× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f0846b78dcdfce7dee45f1a19760de753320777c84bc9098140e10ca9eec08e3
File name: troll.jpg
Detection ratio: 38 / 69
Analysis date: 2019-01-21 13:32:55 UTC ( 2 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31545566 20190121
ALYac Trojan.GenericKD.31545566 20190121
Arcabit Trojan.Generic.D1E158DE 20190121
Avast Win32:Malware-gen 20190121
AVG Win32:Malware-gen 20190121
Avira (no cloud) TR/Injector.wzvdz 20190121
BitDefender Trojan.GenericKD.31545566 20190121
Comodo Malware@#31q9s2mbopcrv 20190121
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cylance Unsafe 20190121
Cyren W32/Fareit.HK.gen!Eldorado 20190121
DrWeb Trojan.Inject3.12182 20190121
Emsisoft Trojan.Agent (A) 20190121
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Injector.ECZP 20190121
F-Secure Trojan.GenericKD.31545566 20190121
Fortinet W32/Fareit.FGY!tr 20190121
GData Trojan.GenericKD.31545566 20190121
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190121
K7GW Riskware ( 0040eff71 ) 20190121
Kaspersky Trojan.Win32.VBKryjetor.bjop 20190121
Malwarebytes Trojan.MalPack.VB.Generic 20190121
MAX malware (ai score=99) 20190121
McAfee Fareit-FGY!DECE31BC7CDF 20190121
McAfee-GW-Edition BehavesLike.Win32.Fareit.ch 20190121
Microsoft Trojan:Win32/Occamy.C 20190121
eScan Trojan.GenericKD.31545566 20190121
Panda Trj/GdSda.A 20190120
Qihoo-360 Win32/Trojan.894 20190121
Rising Trojan.VBKryjetor!8.778 (CLOUD) 20190121
Sophos AV Troj/Fareit-GMX 20190121
Symantec Trojan.Gen.2 20190121
Trapmine malicious.moderate.ml.score 20190103
TrendMicro-HouseCall TROJ_GEN.R023C0PAK19 20190121
VIPRE Trojan.Win32.Generic!BT 20190121
Webroot W32.Trojan.Gen 20190121
ZoneAlarm by Check Point Trojan.Win32.VBKryjetor.bjop 20190121
Acronis 20190119
AegisLab 20190121
AhnLab-V3 20190121
Alibaba 20180921
Antiy-AVL 20190121
Avast-Mobile 20190121
Babable 20180918
Baidu 20190121
Bkav 20190121
CAT-QuickHeal 20190121
ClamAV 20190121
CMC 20190121
Cybereason 20190109
eGambit 20190121
F-Prot 20190126
Jiangmin 20190121
Kingsoft 20190121
NANO-Antivirus 20190121
Palo Alto Networks (Known Signatures) 20190121
SentinelOne (Static ML) 20190118
SUPERAntiSpyware 20190116
TACHYON 20190121
Tencent 20190121
TheHacker 20190118
TrendMicro 20190126
Trustlook 20190121
VBA32 20190121
ViRobot 20190121
Yandex 20190120
Zillya 20190125
Zoner 20190121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
THReATTRAcK Security, Inc

Product E-MERGE GMBH
Original name nucleonics.exe
Internal name nucleonics
File version 8.07.0003
Description WORlDCOIN
Comments CJSC "CoMpUtING FOrCes
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-19 11:26:45
Entry Point 0x000013C0
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
EVENT_SINK_Release
__vbaCyI2
_CIcos
EVENT_SINK_QueryInterface
__vbaI4Cy
Ord(695)
_adj_fdivr_m64
_adj_fprem
Ord(514)
Ord(661)
Ord(689)
_adj_fpatan
Ord(581)
EVENT_SINK_AddRef
__vbaCyForInit
__vbaStrToUnicode
__vbaCyI4
_adj_fdiv_m32i
Ord(666)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaGosubFree
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
_CIsin
__vbaFpI4
__vbaExitProc
Ord(100)
__vbaFreeObj
__vbaCyVar
__vbaFreeVar
Ord(589)
_CItan
_adj_fdiv_m64
Ord(651)
__vbaHresultCheckObj
_CIsqrt
__vbaVarSub
_CIlog
__vbaLenBstrB
__vbaInStrVar
_allmul
__vbaInStrVarB
Ord(616)
__vbaVarTstEq
_adj_fptan
__vbaGosub
__vbaVarDup
Ord(628)
__vbaObjSet
__vbaI4Var
__vbaStrToAnsi
Ord(613)
__vbaVarMove
Ord(607)
_CIatan
Ord(608)
__vbaNew2
_adj_fdiv_r
__vbaLateIdCallLd
__vbaOnError
_adj_fdivr_m32i
Ord(546)
__vbaCyForNext
_CIexp
__vbaStrMove
__vbaStrR8
_adj_fprem1
_adj_fdivr_m32
Ord(543)
__vbaFpR8
Ord(609)
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_STRING 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
GERMAN LIECHTENSTEIN 1
BENGALI DEFAULT 1
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
CodeSize
139264

SubsystemVersion
4.0

Comments
CJSC "CoMpUtING FOrCes

LinkerVersion
6.0

ImageVersion
8.7

FileSubtype
0

FileVersionNumber
8.7.0.3

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x0000

FileDescription
WORlDCOIN

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x13c0

OriginalFileName
nucleonics.exe

MIMEType
application/octet-stream

LegalCopyright
THReATTRAcK Security, Inc

FileVersion
8.07.0003

TimeStamp
2019:01:19 12:26:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
nucleonics

ProductVersion
8.07.0003

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NoRman SAFEgROUnd AS

LegalTrademarks
TECHSMItH CoRporation

ProductName
E-MERGE GMBH

ProductVersionNumber
8.7.0.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 dece31bc7cdfee1826706c03cd3af456
SHA1 ea7a37ae483c4679c368ea747b3937788a04809a
SHA256 f0846b78dcdfce7dee45f1a19760de753320777c84bc9098140e10ca9eec08e3
ssdeep
1536:rfVIm3DWcHE+iHMH2zI1Rf/VWDWFHxOAvNKvZwxJ9/J:rdSczis7p/cDWZwu8B+5

authentihash d4f68ea617edd6cae773454b511e9a311f7f1a600704c9d84a336aafcfa44072
imphash 22682385ced94b4cab4279d2934efffd
File size 148.0 KB ( 151552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-19 14:55:29 UTC ( 2 months ago )
Last submission 2019-01-19 14:55:29 UTC ( 2 months ago )
File names nucleonics
nucleonics.exe
troll.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.