× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f5d1705ccb3d8aa9de107112b3bc4596fd27e5ca2c3f31b2658313b9df494492
File name: .
Detection ratio: 36 / 70
Analysis date: 2019-01-20 18:30:03 UTC ( 2 months ago )
Antivirus Result Update
Acronis suspicious 20190119
Ad-Aware Gen:Trojan.Heur.RP.sq0@aywY9lei 20190120
Antiy-AVL Trojan[Banker]/Win32.IcedID 20190120
Arcabit Trojan.Heur.RP.E91DA4 20190120
Avast Win32:Trojan-gen 20190120
AVG Win32:Trojan-gen 20190120
BitDefender Gen:Trojan.Heur.RP.sq0@aywY9lei 20190120
Cybereason malicious.db41e4 20190109
Cylance Unsafe 20190120
DrWeb Trojan.IcedID.15 20190120
Emsisoft Gen:Trojan.Heur.RP.sq0@aywY9lei (B) 20190120
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CUEN 20190120
F-Secure Gen:Trojan.Heur.RP.sq0@aywY9lei 20190120
Fortinet W32/GenKryptik.CUEN!tr 20190120
GData Gen:Trojan.Heur.RP.sq0@aywY9lei 20190120
Sophos ML heuristic 20181128
Jiangmin Trojan.Generic.cwjmk 20190120
Kaspersky HEUR:Trojan.Win32.Generic 20190120
Malwarebytes Trojan.Banker 20190120
MAX malware (ai score=81) 20190120
McAfee Ursnif-FQLY!40BFA2BDB41E 20190120
McAfee-GW-Edition Ursnif-FQLY!40BFA2BDB41E 20190120
Microsoft Trojan:Win32/Fuerboos.C!cl 20190120
eScan Gen:Trojan.Heur.RP.sq0@aywY9lei 20190120
NANO-Antivirus Trojan.Win32.IcedID.flfytg 20190120
Panda Trj/GdSda.A 20190120
Qihoo-360 HEUR/QVM10.1.ADA7.Malware.Gen 20190120
Rising Malware.Heuristic.MLite(100%) (AI-LITE:8SjRRSAmc/B8ep5hpElVyQ) 20190120
Symantec ML.Attribute.HighConfidence 20190119
Trapmine suspicious.low.ml.score 20190103
VBA32 BScope.Trojan.Azden 20190118
Webroot W32.Trojan.Gen 20190120
Yandex Trojan.PWS.IcedID! 20190118
Zillya Trojan.IcedId.Win32.411 20190118
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190120
AegisLab 20190120
AhnLab-V3 20190120
Alibaba 20180921
ALYac 20190120
Avast-Mobile 20190118
Avira (no cloud) 20190120
Babable 20180918
Baidu 20190118
Bkav 20190119
CAT-QuickHeal 20190120
ClamAV 20190120
CMC 20190120
Comodo 20190120
CrowdStrike Falcon (ML) 20181023
Cyren 20190120
eGambit 20190120
F-Prot 20190120
Ikarus 20190120
K7AntiVirus 20190120
K7GW 20190120
Kingsoft 20190120
Palo Alto Networks (Known Signatures) 20190120
SentinelOne (Static ML) 20190118
Sophos AV 20190120
SUPERAntiSpyware 20190116
TACHYON 20190120
Tencent 20190120
TheHacker 20190118
TotalDefense 20190120
TrendMicro 20190120
TrendMicro-HouseCall 20190120
Trustlook 20190120
ViRobot 20190120
Zoner 20190120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2001 Pen-Link Grass. All rights reserved

Original name wishsingle.exe
Internal name Feelsit
File version 1.5.70.83
Description Feelsit
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-13 12:49:31
Entry Point 0x00001DD1
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
GetSystemDirectoryA
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
GetCurrentDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
GetCPInfo
GetModuleFileNameW
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
WideCharToMultiByte
IsValidCodePage
HeapCreate
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
GetWindowTextA
OleUninitialize
CoCreateInstance
CoInitialize
OleInitialize
OleCreate
CoUninitialize
CLSIDFromString
Number of PE resources by type
RT_ICON 8
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 11
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
227328

ImageVersion
0.0

FileVersionNumber
1.5.70.83

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
wishsingle.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.5.70.83

TimeStamp
2012:12:13 13:49:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Feelsit

ProductVersion
1.5.70.83

FileDescription
Feelsit

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright 2001 Pen-Link Grass. All rights reserved

MachineType
Intel 386 or later, and compatibles

CompanyName
Pen-Link Grass

CodeSize
119296

FileSubtype
0

ProductVersionNumber
1.5.70.83

EntryPoint
0x1dd1

ObjectFileType
Executable application

File identification
MD5 40bfa2bdb41e4a0f89439a3304b32a91
SHA1 6614de8b2501d79e6e4598ab065c7ae18a2ee312
SHA256 f5d1705ccb3d8aa9de107112b3bc4596fd27e5ca2c3f31b2658313b9df494492
ssdeep
6144:7Pp2P4lPzkIM2xDPIjFr6+t5MjaPQNEQ6kKHtW:7Pp2gPHdxDPIZr5vM4QNZ6kKH

authentihash 8ed6a269e273f463f4a1dc30f109a0b6ebef9c05a6509c9c29b2ebb440d22f79
imphash 954f66cc46bfe92a7788b9a8a9f12c5e
File size 290.0 KB ( 296960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-20 18:30:03 UTC ( 2 months ago )
Last submission 2019-01-20 18:30:03 UTC ( 2 months ago )
File names Feelsit
wishsingle.exe
.
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.