× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ffceaee993a5d9228e37c67a5d18696bd44421727ecad342b6c94c8ed0475461
File name: mov.ie
Detection ratio: 26 / 68
Analysis date: 2018-07-27 03:31:53 UTC ( 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40341559 20180727
AegisLab Ml.Attribute.Gen!c 20180727
AhnLab-V3 Trojan/Win32.Meretam.R232757 20180727
Avast Win32:Malware-gen 20180727
AVG Win32:Malware-gen 20180727
Avira (no cloud) HEUR/AGEN.1024891 20180726
BitDefender Trojan.GenericKD.40341559 20180727
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180723
Cylance Unsafe 20180727
DrWeb Trojan.DownLoader26.59927 20180727
Endgame malicious (high confidence) 20180711
ESET-NOD32 Win32/TrickBot.AQ 20180727
Fortinet W32/Trickbot.F33B!tr 20180727
Ikarus Win32.Outbreak 20180726
Sophos ML heuristic 20180717
MAX malware (ai score=74) 20180727
McAfee RDN/Generic.dx 20180727
McAfee-GW-Edition BehavesLike.Win32.Dropper.hh 20180727
Microsoft Trojan:Win32/MereTam.A 20180727
Palo Alto Networks (Known Signatures) generic.ml 20180727
Qihoo-360 HEUR/QVM20.1.C683.Malware.Gen 20180727
Rising Trojan.MereTam!8.E4CE (CLOUD) 20180727
SentinelOne (Static ML) static engine - malicious 20180701
Symantec ML.Attribute.HighConfidence 20180726
TrendMicro-HouseCall Suspicious_GEN.F47V0726 20180727
Webroot W32.Trojan.Gen 20180727
Alibaba 20180713
ALYac 20180727
Antiy-AVL 20180727
Arcabit 20180727
Avast-Mobile 20180727
AVware 20180727
Babable 20180725
Baidu 20180726
Bkav 20180726
CAT-QuickHeal 20180725
ClamAV 20180727
CMC 20180726
Comodo 20180727
Cybereason 20180225
Cyren 20180727
eGambit 20180727
Emsisoft 20180727
F-Prot 20180727
F-Secure 20180727
GData 20180727
Jiangmin 20180727
K7AntiVirus 20180726
K7GW 20180727
Kaspersky 20180727
Kingsoft 20180727
Malwarebytes 20180727
eScan 20180727
NANO-Antivirus 20180727
Panda 20180726
Sophos AV 20180726
SUPERAntiSpyware 20180727
TACHYON 20180727
Tencent 20180727
TheHacker 20180726
TotalDefense 20180726
TrendMicro 20180727
Trustlook 20180727
VBA32 20180726
VIPRE 20180727
ViRobot 20180726
Yandex 20180725
Zillya 20180726
ZoneAlarm by Check Point 20180727
Zoner 20180726
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-03 16:27:08
Entry Point 0x0000E370
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateFileMappingW
GetStartupInfoA
MapViewOfFile
GetModuleHandleA
CreateFileW
ExitProcess
HeapAlloc
CloseHandle
CreateFileMappingA
CreateFileA
GetCommandLineA
Sleep
GetProcessHeap
SysFreeString
SysAllocString
SetFocus
UpdateWindow
GetMessageW
DefWindowProcW
PostQuitMessage
ShowWindow
SetClipboardViewer
GetSystemMetrics
MessageBoxW
GetWindowRect
SetCapture
PostMessageW
DispatchMessageW
SendMessageW
RegisterClassW
GetWindowLongW
GetWindowPlacement
SetWindowTextW
SetCaretPos
SetScrollRange
GetClassNameW
GetWindowTextW
GetDesktopWindow
LoadCursorW
LoadIconW
CreateWindowExW
ScrollWindow
DestroyWindow
SetCursor
CoUninitialize
CoInitialize
CoCreateInstanceEx
Number of PE resources by type
RT_BITMAP 3
RT_MENU 2
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
316416

ImageVersion
0.0

ProductName
Bambezino Inform

FileVersionNumber
1.0.0.3

UninitializedDataSize
0

LanguageCode
Unknown (5092)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unknown (B050)

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
bamezi

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.3

TimeStamp
2016:10:03 18:27:08+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Bambezino

ProductVersion
1.0.0.3

FileDescription
Bambezino Ltd. Gui application

OSVersion
4.0

FileOS
Win32

LegalCopyright
Bambezino. All rights reserved. 2017

MachineType
Intel 386 or later, and compatibles

CompanyName
Bambezino Ltd.

CodeSize
199680

FileSubtype
0

ProductVersionNumber
1.0.0.3

EntryPoint
0xe370

ObjectFileType
Executable application

File identification
MD5 c5ea63b4a3c39068c074cff74050f33b
SHA1 00759706dc107793bd926448bcbd488e63cb895c
SHA256 ffceaee993a5d9228e37c67a5d18696bd44421727ecad342b6c94c8ed0475461
ssdeep
12288:KoTkTq/hqySlCQwUzt1nEnuOPfUumwBB:ETq/hlBQ7vEnlfR7

authentihash 0700f7ef4e8e142e317b791f85f792a8853dea47d8e74660d54280413bf15433
imphash a84016d03e9431ff881c5a90a605460d
File size 504.0 KB ( 516096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-26 17:10:15 UTC ( 8 months ago )
Last submission 2018-10-01 10:42:49 UTC ( 5 months, 3 weeks ago )
File names output.113705558.txt
mov.ie
ghuuoywfsyg.exe
c5ea63b4.gxe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Opened service managers
Opened services
Runtime DLLs