× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f4b29cf7e247b753032de99143861bffb90f6912b4473a693f4cf9b2235d928d
File name: me.exe
Detection ratio: 11 / 65
Analysis date: 2018-11-01 08:22:49 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181022
Cylance Unsafe 20181101
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Injector.EBJG 20181101
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20181101
Microsoft Program:Win32/Unwaders.C!ml 20181101
Qihoo-360 HEUR/QVM03.0.E7A9.Malware.Gen 20181101
Rising Trojan.Injector!8.C4 (CLOUD) 20181101
Symantec Packed.Generic.535 20181031
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181101
Ad-Aware 20181101
AegisLab 20181101
AhnLab-V3 20181031
Alibaba 20180921
Antiy-AVL 20181031
Arcabit 20181101
Avast 20181101
Avast-Mobile 20181101
AVG 20181101
Avira (no cloud) 20181101
Babable 20180918
Baidu 20181101
Bkav 20181031
CAT-QuickHeal 20181031
ClamAV 20181101
CMC 20181101
Cybereason 20180225
Cyren 20181101
DrWeb 20181101
eGambit 20181101
Emsisoft 20181101
F-Prot 20181101
F-Secure 20181101
Fortinet 20181101
GData 20181101
Ikarus 20181031
Jiangmin 20181101
K7AntiVirus 20181101
K7GW 20181101
Kingsoft 20181101
MAX 20181101
McAfee 20181101
McAfee-GW-Edition 20181101
eScan 20181101
NANO-Antivirus 20181101
Palo Alto Networks (Known Signatures) 20181101
Panda 20181031
SentinelOne (Static ML) 20181011
Sophos AV 20181101
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181030
TACHYON 20181101
Tencent 20181101
TheHacker 20181031
TotalDefense 20181101
TrendMicro 20181101
TrendMicro-HouseCall 20181101
Trustlook 20181101
VBA32 20181031
VIPRE 20181101
ViRobot 20181101
Webroot 20181101
Yandex 20181030
Zillya 20181030
Zoner 20181101
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product STALI6
Original name deuteranope9.exe
Internal name deuteranope9
File version 2.08
Description headquartering6
Comments IMPERTINENT3
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 8:43 AM 2/25/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-09-18 19:12:32
Entry Point 0x00001390
Number of sections 3
PE sections
Overlays
MD5 c83f706843f670c0116c928566b1c8d1
File type data
Offset 622592
Size 8256
Entropy 7.54
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(645)
EVENT_SINK_Release
__vbaRedim
_allmul
_adj_fdivr_m64
__vbaAryUnlock
Ord(527)
_adj_fprem
Ord(661)
Ord(546)
_adj_fpatan
EVENT_SINK_AddRef
Ord(650)
Ord(693)
Ord(563)
_adj_fdiv_m32i
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
__vbaStrToUnicode
_adj_fdivr_m16i
__vbaAryLock
__vbaCyMul
_adj_fdiv_r
Ord(100)
__vbaDerefAry1
__vbaFreeVar
Ord(562)
__vbaVarXor
Ord(618)
__vbaObjSetAddref
_CItan
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
Ord(660)
__vbaStrVarVal
_CIcos
EVENT_SINK_QueryInterface
_adj_fptan
Ord(685)
__vbaLateMemCall
Ord(610)
Ord(628)
__vbaObjSet
__vbaI4Var
__vbaFpI4
__vbaVarMove
__vbaErrorOverflow
_CIatan
Ord(540)
__vbaNew2
__vbaLateIdCallLd
__vbaOnError
_adj_fdivr_m32i
Ord(631)
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrToAnsi
_adj_fprem1
_adj_fdivr_m32
__vbaStrCat
__vbaFreeStrList
__vbaVarCat
__vbaFreeStr
_adj_fdiv_m16i
__vbaVarMod
Number of PE resources by type
RT_ICON 7
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
IMPERTINENT3

LinkerVersion
6.0

ImageVersion
2.8

FileSubtype
0

FileVersionNumber
2.8.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
headquartering6

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
24576

EntryPoint
0x1390

OriginalFileName
deuteranope9.exe

MIMEType
application/octet-stream

FileVersion
2.08

TimeStamp
2002:09:18 21:12:32+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
deuteranope9

ProductVersion
2.08

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Pavement0

CodeSize
593920

ProductName
STALI6

ProductVersionNumber
2.8.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 61804201bda965f9a1365c4effd2c651
SHA1 28ea331dd1a925649b29943202749aef51e8e1b2
SHA256 f4b29cf7e247b753032de99143861bffb90f6912b4473a693f4cf9b2235d928d
ssdeep
12288:+zzast6hmduboRct+pM/5OAMXkfwTJTUESYWUb:hhE1sDMUf0xUESYWW

authentihash 36084dba6423df0d56fb039eac7254ee372970c1310d25c5e5a2f0c06aebb7aa
imphash c53aed899c1b452c10725ed10dcc9572
File size 616.1 KB ( 630848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-11-01 08:22:49 UTC ( 6 months, 2 weeks ago )
Last submission 2018-11-09 07:03:20 UTC ( 6 months, 1 week ago )
File names deuteranope9
deuteranope9.exe
61804201bda965f9a1365c4effd2c651
me.exe
me.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.