× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fdd4fae7a4af3c02f5b2d0099f693b70e844426fa33f64908c26a04351043d58
File name: Playkey_Setup.exe
Detection ratio: 25 / 59
Analysis date: 2018-03-26 17:33:13 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Locky.R218359 20180326
Avast Win32:Malware-gen 20180326
AVG Win32:Malware-gen 20180326
Avira (no cloud) TR/Dropper.Gen 20180326
AVware Trojan.Win32.Generic.pak!cobra 20180326
Baidu Multi.Threats.InArchive 20180326
CAT-QuickHeal Backdoor.Minerbot 20180326
ClamAV Win.Trojan.Emotet-6483668-0 20180326
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170201
Cyren W32/Trojan.IHQI-0950 20180326
DrWeb Trojan.DownLoader26.30751 20180326
Endgame malicious (high confidence) 20180316
ESET-NOD32 NSIS/TrojanDropper.Agent.CQ 20180326
Fortinet Riskware/Application 20180326
GData Win32.Trojan.Agent.5YN4IJ 20180326
K7AntiVirus Trojan ( 0051ed981 ) 20180326
K7GW Trojan ( 0051ed981 ) 20180326
Kaspersky HEUR:Trojan.Win32.Generic 20180326
Malwarebytes Trojan.BitCoinMiner 20180326
McAfee Artemis!95B891333840 20180326
Microsoft Backdoor:MSIL/Minerbot.A 20180326
eScan Trojan.GenericKD.30465761 20180326
NANO-Antivirus Trojan.Win32.Phpw.ezdluo 20180326
TrendMicro-HouseCall TROJ_GE.295240FE 20180326
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180326
Ad-Aware 20180326
AegisLab 20180326
Alibaba 20180326
ALYac 20180326
Antiy-AVL 20180326
Arcabit 20180326
Avast-Mobile 20180325
BitDefender 20180326
Bkav 20180326
CMC 20180326
Comodo 20180326
Cybereason None
Cylance 20180326
eGambit 20180326
Emsisoft 20180326
F-Prot 20180326
F-Secure 20180326
Ikarus 20180326
Sophos ML 20180121
Jiangmin 20180326
Kingsoft 20180326
MAX 20180326
McAfee-GW-Edition 20180326
nProtect 20180326
Palo Alto Networks (Known Signatures) 20180326
Panda 20180325
Qihoo-360 20180326
Rising 20180326
SentinelOne (Static ML) 20180225
Sophos AV 20180326
SUPERAntiSpyware 20180326
Symantec 20180326
Symantec Mobile Insight 20180311
Tencent 20180326
TheHacker 20180326
Trustlook 20180326
VBA32 20180326
VIPRE 20180326
ViRobot 20180326
WhiteArmor 20180324
Yandex 20180324
Zillya 20180326
Zoner 20180326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 7.0.0.0
Description PlayKey Setup
Packers identified
F-PROT INNO, NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-07-25 00:55:47
Entry Point 0x0000322B
Number of sections 5
PE sections
Overlays
MD5 6e783383a4a5d3ccabd0dedc703431b9
File type data
Offset 133632
Size 18063981
Entropy 8.00
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
DeleteFileA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
GetFullPathNameA
GetModuleHandleA
GetTempPathA
CreateThread
lstrcmpiA
SetFilePointer
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
MoveFileExA
GetProcAddress
SetEnvironmentVariableA
SetFileAttributesA
GetExitCodeProcess
MoveFileA
CreateProcessA
lstrcpyA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
ReleaseDC
SystemParametersInfoA
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetWindowTextA
EnableMenuItem
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DrawTextA
DestroyWindow
FillRect
RegisterClassA
CharNextA
CallWindowProcA
GetSystemMenu
EndPaint
CloseClipboard
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 5
RT_DIALOG 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
6.0

FileVersionNumber
7.0.0.0

UninitializedDataSize
1024

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
ASCII

InitializedDataSize
118784

EntryPoint
0x322b

MIMEType
application/octet-stream

FileVersion
7.0.0.0

TimeStamp
2016:07:25 01:55:47+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
PlayKey Setup

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
24064

FileSubtype
0

ProductVersionNumber
7.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e869ca36558a74ad9a16ac69886ca4d4
SHA1 055ef90700fd69561ed8b0d9c3fe1598a0c28751
SHA256 fdd4fae7a4af3c02f5b2d0099f693b70e844426fa33f64908c26a04351043d58
ssdeep
393216:zRhJT3HQ8n+nKGFJE2OdicZ/GPX9vgHAUBPfgV3FbCvEoP9e:TJTw8ncF/Y/GvBUgV3FbyEoPk

authentihash 545ab14f4be7af4b0d1d2afa7930da7fc3e733bab1222f721c74e72602d0c3a3
imphash 4f67aeda01a0484282e8c59006b0b352
File size 17.4 MB ( 18197613 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2018-03-26 17:33:13 UTC ( 2 months, 3 weeks ago )
Last submission 2018-03-26 17:33:13 UTC ( 2 months, 3 weeks ago )
File names Playkey_Setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections