× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f283e715e969d8220a2d26333db1ef9451be07fd8aaef31efa3444a4e031d301
File name: myfb11.exe
Detection ratio: 26 / 71
Analysis date: 2019-02-15 18:00:18 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190213
Ad-Aware Gen:Variant.Razy.461857 20190215
AhnLab-V3 Trojan/Win32.VBKrypt.C3020303 20190215
ALYac Gen:Variant.Razy.461857 20190215
Arcabit Trojan.Razy.D70C21 20190215
BitDefender Gen:Variant.Razy.461857 20190215
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181023
Cybereason malicious.10ebf6 20190109
Cylance Unsafe 20190215
Emsisoft Gen:Variant.Razy.461857 (B) 20190215
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Injector.EDPX 20190215
Fortinet W32/GenKryptik.CZMP!tr 20190215
GData Gen:Variant.Razy.461857 20190215
Ikarus Trojan.Crypt.Malcert 20190215
Sophos ML heuristic 20181128
McAfee Fareit-FNW!EE011E7A55FB 20190215
Microsoft VirTool:Win32/VBInject.ACB!bit 20190215
eScan Gen:Variant.Razy.461857 20190215
Palo Alto Networks (Known Signatures) generic.ml 20190215
Qihoo-360 HEUR/QVM03.0.3FDB.Malware.Gen 20190215
Rising Trojan.GenKryptik!8.AA55 (TFE:dGZlOgVCJLfTGQi8jg) 20190215
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190215
Trapmine malicious.high.ml.score 20190123
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190215
AegisLab 20190215
Alibaba 20180921
Antiy-AVL 20190215
Avast 20190215
Avast-Mobile 20190215
AVG 20190215
Avira (no cloud) 20190215
Babable 20180918
Baidu 20190215
Bkav 20190215
CAT-QuickHeal 20190215
ClamAV 20190215
CMC 20190215
Comodo 20190215
Cyren 20190215
DrWeb 20190215
eGambit 20190215
F-Prot 20190215
F-Secure 20190215
Jiangmin 20190215
K7AntiVirus 20190215
K7GW 20190215
Kaspersky 20190215
Kingsoft 20190215
Malwarebytes 20190215
MAX 20190217
McAfee-GW-Edition 20190215
NANO-Antivirus 20190215
Panda 20190215
Sophos AV 20190215
SUPERAntiSpyware 20190213
Symantec Mobile Insight 20190207
TACHYON 20190215
Tencent 20190215
TheHacker 20190215
TotalDefense 20190215
TrendMicro 20190215
TrendMicro-HouseCall 20190215
Trustlook 20190215
VBA32 20190215
VIPRE 20190215
ViRobot 20190215
Webroot 20190215
Yandex 20190215
Zillya 20190215
Zoner 20190215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product FLOSSED
Original name idlewild.exe
Internal name idlewild
File version 1.06.0008
Description Timerelated6
Comments SUBSULPHID
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 12:05 PM 3/5/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1997-08-27 06:37:33
Entry Point 0x00001090
Number of sections 3
PE sections
Overlays
MD5 b21f6dcdee126c15686e8c95f484f327
File type data
Offset 499712
Size 4288
Entropy 7.59
PE imports
EVENT_SINK_QueryInterface
Ord(546)
__vbaExceptHandler
Ord(100)
MethCallEngine
DllFunctionCall
ProcCallEngine
Ord(711)
Ord(525)
EVENT_SINK_Release
EVENT_SINK_AddRef
Ord(650)
Ord(617)
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
SUBSULPHID

LinkerVersion
6.0

ImageVersion
1.6

FileSubtype
0

FileVersionNumber
1.6.0.8

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Timerelated6

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x1090

OriginalFileName
idlewild.exe

MIMEType
application/octet-stream

FileVersion
1.06.0008

TimeStamp
1997:08:27 08:37:33+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
idlewild

ProductVersion
1.06.0008

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
MASHER

CodeSize
487424

ProductName
FLOSSED

ProductVersionNumber
1.6.0.8

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ee011e7a55fbd9778bcc54f429599d54
SHA1 997edd110ebf6457f1f7e9ba6cc774014bdbb590
SHA256 f283e715e969d8220a2d26333db1ef9451be07fd8aaef31efa3444a4e031d301
ssdeep
6144:KbsWm/0XepvZ2hg5y6QQTRw8j3oOTp1HSrrSkrJqHc:KbbepALwpTp2Trgc

authentihash eaca31a019186da5d5ffcdca0ef6e48a2c6db7a68b04fb9cdeb33d6c9ad05201
imphash 2b547f8bc05ea48c031a97dfd8bc2be4
File size 492.2 KB ( 504000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-02-15 18:00:18 UTC ( 3 months, 1 week ago )
Last submission 2019-02-16 13:37:42 UTC ( 3 months, 1 week ago )
File names idlewild.exe
myfb11.exe
f283e715e969d8220a2d26333db1ef9451be07fd8aaef31efa3444a4e031d301.exe
idlewild
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.