× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1a8c9be977033647a54d8e9cf743612728a98aa7c2c78880544628995554c9ff
File name: arrmeapsie64.exe
Detection ratio: 40 / 64
Analysis date: 2017-08-23 02:05:51 UTC ( 1 year, 8 months ago )
Antivirus Result Update
Ad-Aware Adware.AdPeak.AA 20170823
AegisLab AdWare.Win64.Agent.g!c 20170823
AhnLab-V3 PUP/Win32.Agent.C1315540 20170823
ALYac Adware.AdPeak.AA 20170823
Antiy-AVL Trojan/Win32.SGeneric 20170823
Arcabit Adware.AdPeak.AA 20170823
Avast Win64:PUP-gen [PUP] 20170823
AVG Win64:PUP-gen [PUP] 20170823
Avira (no cloud) ADWARE/Adpeak.E 20170822
AVware Trojan.Win32.Generic!BT 20170823
BitDefender Adware.AdPeak.AA 20170823
CAT-QuickHeal AdWare.Win64 20170822
Comodo ApplicUnwnt 20170823
DrWeb Adware.Shopper.520 20170823
Emsisoft Adware.AdPeak.AA (B) 20170822
ESET-NOD32 a variant of Win64/Adware.Adpeak.F 20170823
F-Secure Adware.AdPeak.AA 20170823
Fortinet Adware/Adpeak 20170823
GData Adware.AdPeak.AA 20170823
Ikarus not-a-virus:AdWare.Agent 20170822
Sophos ML heuristic 20170822
Jiangmin AdWare/AdPeak.c 20170823
K7AntiVirus Adware ( 004a86ac1 ) 20170822
K7GW Adware ( 004a86ac1 ) 20170821
Kaspersky not-a-virus:AdWare.Win64.Agent.g 20170823
MAX malware (ai score=44) 20170823
McAfee RDN/Generic PUP.x!c2c 20170823
McAfee-GW-Edition RDN/Generic PUP.x!c2c 20170823
eScan Adware.AdPeak.AA 20170822
NANO-Antivirus Riskware.Win64.Shopper.dfojuj 20170823
Rising Trojan.Generic (cloud:44PQ7je8NvO) 20170823
Sophos AV AdPeak (PUA) 20170823
SUPERAntiSpyware Adware.SwiftBrowse/Variant 20170823
TrendMicro-HouseCall ADW_SWIFTBRO 20170823
VBA32 AdWare.Win64.Agent 20170822
VIPRE Trojan.Win32.Generic!BT 20170823
ViRobot Adware.Adpeak.172544.B 20170823
Yandex PUA.Adpeak! 20170821
Zillya Adware.Adpeak.Win64.13 20170822
ZoneAlarm by Check Point not-a-virus:AdWare.Win64.Agent.g 20170823
Alibaba 20170823
Baidu 20170822
Bkav 20170823
ClamAV 20170822
CMC 20170822
CrowdStrike Falcon (ML) 20170804
Cylance 20170823
Cyren 20170823
Endgame 20170821
F-Prot 20170823
Kingsoft 20170823
Malwarebytes 20170823
Microsoft 20170822
nProtect 20170823
Palo Alto Networks (Known Signatures) 20170823
Qihoo-360 20170823
SentinelOne (Static ML) 20170806
Symantec 20170823
Symantec Mobile Insight 20170823
Tencent 20170823
TheHacker 20170821
TotalDefense 20170822
TrendMicro 20170823
Trustlook 20170823
Webroot 20170823
WhiteArmor 20170817
Zoner 20170823
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2014-09-02 17:21:36
Entry Point 0x0000E2CC
Number of sections 6
PE sections
PE imports
CloseServiceHandle
RegisterServiceCtrlHandlerW
RegCloseKey
RegisterEventSourceW
SetServiceStatus
DeregisterEventSource
QueryServiceStatus
RegQueryValueExA
OpenSCManagerW
ReportEventW
OpenServiceW
ControlService
StartServiceCtrlDispatcherW
DeleteService
RegOpenKeyExA
CreateServiceW
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
SetEvent
QueryPerformanceCounter
CompareStringW
HeapAlloc
FlsGetValue
FlsSetValue
GetEnvironmentStringsW
FlushFileBuffers
lstrcmpiW
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
RtlPcToFileHeader
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
SetLastError
GetModuleHandleW
GetCommandLineW
RtlVirtualUnwind
WideCharToMultiByte
UnhandledExceptionFilter
IsValidCodePage
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
FlsAlloc
GetUserDefaultLCID
RtlCaptureContext
EncodePointer
GetProcessHeap
SetStdHandle
SetFilePointer
RaiseException
GetCPInfo
GetProcAddress
ExpandEnvironmentStringsW
HeapSetInformation
GetCurrentThreadId
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
DecodePointer
GetConsoleCP
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
RtlUnwindEx
GetOEMCP
TerminateProcess
LoadLibraryW
CreateEventW
FlsFree
InitializeCriticalSection
HeapCreate
WriteFile
CreateFileW
IsDebuggerPresent
Sleep
GetFileType
GetTickCount
GetVersion
LeaveCriticalSection
ExitProcess
WriteConsoleW
CloseHandle
?pf_getNFEventHandler@ProtocolFilters@@YAPEAVNF_EventHandler@nfapi@@XZ
?pf_addFilter@ProtocolFilters@@YAH_KW4_PF_FilterType@1@KW4_PF_OpTarget@1@1@Z
?pf_postObject@ProtocolFilters@@YAH_KPEAVPFObject@1@@Z
?pf_canDisableFiltering@ProtocolFilters@@YAH_K@Z
?pf_free@ProtocolFilters@@YAXXZ
?pf_init@ProtocolFilters@@YAHPEAVPFEvents@1@PEB_W@Z
SHGetSpecialFolderPathW
wsprintfW
?nf_tcpSetConnectionState@nfapi@@YA?AW4_NF_STATUS@@_KH@Z
?nf_adjustProcessPriviledges@nfapi@@YAXXZ
?nf_udpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPEBEPEBDHPEFAU_NF_UDP_OPTIONS@1@@Z
?nf_udpSetConnectionState@nfapi@@YA?AW4_NF_STATUS@@_KH@Z
?nf_tcpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPEBDH@Z
?nf_free@nfapi@@YAXXZ
?nf_udpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPEBEPEBDHPEFAU_NF_UDP_OPTIONS@1@@Z
?nf_init@nfapi@@YA?AW4_NF_STATUS@@PEBDPEAVNF_EventHandler@1@@Z
?nf_tcpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPEBDH@Z
?nf_addRule@nfapi@@YA?AW4_NF_STATUS@@PEFAU_NF_RULE@1@H@Z
?nf_tcpDisableFiltering@nfapi@@YA?AW4_NF_STATUS@@_K@Z
Number of PE resources by type
RT_MANIFEST 1
RT_MESSAGETABLE 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

TimeStamp
2014:09:02 18:21:36+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
113152

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
58368

SubsystemVersion
5.2

EntryPoint
0xe2cc

OSVersion
5.2

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 f81093504224f0ae8aa86199143963dc
SHA1 2b160b725103f03c553499a0fcc802833406360d
SHA256 1a8c9be977033647a54d8e9cf743612728a98aa7c2c78880544628995554c9ff
ssdeep
3072:PBu4CDptGhmBo3KwLl7IrYHlTO0LQhcFWpxTtYhnnc8IrW:PCDptJS3Kwp79TO0LQhcF4Rrv

authentihash 60c2654ec685632aa1451c7de1b6b9f2b2d0552c73c066acb320bd7b687abdb7
imphash 15c6f290315243e9393247f57d016ec1
File size 168.5 KB ( 172544 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (87.3%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2014-09-10 09:17:02 UTC ( 4 years, 7 months ago )
Last submission 2017-04-11 19:46:20 UTC ( 2 years ago )
File names ftszucmhbl64.exe
00b93ff1-f8df-c4a3-204b-768008521e61_1d209c60faea9c3
98af45a2-4ebc-605f-aeef-06daf1a020d1_1d1e9d2ae785034
f921df3c-a2d3-d16e-d272-7e36634d24f6_1d1f5df6d68f6f0
arrmeapsie64.exe.VIRUS
ARRMEAPSIE64.EXE
msisiluytm64.exe
b08b92b8-d583-871e-b4fa-c79b38632f30_1d1dde905ee9326
2b160b725103f03c553499a0fcc802833406360d.exe.vir
msisiluytm64.exe
arrmeapsie64.exe
msisiluytm64.exe
file-7673262_exe
ftszucmhbl64.exe
2b160b725103f03c553499a0fcc802833406360d.exe
vti-rescan
kwcwagadsn64.exe
arrmeapsie64.exe
kwcwagadsn64.exe
arrmeapsie64.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!