383203
ssdeep
1536:vUUJN/veyLo8Nn5a/MFXlyZtUHzxjrTyPYwHEoXYlz0RzxzPYhNXXtbO:zL+yLH5aYXgtWyPtHpYlEVQhNX9i

authentihash a142e732b4c3173a33357e801f31474e8341cce532ace2076f9ed7cb7990b7af
imphash 5e5a50755542258242ec68c2294c47f6
File size 101.0 KB ( 103424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-23 00:32:13 UTC ( 12 months ago )
Last submission 2018-05-23 17:51:17 UTC ( 6 months, 4 weeks ago )
File names PSEB.exe
92W6nneyoaVl8wG.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications