× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f82cd3da315bf9841edd21f73f0c60cf2aba3de112b7399f607994b072405d15
File name: Precedences10
Detection ratio: 55 / 70
Analysis date: 2019-05-06 05:51:02 UTC ( 2 weeks, 1 day ago )
Antivirus Result Update
Acronis suspicious 20190504
Ad-Aware Trojan.GenericKD.31825358 20190506
AegisLab Trojan.Multi.Generic.4!c 20190506
AhnLab-V3 Trojan/Win32.VBKrypt.C3128670 20190506
Alibaba Backdoor:Win32/Androm.2daefae8 20190426
ALYac Trojan.GenericKD.31825358 20190506
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20190506
Arcabit Trojan.Generic.D1E59DCE 20190506
Avast Win32:DangerousSig [Trj] 20190504
AVG Win32:DangerousSig [Trj] 20190504
Avira (no cloud) TR/Fareit.awd 20190504
BitDefender Trojan.GenericKD.31825358 20190504
CAT-QuickHeal Trojan.Multi 20190504
ClamAV Win.Dropper.Gamarue-6913545-0 20190504
Comodo Malware@#2moymorhb8ont 20190504
CrowdStrike Falcon (ML) win/malicious_confidence_90% (W) 20190212
Cybereason malicious.9a29d2 20190417
Cylance Unsafe 20190506
Cyren W32/Trojan.JOVZ-3158 20190504
DrWeb Trojan.PWS.Stealer.23680 20190504
Emsisoft Trojan.GenericKD.31825358 (B) 20190504
Endgame malicious (high confidence) 20190403
ESET-NOD32 Win32/PSW.Fareit.L 20190504
F-Prot W32/Downldr2.JAGO 20190504
F-Secure Trojan.TR/Fareit.awd 20190504
FireEye Generic.mg.1ad89589a29d2db3 20190504
Fortinet W32/Fareit.L!tr 20190504
GData Win32.Trojan.Injector.YZNAIQ 20190504
Ikarus Trojan.VB.Crypt 20190504
Sophos ML heuristic 20190313
Jiangmin Backdoor.Androm.aint 20190504
K7AntiVirus Trojan ( 0054aa071 ) 20190504
K7GW Trojan ( 0054aa071 ) 20190504
Kaspersky Backdoor.Win32.Androm.rloo 20190504
Malwarebytes Trojan.MalPack.VB 20190504
MAX malware (ai score=100) 20190506
McAfee Generic.bvn 20190503
McAfee-GW-Edition Generic.bvn 20190504
Microsoft Trojan:Win32/Tiggre!bit 20190504
eScan Trojan.GenericKD.31825358 20190504
NANO-Antivirus Trojan.Win32.Androm.fombmj 20190504
Palo Alto Networks (Known Signatures) generic.ml 20190506
Panda Trj/WLT.E 20190504
Qihoo-360 HEUR/QVM03.0.1BC9.Malware.Gen 20190506
Rising Backdoor.Androm!8.113 (CLOUD) 20190504
SentinelOne (Static ML) DFI - Suspicious PE 20190420
Sophos AV Troj/Zbot-NDH 20190504
Symantec Downloader.Ponik 20190504
Tencent Win32.Backdoor.Fareit.Auto 20190506
Trapmine suspicious.low.ml.score 20190325
TrendMicro Trojan.Win32.MALREP.THCBGAI 20190504
TrendMicro-HouseCall Trojan.Win32.MALREP.THCBGAI 20190504
VBA32 TScope.Trojan.VB 20190504
Yandex Backdoor.Androm!jsED3CKzSWc 20190501
ZoneAlarm by Check Point Backdoor.Win32.Androm.rloo 20190504
Avast-Mobile 20190504
Babable 20190424
Baidu 20190318
Bkav 20190503
CMC 20190321
eGambit 20190506
Kingsoft 20190506
SUPERAntiSpyware 20190430
Symantec Mobile Insight 20190418
TACHYON 20190504
TheHacker 20190503
TotalDefense 20190504
Trustlook 20190506
ViRobot 20190504
Zillya 20190503
Zoner 20190503
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Tagmemic0
Original name Precedences10.exe
Internal name Precedences10
File version 7.04.0004
Description ruckus
Comments ABER1
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 7:51 AM 5/6/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-03-04 19:05:09
Entry Point 0x00001328
Number of sections 3
PE sections
Overlays
MD5 d786760c6d6a833cb3c526430ec832c3
File type data
Offset 978944
Size 4400
Entropy 7.59
PE imports
_adj_fdiv_m32
__vbaChkstk
__vbaCyI2
EVENT_SINK_Release
__vbaStrCmp
Ord(648)
__vbaI4Cy
Ord(516)
_adj_fdivr_m64
__vbaGet3
_adj_fprem
Ord(572)
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
Ord(526)
__vbaCyForInit
__vbaStrCopy
EVENT_SINK_QueryInterface
Ord(608)
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
__vbaRedim
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
__vbaStrMove
__vbaCastObj
_adj_fdiv_r
Ord(100)
__vbaFreeVar
__vbaObjSetAddref
__vbaAryConstruct2
__vbaFileOpen
_adj_fdiv_m64
__vbaFreeObj
__vbaHresultCheckObj
_CIsqrt
_CIsin
_CIlog
__vbaInStrVar
_allmul
_CIcos
Ord(616)
__vbaVarTstEq
_adj_fptan
__vbaI2Var
_CItan
__vbaObjSet
__vbaI4Var
__vbaVarMove
__vbaErrorOverflow
_CIatan
__vbaI2I4
__vbaNew2
__vbaLateIdCallLd
__vbaOnError
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaCyForNext
_adj_fprem1
_adj_fdivr_m32
__vbaVarDup
Ord(598)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 11
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 12
ENGLISH US 1
PE resources
ExifTool file metadata
FileDescription
ruckus

Comments
ABER1

InitializedDataSize
40960

ImageVersion
7.4

ProductName
Tagmemic0

FileVersionNumber
7.4.0.4

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Precedences10.exe

MIMEType
application/octet-stream

FileVersion
7.04.0004

TimeStamp
2007:03:04 20:05:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Precedences10

SubsystemVersion
4.0

ProductVersion
7.04.0004

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ryebeach4

CodeSize
933888

FileSubtype
0

ProductVersionNumber
7.4.0.4

EntryPoint
0x1328

ObjectFileType
Executable application

File identification
MD5 1ad89589a29d2db31d48c1915231ba5d
SHA1 40996dc08e5c81821b8e4917e5047667b92ff62d
SHA256 f82cd3da315bf9841edd21f73f0c60cf2aba3de112b7399f607994b072405d15
ssdeep
3072:u6c/uLNelDYJy2pCj0ls3ZmuzteM1wd7kIYtrQ3p8HKjWsLjXOiD2/trQ3p8HKja:o/uLNqMA2pCjR3ZmuQrklM2M+vV

authentihash 6a1a33e9b9097695c10ce9498630ffd631c375d08deb12cfbc59ea2de3a2c9cb
imphash 2fa64fb387a78d8eb152164c9a5ec665
File size 960.3 KB ( 983344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-26 11:01:17 UTC ( 1 month, 3 weeks ago )
Last submission 2019-03-29 15:12:59 UTC ( 1 month, 3 weeks ago )
File names scanned-copy.jpeg.jpg.pif
Precedences10
f82cd3da315bf9841edd21f73f0c60cf2aba3de112b7399f607994b072405d15.exe
Precedences10.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.