× Obsługa plików cookie w przeglądarce jest wyłączona! Ta strona wymaga włączonej obsługi plików cookie, aby działać poprawnie
SHA256: ebc2d9c654484ae422723adeeee984475925da8d1e4818964358dc35abcb8dc1
Nazwa pliku: win32.exe
Współczynnik wykrycia: 17 / 64
Data analizy: 2017-08-26 05:00:27 UTC ( 1 rok, 8 miesięcy temu ) Zobacz najnowsze
Antywirus Wynik Uaktualnij
ClamAV Win.Packer.VbPack-0-6334882-0 20170826
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170826
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/PSW.Fareit.A 20170826
Fortinet W32/Injector.CYLW!tr 20170826
Sophos ML heuristic 20170822
Kaspersky UDS:DangerousObject.Multi.Generic 20170826
McAfee Fareit-FJG!75C841C9FA6F 20170826
McAfee-GW-Edition Fareit-FJG!75C841C9FA6F 20170826
eScan Trojan.Agent.CMAA 20170826
Qihoo-360 HEUR/QVM03.0.6A25.Malware.Gen 20170826
Rising Trojan.Injector!8.C4 (tfe:5:il3eI1fdIeP) 20170826
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/FareitVB-M 20170826
Symantec ML.Attribute.HighConfidence 20170825
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170826
Ad-Aware 20170826
AegisLab 20170826
AhnLab-V3 20170825
Alibaba 20170825
ALYac 20170826
Antiy-AVL 20170826
Arcabit 20170826
Avast 20170826
AVG 20170826
Avira (no cloud) 20170825
AVware 20170826
Baidu 20170825
BitDefender 20170826
Bkav 20170826
CAT-QuickHeal 20170824
Comodo 20170826
Cyren 20170826
DrWeb 20170826
Emsisoft 20170826
F-Prot 20170826
F-Secure 20170826
GData 20170826
Ikarus 20170825
Jiangmin 20170826
K7AntiVirus 20170824
K7GW 20170821
Kingsoft 20170826
Malwarebytes 20170826
MAX 20170826
Microsoft 20170826
NANO-Antivirus 20170826
nProtect 20170826
Palo Alto Networks (Known Signatures) 20170826
Panda 20170825
SUPERAntiSpyware 20170826
Symantec Mobile Insight 20170825
Tencent 20170826
TheHacker 20170825
TotalDefense 20170825
TrendMicro 20170826
TrendMicro-HouseCall 20170826
Trustlook 20170826
VBA32 20170825
VIPRE 20170826
ViRobot 20170826
Webroot 20170826
WhiteArmor 20170817
Yandex 20170825
Zillya 20170825
Zoner 20170826
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Gymnanthous1

Product Ordinater
Original name Foursquareness.exe
Internal name Foursquareness
File version 8.06.0008
Description Bluesene
Comments Chromocollotypy0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-25 19:27:53
Entry Point 0x00001174
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
_CIcos
__vbaEnd
EVENT_SINK_QueryInterface
_allmul
_adj_fprem
_adj_fpatan
EVENT_SINK_AddRef
_adj_fdiv_m32i
_adj_fdivr_m64
__vbaSetSystemError
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaObjSetAddref
_adj_fdiv_m64
__vbaFreeObj
__vbaI2Str
_CIsqrt
_CIsin
_CIlog
EVENT_SINK_Release
_adj_fptan
__vbaExceptHandler
_CIatan
__vbaNew2
_adj_fdivr_m32i
_CIexp
_adj_fprem1
_adj_fdivr_m32
_CItan
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 3
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
Hjarne8

SubsystemVersion
4.0

Comments
Chromocollotypy0

LinkerVersion
6.0

ImageVersion
8.6

FileSubtype
0

FileVersionNumber
8.6.0.8

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Bluesene

CharacterSet
Unicode

InitializedDataSize
40960

EntryPoint
0x1174

OriginalFileName
Foursquareness.exe

MIMEType
application/octet-stream

LegalCopyright
Gymnanthous1

FileVersion
8.06.0008

TimeStamp
2017:08:25 20:27:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Foursquareness

ProductVersion
8.06.0008

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
LOGITECH

CodeSize
413696

ProductName
Ordinater

ProductVersionNumber
8.6.0.8

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 75c841c9fa6f15dd1abd2ef652ce113e
SHA1 cc5cde45601c2d1616a0258d30d20323335bbd21
SHA256 ebc2d9c654484ae422723adeeee984475925da8d1e4818964358dc35abcb8dc1
ssdeep
3072:lvT8DW/xqT2X9HREWcWvauWXgEkhaFaOb:NCW+gREWh2XqhaF

authentihash e769520d4c15b109ba5207995e49cf197042d0c91846b1f562771edf3559cfd7
imphash c70e3d75f9cb94ce1057413e29b62551
File size 416.0 KB ( 425984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-26 05:00:27 UTC ( 1 rok, 8 miesięcy temu )
Last submission 2018-05-18 21:20:52 UTC ( 1 rok temu )
Nazwy plików Foursquareness
75c841c9fa6f15dd1abd2ef652ce113e.vir
Foursquareness.exe
win32.exe
Brak komentarzy. Żaden z członków społeczności VirusTotal nie skomentował tego. Bądź pierwszy, by to zrobić!

Skomentuj

?
Dodaj komentarz

Nie jesteś zalogowany. Tylko zarejestrowani użytkownicy mogą dodawać komentarze, zalogować się i mieć swój głos!

Brak ocen. Nikt jeszcze nie oddał swojego głosu, bądź pierwszy!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications