× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f8deb43160c31a4ea0196e280e915d3ee12cdff70fc888754187da2cbe582039
File name: lvv.exe
Detection ratio: 12 / 68
Analysis date: 2018-11-27 16:36:49 UTC ( 2 months, 4 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cylance Unsafe 20181127
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181108
K7AntiVirus Trojan ( 005413c71 ) 20181127
K7GW Trojan ( 005413c71 ) 20181127
Microsoft Trojan:Win32/Fuerboos.C!cl 20181127
Qihoo-360 HEUR/QVM20.1.7D61.Malware.Gen 20181127
Rising Malware.Heuristic!ET#93% (RDM+:cmRtazrJ+qnS9dF+gYXGfrPPfPVF) 20181127
Trapmine malicious.high.ml.score 20181126
VBA32 Malware-Cryptor.General.3 20181127
Webroot W32.Trojan.Gen 20181127
Ad-Aware 20181127
AegisLab 20181127
AhnLab-V3 20181127
Alibaba 20180921
ALYac 20181127
Antiy-AVL 20181127
Arcabit 20181127
Avast 20181127
Avast-Mobile 20181127
AVG 20181127
Avira (no cloud) 20181127
Babable 20180918
Baidu 20181127
BitDefender 20181127
Bkav 20181127
CAT-QuickHeal 20181127
ClamAV 20181127
CMC 20181127
Comodo 20181127
Cybereason 20180225
Cyren 20181127
DrWeb 20181127
eGambit 20181127
Emsisoft 20181127
ESET-NOD32 20181127
F-Prot 20181127
F-Secure 20181127
Fortinet 20181127
GData 20181127
Ikarus 20181127
Jiangmin 20181127
Kaspersky 20181127
Kingsoft 20181127
Malwarebytes 20181127
MAX 20181127
McAfee 20181127
McAfee-GW-Edition 20181127
eScan 20181127
NANO-Antivirus 20181127
Palo Alto Networks (Known Signatures) 20181127
Panda 20181127
SentinelOne (Static ML) 20181011
Sophos AV 20181127
SUPERAntiSpyware 20181121
Symantec 20181127
Symantec Mobile Insight 20181121
TACHYON 20181127
Tencent 20181127
TheHacker 20181126
TrendMicro 20181127
TrendMicro-HouseCall 20181127
Trustlook 20181127
ViRobot 20181127
Yandex 20181127
Zillya 20181126
ZoneAlarm by Check Point 20181127
Zoner 20181127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2013 Steganos Software GmbH

Product Steganos Safe 17
Original name SteganosHotKeyService.exe
Internal name SteganosHotKeyService.exe
File version 17.0.2.11443
Description Steganos Hot Key Service
Comments Steganos Safe 17
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 1:52 AM 2/18/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-22 16:34:51
Entry Point 0x00011190
Number of sections 4
PE sections
Overlays
MD5 829d2a4866b47173c2beb49a8f9e8218
File type data
Offset 134656
Size 3336
Entropy 7.34
PE imports
RegOpenKeyExW
GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA
GetWindowExtEx
SetMapMode
SetBkMode
PatBlt
SaveDC
TextOutA
CreateFontIndirectA
LPtoDP
GetClipBox
GetObjectA
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetMapMode
DeleteObject
IntersectClipRect
BitBlt
SetTextColor
GetDeviceCaps
RectVisible
CreateBitmap
Escape
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
GetViewportExtEx
ExtTextOutA
PtVisible
CreateCompatibleDC
GetBkColor
ScaleViewportExtEx
SelectObject
SetWindowExtEx
GetTextColor
CreateSolidBrush
DPtoLP
GetTextExtentPointA
SetBkColor
SetViewportExtEx
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
IsBadCodePtr
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetExitCodeProcess
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
GetProfileIntA
SetLastError
GetEnvironmentVariableA
GlobalFindAtomA
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FormatMessageA
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SearchPathA
SetEndOfFile
GetVersion
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
UnlockFile
GetFileSize
LCMapStringW
CreateDirectoryA
DeleteFileA
GetCPInfo
GlobalLock
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
CompareStringA
GetTempFileNameA
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
CopyFileA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
GlobalDeleteAtom
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
SizeofResource
WritePrivateProfileStringA
LockResource
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
GetEnvironmentStrings
HeapCreate
VirtualFree
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
ShellExecuteExA
SHGetFolderPathA
ShellExecuteA
SHGetSpecialFolderPathA
PathFileExistsA
RedrawWindow
GetMessagePos
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
EndPaint
GrayStringA
CopyRect
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
SendMessageW
UnregisterClassA
GetClassInfoW
DefWindowProcW
AllowSetForegroundWindow
DrawTextW
CopyAcceleratorTableA
GetWindowTextLengthA
LoadImageW
ClientToScreen
GetTopWindow
GetWindowTextW
GetWindowTextLengthW
GetActiveWindow
GetWindowTextA
InvalidateRgn
PtInRect
GetParent
UpdateWindow
SetPropA
SetClassLongW
GetMessageW
ShowWindow
GetPropA
GetNextDlgGroupItem
PeekMessageW
EnableWindow
TranslateMessage
GetWindow
LoadStringA
RegisterClassW
IsIconic
RegisterClassA
TabbedTextOutA
GetSubMenu
SetTimer
IsDialogMessageW
SwitchToThisWindow
CreateAcceleratorTableW
GetSysColorBrush
CreateWindowExW
GetWindowLongW
DestroyWindow
IsChild
IsDialogMessageA
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
BeginPaint
OffsetRect
SetFocus
keybd_event
KillTimer
CharNextA
DefWindowProcA
DisableProcessWindowsGhosting
GetClassInfoExW
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
PostMessageW
CreateDialogParamW
RemovePropA
SetWindowTextA
GetClassLongW
SetWindowTextW
CreateWindowExA
GetDlgItem
BringWindowToTop
ScreenToClient
GetClassLongA
GetKeyboardState
PostThreadMessageW
GetMenuItemCount
AttachThreadInput
DestroyAcceleratorTable
GetDesktopWindow
LoadCursorW
GetDC
FillRect
SetForegroundWindow
PostThreadMessageA
DrawTextA
FindWindowW
GetCapture
MessageBeep
GetWindowThreadProcessId
MessageBoxW
GetMenu
RegisterClassExW
RegisterClipboardFormatA
MoveWindow
GetWindowDC
AdjustWindowRectEx
GetFocus
GetSysColor
DispatchMessageW
UpdateLayeredWindow
IsWindowVisible
WinHelpA
MonitorFromWindow
SetRect
InvalidateRect
CharNextW
CallWindowProcW
GetClassNameW
GetClientRect
CallWindowProcA
GetClassNameA
SendMessageTimeoutW
SetCursor
OleUninitialize
CLSIDFromString
CoTaskMemAlloc
CoRevokeClassObject
OleFlushClipboard
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes
OleInitialize
CoTaskMemFree
CreateILockBytesOnHGlobal
CoGetClassObject
Number of PE resources by type
RT_ICON 10
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
PE resources
ExifTool file metadata
CodeSize
70144

SubsystemVersion
5.0

Comments
Steganos Safe 17

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
17.0.2.11443

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Steganos Hot Key Service

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
63488

EntryPoint
0x11190

OriginalFileName
SteganosHotKeyService.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2013 Steganos Software GmbH

FileVersion
17.0.2.11443

TimeStamp
2018:11:22 17:34:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SteganosHotKeyService.exe

ProductVersion
17.0.2.11443

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Steganos Software GmbH

LegalTrademarks
Steganos Safe 17 is a trademark of Steganos Software GmbH

ProductName
Steganos Safe 17

ProductVersionNumber
17.0.2.11443

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 23fc24033a6db56239aa49281deb2b4b
SHA1 473bc1fab9bb5c19282341aaa580e897741940c4
SHA256 f8deb43160c31a4ea0196e280e915d3ee12cdff70fc888754187da2cbe582039
ssdeep
3072:0rj7SUZKIuYlL8RA7/UU1hYAE81ew/WQfTPA5txvcnID4b:0rSUZKE2A7aM0w+6PCH8

authentihash 5d0db9dc73975badc05d334cdc4f0289d1cdf388837eb72557867facd516010a
imphash b3107ea5bf6a90595f755d2b1b34daf1
File size 134.8 KB ( 137992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-11-27 16:36:36 UTC ( 2 months, 4 weeks ago )
Last submission 2018-11-27 16:36:49 UTC ( 2 months, 4 weeks ago )
File names SteganosHotKeyService.exe
lvv.exe
P.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications