× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f36075c5c49f1514bbb1e16e2003f7297fd916bed8f1412405c4a0118820f64b
File name: 65fg67n.exe
Detection ratio: 3 / 54
Analysis date: 2016-02-16 12:26:03 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
K7AntiVirus Trojan ( 004ce0eb1 ) 20160216
K7GW Trojan ( 004ce0eb1 ) 20160216
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20160216
Ad-Aware 20160216
AegisLab 20160216
Yandex 20160215
AhnLab-V3 20160216
Alibaba 20160216
ALYac 20160216
Antiy-AVL 20160216
Arcabit 20160216
Avast 20160216
AVG 20160216
Avira (no cloud) 20160216
Baidu-International 20160216
BitDefender 20160216
Bkav 20160215
ByteHero 20160216
CAT-QuickHeal 20160216
ClamAV 20160216
CMC 20160216
Comodo 20160216
Cyren 20160216
DrWeb 20160216
Emsisoft 20160216
ESET-NOD32 20160216
F-Prot 20160216
F-Secure 20160216
Fortinet 20160216
GData 20160216
Ikarus 20160216
Jiangmin 20160216
Kaspersky 20160216
Malwarebytes 20160216
McAfee 20160216
Microsoft 20160216
eScan 20160216
NANO-Antivirus 20160216
nProtect 20160216
Panda 20160215
Qihoo-360 20160216
Rising 20160216
Sophos AV 20160216
SUPERAntiSpyware 20160216
Symantec 20160215
Tencent 20160216
TheHacker 20160215
TrendMicro 20160216
TrendMicro-HouseCall 20160216
VBA32 20160215
VIPRE 20160216
ViRobot 20160216
Zillya 20160215
Zoner 20160216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
©.DevPointer Inc All rights reserved.

Product Current
Internal name Current
Description Reparse Potter Statistics Keypadnagi Gossip
Comments Reparse Potter Statistics Keypadnagi Gossip
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-16 11:29:06
Entry Point 0x00004E35
Number of sections 6
PE sections
PE imports
GetDeviceCaps
SetMapMode
CreateFontIndirectA
SelectObject
CreatePalette
GetStockObject
SetViewportOrgEx
EndDoc
SetTextColor
CreateMetaFileA
SetTextAlign
DeleteObject
Rectangle
GetLastError
FileTimeToSystemTime
lstrlenA
GetFileAttributesA
GlobalFree
QueryPerformanceCounter
CopyFileA
GetTickCount
GlobalUnlock
lstrlenW
GetLocalTime
UpdateResourceA
GetCurrentProcess
GetDateFormatA
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
lstrcatA
LockResource
CreateDirectoryA
UnhandledExceptionFilter
MultiByteToWideChar
GetProcAddress
InterlockedCompareExchange
EnumResourceTypesA
FindResourceExA
GetModuleHandleA
FindFirstFileA
InterlockedExchange
SetUnhandledExceptionFilter
lstrcpyA
GetStartupInfoA
MulDiv
GetSystemTimeAsFileTime
FindNextFileA
GlobalLock
FreeResource
SetFileAttributesA
TerminateProcess
LoadResource
GlobalAlloc
FindClose
IsDebuggerPresent
Sleep
HeapAlloc
GetCurrentThreadId
SetLastError
GetTimeFormatA
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
_ultow_s
__p__fmode
malloc
?what@exception@std@@UBEPBDXZ
memset
__dllonexit
_controlfp_s
wcscpy_s
_invoke_watson
strlen
_cexit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??2@YAPAXI@Z
_lock
_onexit
wcslen
_unlock
_amsg_exit
exit
_XcptFilter
_encode_pointer
__setusermatherr
_initterm_e
__p__commode
printf
_acmdln
_CxxThrowException
_ismbblead
memmove_s
_crt_debugger_hook
_adjust_fdiv
??3@YAXPAX@Z
wcsstr
_except_handler4_common
atol
__getmainargs
_initterm
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
__CxxFrameHandler3
_decode_pointer
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
strcpy
_wcslwr_s
_configthreadlocale
??0exception@std@@QAE@XZ
_exit
__set_app_type
SystemTimeToVariantTime
VariantInit
SysAllocStringByteLen
GetWsChanges
wnsprintfA
PathCompactPathA
GetAsyncKeyState
GetForegroundWindow
GetParent
UpdateWindow
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
GetWindowRect
DispatchMessageA
EndPaint
ScreenToClient
TranslateMessage
GetWindow
GetDC
GetCursorPos
ReleaseDC
SetWindowTextA
SendMessageA
GetClientRect
SetTimer
GetDlgItem
DrawTextW
RegisterClassA
SetRect
InvalidateRect
GetWindowLongA
CreateWindowExA
LoadCursorA
DrawTextA
GetMenuItemID
CreateWindowExW
GetMessageA
DestroyWindow
PtInRect
InternetReadFile
InternetOpenUrlW
sndPlaySoundA
EapHostPeerFreeMemory
EapHostPeerGetMethods
EapHostPeerFreeErrorMemory
CoCreateInstance
OleInitialize
SnmpUtilVarBindCpy
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

Comments
Reparse Potter Statistics Keypadnagi Gossip

Languages
English

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.5.4.6

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Reparse Potter Statistics Keypadnagi Gossip

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
84992

EntryPoint
0x4e35

MIMEType
application/octet-stream

LegalCopyright
.DevPointer Inc All rights reserved.

TimeStamp
2016:02:16 12:29:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Current

ProductVersion
5.5.4.6

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
DevPointer Inc

CodeSize
17920

ProductName
Current

ProductVersionNumber
5.5.4.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 be4abc103784462d1dd2d0882557758f
SHA1 28b05aea9c3d70eded2e0523ad42bdbefca8ffad
SHA256 f36075c5c49f1514bbb1e16e2003f7297fd916bed8f1412405c4a0118820f64b
ssdeep
3072:ywgtWASY7bO9qQXM7p4ZKoddO8fcDXFTPcf3:tLY7bO97ESZpAa+hA3

authentihash abedea900b79dc1a14070943843a41b24cc8445a0c3c925555470fcf2e022b6f
imphash e12b81df0c5694d8ec907f73c38001dd
File size 101.5 KB ( 103936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2016-02-16 11:45:46 UTC ( 3 years, 3 months ago )
Last submission 2017-08-21 05:11:14 UTC ( 1 year, 9 months ago )
File names 65fg67n
65fg67n.exe
locky.exe
be4abc103784462d1dd2d0882557758f
65fg67n[1].txt.2108.dr
65fg67n[1].txt.3480.dr
65fg67n[1].txt.3224.dr
Current
localfile~
ladybi.exe
65fg67n[1].txt.2208.dr
1_.exe
ladybi.exe.158140.DROPPED
f36075c5c49f1514bbb1e16e2003f7297fd916bed8f1412405c4a0118820f64b
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened service managers
Opened services
Runtime DLLs