× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f849289406762511c012e381bdc0a761b5db77be4b0328edae338910675dabf6
File name: newdoc.exe
Detection ratio: 23 / 67
Analysis date: 2018-04-23 10:02:51 UTC ( 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.85509 20180423
ALYac Gen:Variant.Symmi.85509 20180423
Arcabit Trojan.Symmi.D14E05 20180423
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9997 20180423
BitDefender Gen:Variant.Symmi.85509 20180423
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180418
Cylance Unsafe 20180423
Cyren W32/VBKrypt.E.gen!Eldorado 20180423
DrWeb Trojan.PWS.Stealer.1932 20180423
Emsisoft Gen:Variant.Symmi.85509 (B) 20180423
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Injector.DXND 20180423
F-Prot W32/VBKrypt.E.gen!Eldorado 20180423
GData Win32.Trojan.Injector.NC 20180423
Sophos ML heuristic 20180121
Malwarebytes Trojan.PasswordStealer 20180423
MAX malware (ai score=85) 20180423
McAfee-GW-Edition BehavesLike.Win32.Fareit.jh 20180423
eScan Gen:Variant.Symmi.85509 20180423
Palo Alto Networks (Known Signatures) generic.ml 20180423
Qihoo-360 HEUR/QVM03.0.B18C.Malware.Gen 20180423
SentinelOne (Static ML) static engine - malicious 20180225
Tencent Win32.Trojan.Symmi.Wvkl 20180423
AegisLab 20180423
AhnLab-V3 20180423
Alibaba 20180423
Antiy-AVL 20180418
Avast 20180423
Avast-Mobile 20180422
AVG 20180423
Avira (no cloud) 20180423
AVware 20180423
Babable 20180406
Bkav 20180410
CAT-QuickHeal 20180423
ClamAV 20180423
CMC 20180423
Comodo 20180423
Cybereason None
eGambit 20180423
F-Secure 20180423
Fortinet 20180423
Ikarus 20180423
Jiangmin 20180423
K7AntiVirus 20180423
K7GW 20180423
Kaspersky 20180423
Kingsoft 20180423
McAfee 20180423
Microsoft 20180423
NANO-Antivirus 20180423
nProtect 20180423
Panda 20180422
Rising 20180423
Sophos AV 20180423
SUPERAntiSpyware 20180423
Symantec 20180422
Symantec Mobile Insight 20180419
TheHacker 20180423
TrendMicro 20180423
TrendMicro-HouseCall 20180423
Trustlook 20180423
VBA32 20180420
VIPRE 20180423
ViRobot 20180423
Webroot 20180423
Yandex 20180420
Zillya 20180420
ZoneAlarm by Check Point 20180423
Zoner 20180422
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
BITCOia PROJeca

Product xPLODI
Original name Starke6.exe
Internal name Starke6
File version 3.08
Comments bASPER fQ GAc
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-22 19:35:40
Entry Point 0x00001278
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
Ord(617)
__vbaCyI4
__vbaStrCmp
__vbaI4Cy
_adj_fdivr_m64
_adj_fprem
Ord(661)
_adj_fpatan
_adj_fdiv_m32i
EVENT_SINK_AddRef
__vbaRedimPreserve
__vbaGenerateBoundsError
Ord(652)
__vbaCyAdd
__vbaStrCopy
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
__vbaStrVarMove
_adj_fdivr_m16i
__vbaUbound
EVENT_SINK_Release
_adj_fdiv_r
Ord(100)
__vbaFreeVar
_adj_fdiv_m64
__vbaFreeObj
_CIsin
_CIsqrt
__vbaHresultCheckObj
_CIlog
Ord(606)
__vbaInStrVar
_allmul
_CIcos
EVENT_SINK_QueryInterface
_adj_fptan
__vbaFpCmpCy
__vbaI4Var
__vbaVarDiv
__vbaVarMove
__vbaErrorOverflow
_CIatan
Ord(608)
__vbaNew2
_adj_fdivr_m32i
Ord(631)
_CIexp
__vbaStrMove
_adj_fprem1
_adj_fdivr_m32
__vbaVarCopy
_CItan
Ord(609)
__vbaFreeStr
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 5
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
614400

SubsystemVersion
4.0

Comments
bASPER fQ GAc

InitializedDataSize
16384

ImageVersion
3.8

FileSubtype
0

FileVersionNumber
3.8.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

EntryPoint
0x1278

OriginalFileName
Starke6.exe

MIMEType
application/octet-stream

LegalCopyright
BITCOia PROJeca

FileVersion
3.08

TimeStamp
2018:04:22 20:35:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Starke6

ProductVersion
3.08

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

LegalTrademarks
Estonsofa Sta.

ProductName
xPLODI

ProductVersionNumber
3.8.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 dae3205054401c3680c1127f3eb19dbf
SHA1 ab9ceba99fa5fb98b7ef9f8a38471a82960dc09a
SHA256 f849289406762511c012e381bdc0a761b5db77be4b0328edae338910675dabf6
ssdeep
12288:5FlfrgF+ZZ2e30x1UTMIJzd5Iuvwl2FE8:5FlTA2h3C1U4efVwE

authentihash 4ce0db24a09e49d9848bfe82edb62f0a2303eae204d385e59150acca0d46b3b0
imphash 99b769a8c75601e1e7618ba83f0447c0
File size 620.0 KB ( 634880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (82.7%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
OS/2 Executable (generic) (2.0%)
Generic Win/DOS Executable (2.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-23 10:02:51 UTC ( 10 months ago )
Last submission 2018-05-14 05:28:30 UTC ( 9 months, 2 weeks ago )
File names newdoc.exe
Starke6.exe
output.113174903.txt
Starke6
ebrjik.scr
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.