× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fb86cf9475d3873a8f84fdaf3a3f50142ccd36210aa78b2ee282cb2b8bf5db44
File name: poll1.exe
Detection ratio: 44 / 68
Analysis date: 2018-07-22 13:00:55 UTC ( 10 months ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Yakes.memp!c 20180722
AhnLab-V3 Trojan/Win32.Ransomlock.R165025 20180721
Antiy-AVL Trojan/Win32.Yakes 20180722
Avast Win32:Dropper-gen [Drp] 20180722
AVG Win32:Dropper-gen [Drp] 20180722
Avira (no cloud) HEUR/AGEN.1000860 20180722
AVware Trojan.Win32.Generic!BT 20180722
Babable Malware.HighConfidence 20180406
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9934 20180717
CAT-QuickHeal Trojan.Generic.B4 20180722
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180530
Cylance Unsafe 20180722
Cyren W32/Trojan.ALQB-2486 20180722
DrWeb Trojan.PWS.Steam.6169 20180722
Endgame malicious (high confidence) 20180711
ESET-NOD32 Win32/Neurevt.I 20180722
Fortinet W32/Yakes.I!tr 20180722
Ikarus Trojan.Win32.Crypt 20180722
Sophos ML heuristic 20180717
Jiangmin Trojan/Yakes.yzc 20180722
K7AntiVirus Trojan ( 004bee391 ) 20180722
K7GW Trojan ( 004bee391 ) 20180722
Kaspersky Trojan.Win32.Yakes.memp 20180722
MAX malware (ai score=100) 20180722
McAfee Artemis!C1FFBAB1B5A2 20180722
McAfee-GW-Edition BehavesLike.Win32.Dropper.gh 20180722
Microsoft Trojan:Win32/Skeeyah.A!rfn 20180722
NANO-Antivirus Trojan.Win32.Yakes.dwwhty 20180722
Palo Alto Networks (Known Signatures) generic.ml 20180722
Panda Trj/Genetic.gen 20180722
Qihoo-360 Win32/Trojan.f55 20180722
Rising Trojan.Skeeyah!8.3A6 (CLOUD) 20180722
Sophos AV Mal/Generic-S 20180722
Symantec ML.Attribute.HighConfidence 20180721
Tencent Win32.Trojan.Yakes.Szln 20180722
TheHacker Trojan/Neurevt.i 20180720
TrendMicro TROJ_GEN.R061C0GFD18 20180722
TrendMicro-HouseCall TROJ_GEN.R061C0GFD18 20180722
VBA32 Trojan.Yakes 20180720
VIPRE Trojan.Win32.Generic!BT 20180722
Webroot W32.Trojan.GenKD 20180722
Yandex Trojan.Yakes!SU7zjxXPYLE 20180720
Zillya Trojan.Yakes.Win32.38967 20180720
ZoneAlarm by Check Point Trojan.Win32.Yakes.memp 20180722
Ad-Aware 20180722
Alibaba 20180713
ALYac 20180722
Arcabit 20180722
Avast-Mobile 20180722
BitDefender 20180722
Bkav 20180719
ClamAV 20180722
CMC 20180722
Comodo 20180722
Cybereason 20180225
eGambit 20180722
Emsisoft 20180722
F-Prot 20180722
F-Secure 20180722
GData 20180722
Kingsoft 20180722
Malwarebytes 20180722
eScan 20180722
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180722
TACHYON 20180722
TotalDefense 20180722
Trustlook 20180722
ViRobot 20180722
Zoner 20180721
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-10 19:00:29
Entry Point 0x000226F6
Number of sections 9
PE sections
PE imports
CryptEnumProviderTypesA
CreateToolbarEx
Ord(6)
ImageList_ReplaceIcon
ImageList_Create
GetSaveFileNameA
ChooseFontA
TextOutA
CreateFontIndirectA
GetTextMetricsA
CombineRgn
EnumFontsA
GetDeviceCaps
DeleteDC
DeleteObject
SetTextColor
GetObjectA
CreateFontA
CreateEllipticRgn
MoveToEx
GetStockObject
SetViewportOrgEx
SelectClipRgn
CreateCompatibleDC
StretchDIBits
CreateRectRgn
SelectObject
GetTextExtentPoint32A
AbortDoc
CreateCompatibleBitmap
GetStdHandle
EncodePointer
GetFileAttributesW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
InterlockedDecrement
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
GetVolumeInformationA
WriteProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
CreatePipe
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
BackupWrite
WaitForMultipleObjects
GetProcessHeap
lstrcpyA
GetProfileStringA
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GlobalUnlock
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GlobalLock
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
Sleep
FindResourceA
acmDriverDetailsA
acmDriverOpen
ICInfo
ICOpen
SysFreeString
SysStringLen
OleLoadPicture
SysAllocStringLen
RasEnumConnectionsA
SHGetFileInfoA
DragAcceptFiles
Shell_NotifyIconA
DragFinish
DragQueryFileA
SetFocus
GetMessageA
GetParent
ReleaseDC
BeginPaint
MoveWindow
DefMDIChildProcA
LoadImageA
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
SetWindowPos
GetWindowThreadProcessId
FreeDDElParam
GetSystemMetrics
DdeCreateStringHandleA
AppendMenuA
GetWindowRect
DispatchMessageA
EndPaint
DestroyIcon
PostMessageA
SetMenuItemInfoA
MessageBoxA
PeekMessageA
GetWindowDC
SetWindowLongA
TranslateMessage
GetDC
RegisterClassExA
GetCursorPos
CreatePopupMenu
GetDlgCtrlID
SetWindowTextA
GetMenu
GetWindowLongA
SendMessageTimeoutA
SendMessageA
UnpackDDElParam
GetDlgItem
DrawMenuBar
PackDDElParam
CharLowerBuffA
CopyImage
InvalidateRect
wsprintfA
GetWindowTextLengthA
CreateWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
ShowCursor
AttachThreadInput
WaitForInputIdle
GetDialogBaseUnits
GetFocus
MsgWaitForMultipleObjects
GetWindowTextA
SetCursor
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_STRING 11
RT_DIALOG 5
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
Number of PE resources by language
ENGLISH US 20
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:09:10 20:00:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
189440

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
224768

ImageFileCharacteristics
Executable, No line numbers, No symbols, Aggressive working-set trim, Large address aware, 32-bit, No debug, Net run from swap

EntryPoint
0x226f6

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 c1ffbab1b5a2b623ff59df19f0e54a62
SHA1 b63d5d66490adcab3e6afba26cc1429dd02641cc
SHA256 fb86cf9475d3873a8f84fdaf3a3f50142ccd36210aa78b2ee282cb2b8bf5db44
ssdeep
6144:GYv63uRohxOr7KHmBaiL6oZ13iB43dETc9MvSVT5+gs9mrfu3jVsxwrFDdlTBJ8J:3v6eeZGNi436TcK1mrW3jSxuDn6zdXl

authentihash 50015c393b566732491877727da3d2aa5ba6e408c0d283825365b6f3d41dc2c7
imphash c2b875d2cbb33ff150ab6004ac1d6e79
File size 405.5 KB ( 415232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-09-12 07:35:38 UTC ( 3 years, 8 months ago )
Last submission 2015-09-14 16:45:43 UTC ( 3 years, 8 months ago )
File names GE8y.js
VirusShare_c1ffbab1b5a2b623ff59df19f0e54a62
aa
24.vir
poll1.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R0CCC0VIC15.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Searched windows
Runtime DLLs