× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f7e672cabe5b9f74d548a79113ebf23e6da5316c08b0213b449488890350b066
File name: 44783M8UH77G8L8_NKUBYHU5VFXXBH878XO6HLTTKPPZF28TSDU5KWPPK_11C1JL.EXE
Detection ratio: 33 / 66
Analysis date: 2018-11-10 15:06:13 UTC ( 4 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40742266 20181110
AegisLab Trojan.Win32.Mansabo.4!c 20181110
Arcabit Trojan.Generic.D26DAD7A 20181110
Avast Win32:Malware-gen 20181110
AVG Win32:Malware-gen 20181110
BitDefender Trojan.GenericKD.40742266 20181110
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cyren W32/Trojan.IKZX-0316 20181110
DrWeb Trojan.DownLoader27.14563 20181110
Emsisoft Trojan.GenericKD.40742266 (B) 20181110
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CQOJ 20181110
F-Secure Trojan.GenericKD.40742266 20181110
Fortinet Malicious_Behavior.SB 20181110
GData Trojan.GenericKD.40742266 20181110
Ikarus Trojan-Banker.TrickBot 20181110
Sophos ML heuristic 20181108
K7AntiVirus Riskware ( 0040eff71 ) 20181110
Kaspersky Trojan.Win32.Mansabo.bon 20181110
Malwarebytes Trojan.TrickBot 20181110
MAX malware (ai score=86) 20181110
McAfee RDN/Generic.grp 20181110
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20181110
Microsoft Trojan:Win32/MereTam.A 20181110
eScan Trojan.GenericKD.40742266 20181110
NANO-Antivirus Trojan.Win32.GenKryptik.fjzlxu 20181110
Palo Alto Networks (Known Signatures) generic.ml 20181110
Qihoo-360 HEUR/QVM03.0.19C9.Malware.Gen 20181110
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20181110
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181109
Webroot W32.Trojan.Trickbot 20181110
ZoneAlarm by Check Point Trojan.Win32.Mansabo.bon 20181110
AhnLab-V3 20181110
Alibaba 20180921
ALYac 20181110
Antiy-AVL 20181110
Avast-Mobile 20181110
Avira (no cloud) 20181110
Babable 20180918
Baidu 20181109
Bkav 20181110
CAT-QuickHeal 20181108
ClamAV 20181110
CMC 20181110
Cybereason 20180225
Cylance 20181110
F-Prot 20181110
Jiangmin 20181110
K7GW 20181109
Kingsoft 20181110
Panda 20181110
Sophos AV 20181110
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181110
Tencent 20181110
TheHacker 20181108
TotalDefense 20181110
TrendMicro 20181110
TrendMicro-HouseCall 20181110
Trustlook 20181110
VBA32 20181109
ViRobot 20181110
Yandex 20181109
Zillya 20181109
Zoner 20181110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product ScrollingLabel
Original name ScrollingLabel.exe
Internal name ScrollingLabel
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-09 10:53:08
Entry Point 0x00001698
Number of sections 3
PE sections
PE imports
RtlMoveMemory
GetProcAddress
_adj_fdivr_m64
__vbaGenerateBoundsError
_allmul
EVENT_SINK_Invoke
_adj_fprem
__vbaR4Var
__vbaAryMove
__vbaObjVar
__vbaRaiseEvent
_adj_fdiv_r
__vbaObjSetAddref
Ord(100)
__vbaHresultCheckObj
__vbaI2Var
_CIlog
Ord(595)
_adj_fptan
__vbaI4Var
__vbaLateIdCall
__vbaFreeStr
__vbaLateIdCallLd
Ord(631)
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(516)
Ord(320)
__vbaLenBstr
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
Zombie_GetTypeInfoCount
__vbaUbound
__vbaFreeVar
__vbaLbound
Ord(319)
Ord(321)
_CIsin
__vbaNew
_CIsqrt
EVENT_SINK_Release
__vbaVarTstEq
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
__vbaChkstk
__vbaStrCmp
__vbaAryUnlock
__vbaBoolVar
__vbaFreeObjList
EVENT_SINK_GetIDsOfNames
__vbaVar2Vec
__vbaFreeVarList
__vbaExitProc
Zombie_GetTypeInfo
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
_CIcos
__vbaVarMove
__vbaErrorOverflow
__vbaNew2
__vbaLateIdSt
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
_adj_fdiv_m32
Ord(685)
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_m64
__vbaCastObjVar
Ord(534)
__vbaUI1I4
__vbaUI1I2
__vbaAryLock
_CIatan
Ord(587)
__vbaR8Var
__vbaObjSet
Ord(644)
_CIexp
__vbaFpR4
_CItan
__vbaFpI2
SysReAllocString
SysAllocStringLen
Number of PE resources by type
RT_ICON 7
RT_STRING 5
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
ENGLISH US 6
GERMAN LUXEMBOURG 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
278528

EntryPoint
0x1698

OriginalFileName
ScrollingLabel.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2018:11:09 11:53:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ScrollingLabel

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
By Julian Dowdeswell

CodeSize
110592

ProductName
ScrollingLabel

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6386e8e133a2d48b5bbbb43f8f927bd8
SHA1 457fe6a1ac3b4225b63a7ade29596be60755a166
SHA256 f7e672cabe5b9f74d548a79113ebf23e6da5316c08b0213b449488890350b066
ssdeep
6144:PaZ8OEF4uvQoAGfmRBISUqUsiY6sDodcBO5cp4M6HsoMWwcw+r:PLWuhAG+RBISLU2DmcuUS/Cc

authentihash 4ac4e72e754e6771323c1df1b9aa25d4e776d333f7f77258df0701d84537913d
imphash e233fa73e53e6d1e940c99fb8a914d14
File size 384.0 KB ( 393216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (62.9%)
Win32 Executable MS Visual C++ (generic) (23.9%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
OS/2 Executable (generic) (1.5%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-09 14:48:02 UTC ( 4 months, 1 week ago )
Last submission 2018-11-16 05:28:00 UTC ( 4 months ago )
File names ScrollingLabel.exe
table.png
ScrollingLabel
6386e8e133a2d48b5bbbb43f8f927bd8
44783M8UH77G8L8_NKUBYHU5VFXXBH878XO6HLTTKPPZF28TSDU5KWPPK_11C1JL.EXE
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.