× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f3607c464eff8da8bae9a0ffb969dce5e5692254f4a9b3982c48a2c731122da5
File name: 38p.exe
Detection ratio: 27 / 66
Analysis date: 2018-10-19 12:35:56 UTC ( 7 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.523062 20181019
AhnLab-V3 Win-Trojan/VBKrypt.RP03 20181019
ALYac Gen:Variant.Graftor.523062 20181019
Arcabit Trojan.Graftor.D7FB36 20181019
BitDefender Gen:Variant.Graftor.523062 20181019
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cylance Unsafe 20181019
Cyren W32/VBKrypt.EU.gen!Eldorado 20181019
Emsisoft Trojan.Agent (A) 20181019
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.EAYK 20181019
F-Prot W32/VBKrypt.EU.gen!Eldorado 20181019
F-Secure Gen:Variant.Graftor.523062 20181019
Fortinet W32/Injector.EAYD!tr 20181019
GData Gen:Variant.Graftor.523062 20181019
Ikarus Win32.Outbreak 20181019
Sophos ML heuristic 20180717
Malwarebytes Trojan.MalPack.VB 20181019
MAX malware (ai score=83) 20181019
McAfee Fareit-FLZ!FC4C9462F251 20181019
McAfee-GW-Edition Fareit-FLZ!FC4C9462F251 20181019
Microsoft Trojan:Win32/Skeeyah.A!rfn 20181019
eScan Gen:Variant.Graftor.523062 20181019
Qihoo-360 HEUR/QVM03.0.A11B.Malware.Gen 20181019
Sophos AV Mal/FareitVB-N 20181019
Symantec Trojan.Gen.2 20181019
VBA32 BScope.Trojan.Fuerboos 20181019
AegisLab 20181019
Alibaba 20180921
Antiy-AVL 20181019
Avast 20181019
Avast-Mobile 20181019
AVG 20181019
Avira (no cloud) 20181019
Babable 20180918
Baidu 20181019
Bkav 20181019
CAT-QuickHeal 20181018
ClamAV 20181019
CMC 20181019
Cybereason 20180225
DrWeb 20181019
eGambit 20181019
Jiangmin 20181019
K7AntiVirus 20181019
K7GW 20181019
Kaspersky 20181019
Kingsoft 20181019
NANO-Antivirus 20181019
Palo Alto Networks (Known Signatures) 20181019
Panda 20181019
Rising 20181019
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TACHYON 20181019
Tencent 20181019
TheHacker 20181018
TrendMicro 20181019
TrendMicro-HouseCall 20181019
Trustlook 20181019
ViRobot 20181019
Webroot 20181019
Yandex 20181018
Zillya 20181018
ZoneAlarm by Check Point 20181019
Zoner 20181018
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product bSFA
Original name schizogonic8.exe
Internal name schizogonic8
File version 7.06
Description ALLOYMANYCUTS ALLOYMANYCUTS
Comments GTELLao Stm
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 1:35 PM 10/19/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-04 11:48:00
Entry Point 0x00001310
Number of sections 3
PE sections
Overlays
MD5 50684a3ba83d13033dbd0a5f858966fd
File type data
Offset 536576
Size 2256
Entropy 7.69
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(523)
_CIcos
__vbaEnd
__vbaStrCmp
_allmul
_adj_fdivr_m64
_adj_fprem
EVENT_SINK_AddRef
__vbaLenBstr
Ord(545)
_adj_fpatan
__vbaFreeObjList
Ord(650)
Ord(563)
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
Ord(632)
DllFunctionCall
__vbaFPException
__vbaStrVarMove
__vbaStrToUnicode
_adj_fdivr_m16i
EVENT_SINK_Release
__vbaCyMul
_adj_fdiv_r
Ord(712)
__vbaVarAdd
__vbaFreeVar
__vbaVarTstNe
__vbaFreeStr
Ord(100)
__vbaObjSetAddref
_adj_fdiv_m64
__vbaUI1I4
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaLsetFixstr
EVENT_SINK_QueryInterface
_adj_fptan
Ord(571)
Ord(610)
__vbaFpI4
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaNew2
__vbaOnError
_adj_fdivr_m32i
Ord(631)
_CItan
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
Ord(537)
__vbaFreeStrList
Ord(609)
Ord(698)
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 9
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
sysTEMS GZC.

SubsystemVersion
4.0

Comments
GTELLao Stm

InitializedDataSize
20480

ImageVersion
7.6

ProductName
bSFA

FileVersionNumber
7.6.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
schizogonic8.exe

MIMEType
application/octet-stream

FileVersion
7.06

TimeStamp
2014:11:04 12:48:00+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
schizogonic8

ProductVersion
7.06

FileDescription
ALLOYMANYCUTS ALLOYMANYCUTS

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NHj PIDFIO COMMUNiTY

CodeSize
512000

FileSubtype
0

ProductVersionNumber
7.6.0.0

EntryPoint
0x1310

ObjectFileType
Executable application

File identification
MD5 fc4c9462f2510f4d7b47f584a2698dfe
SHA1 e392e664bef6fc6f1439228eeaf372f87534f4bb
SHA256 f3607c464eff8da8bae9a0ffb969dce5e5692254f4a9b3982c48a2c731122da5
ssdeep
12288:i8MjOmBiu4kdMeaALz4PX3muFjj03zQnrb45j:i83WtME4PmfQnf45

authentihash 03c8b282a982e3670e59f2b71fd8908cdce7eab168951b15243b14b5423aab35
imphash 800597fb856be1302805ca75c23a6d08
File size 526.2 KB ( 538832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-10-19 12:35:56 UTC ( 7 months, 1 week ago )
Last submission 2018-10-19 12:35:56 UTC ( 7 months, 1 week ago )
File names 38p.exe
schizogonic8.exe
schizogonic8
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.