× Cookies zijn uitgeschakeld! Voor een goede werking van deze website moeten cookies zijn ingeschakeld
SHA256: 4ceb9463ac2594d31bef71f36a62a68c112e338195a1525a9b3417c0f2d1c54d
Bestandsnaam: ssins.exe
Detectieverhouding: 7 / 57
Datum van analyse: 2016-11-21 22:54:48 UTC (2 jaren, 6 maanden geleden) Laatste weergeven
Virusscanner Resultaat Versie
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9901 20161121
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
Sophos ML virtool.win32.vbinject.rt 20161018
Kaspersky UDS:DangerousObject.Multi.Generic 20161121
McAfee-GW-Edition BehavesLike.Win32.Yahlover.fh 20161121
Qihoo-360 HEUR/QVM03.0.0000.Malware.Gen 20161121
Symantec Heur.AdvML.B 20161121
Ad-Aware 20161121
AegisLab 20161121
AhnLab-V3 20161121
Alibaba 20161121
ALYac 20161121
Antiy-AVL 20161121
Arcabit 20161121
Avast 20161121
AVG 20161121
Avira (no cloud) 20161121
AVware 20161121
BitDefender 20161121
Bkav 20161121
CAT-QuickHeal 20161121
ClamAV 20161121
CMC 20161121
Comodo 20161121
Cyren 20161121
DrWeb 20161121
Emsisoft 20161121
ESET-NOD32 20161121
F-Prot 20161121
F-Secure 20161121
Fortinet 20161121
GData 20161121
Ikarus 20161121
Jiangmin 20161121
K7AntiVirus 20161121
K7GW 20161121
Kingsoft 20161121
Malwarebytes 20161121
McAfee 20161121
Microsoft 20161121
eScan 20161121
NANO-Antivirus 20161121
nProtect 20161121
Panda 20161121
Rising 20161121
Sophos AV 20161121
SUPERAntiSpyware 20161121
Tencent 20161121
TheHacker 20161117
TotalDefense 20161121
TrendMicro 20161121
TrendMicro-HouseCall 20161121
Trustlook 20161121
VBA32 20161121
VIPRE 20161121
ViRobot 20161121
Yandex 20161121
Zillya 20161121
Zoner 20161121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
association rattachйe au consistoire central. Son but est de ...

Product association rattachйe au consistoire central. Son but est de ...
Original name Harper.exe
Internal name Harper
File version 1.00.0206
Description association rattachйe au consistoire central. Son but est de ...
Comments association rattachйe au consistoire central. Son but est de ...
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-19 06:09:31
Entry Point 0x00001134
Number of sections 3
PE sections
Overlays
MD5 4c571c1540948f8becf4d6da77e31612
File type data
Offset 176128
Size 206474
Entropy 7.98
PE imports
EVENT_SINK_QueryInterface
Ord(645)
Ord(537)
Ord(648)
Ord(516)
Ord(617)
Ord(525)
Ord(663)
EVENT_SINK_AddRef
Ord(650)
Ord(707)
Ord(717)
Ord(600)
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Ord(552)
Ord(570)
Ord(520)
Ord(100)
Ord(573)
Ord(711)
Ord(606)
EVENT_SINK_Release
Ord(595)
Ord(706)
Ord(581)
Ord(631)
Ord(545)
Number of PE resources by type
RT_ICON 7
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
CodeSize
147456

SubsystemVersion
4.0

Comments
association rattach e au consistoire central. Son but est de ...

InitializedDataSize
45056

ImageVersion
1.0

ProductName
association rattach e au consistoire central. Son but est de ...

FileVersionNumber
1.0.0.206

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Harper.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.00.0206

TimeStamp
2016:11:19 07:09:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Harper

ProductVersion
1.00.0206

FileDescription
association rattach e au consistoire central. Son but est de ...

OSVersion
4.0

FileOS
Win32

LegalCopyright
association rattach e au consistoire central. Son but est de ...

MachineType
Intel 386 or later, and compatibles

CompanyName
flash

LegalTrademarks
association rattach e au consistoire central. Son but est de ...

FileSubtype
0

ProductVersionNumber
1.0.0.206

EntryPoint
0x1134

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 c0f1af1e72056486b5f9e8fbe01ba8b1
SHA1 5056f65a84af7908896f5674a56d62081584f755
SHA256 4ceb9463ac2594d31bef71f36a62a68c112e338195a1525a9b3417c0f2d1c54d
ssdeep
6144:NEtgiRw30MUpPx8MV8i5jX8Fnn/ki8LxqgQaYDNPu819w26yoj9hA/uLkim:ua3o7fV8iyn/kPg9pGD26L9hDLJm

authentihash 149dd6ce5353b57c29666b95d51939786ea7aceff8b369d8078cb40e6cddd831
imphash d794e8090258e4a4dc6d9141a179c695
Bestandsgrootte 373.6 KB ( 382602 bytes )
Bestandstype Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.6%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-11-21 22:54:48 UTC (2 jaren, 6 maanden geleden)
Last submission 2017-10-03 12:05:11 UTC (1 jaar, 7 maanden geleden)
Bestandsnamen Harper.exe
ssins.exe
Harper
kjgsooqiuksampqi.png
4ceb9463ac2594d31bef71f36a62a68c112e338195a1525a9b3417c0f2d1c54d
c0f1af1e72056486b5f9e8fbe01ba8b1
Geen reactie. Er heeft nog geen VirusTotal-communitylid gereageerd op dit item. Wees de eerste!

Laat een reactie achter...

?
Reactie plaatsen

U bent niet ingelogd. Alleen geregistreerde gebruikers kunnen reacties plaatsen. Log in en discussieer mee!

Geen stemmen. Er heeft nog niemand gestemd op dit item. U kunt de eerste zijn!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.