× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: 8429e7dd5ae9225d7be50bc3d36e33e551fe9bc051c535b996f0d533f6804dcd
Dateiname: gf54rt32t.exe
Erkennungsrate: 13 / 67
Analyse-Datum: 2018-04-06 09:04:57 UTC ( vor 1 Jahr, 1 Monat ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
AegisLab Packer.W32.Hrup.lGXn 20180406
AVware Virtool.Win32.Obfuscator.as!a (v) 20180406
Bkav W32.eHeur.Malware03 20180406
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20170201
Cybereason malicious.19b6fd 20180225
Cylance Unsafe 20180406
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/GenKryptik.GX 20180406
Sophos ML heuristic 20180121
McAfee-GW-Edition BehavesLike.Win32.Dropper.ch 20180406
Qihoo-360 HEUR/QVM07.1.516D.Malware.Gen 20180406
SentinelOne (Static ML) static engine - malicious 20180225
VIPRE Virtool.Win32.Obfuscator.as!a (v) 20180406
Ad-Aware 20180406
AhnLab-V3 20180406
Alibaba 20180404
ALYac 20180406
Antiy-AVL 20180406
Arcabit 20180406
Avast 20180406
Avast-Mobile 20180406
AVG 20180406
Avira (no cloud) 20180405
Baidu 20180404
BitDefender 20180406
CAT-QuickHeal 20180406
ClamAV 20180406
CMC 20180405
Comodo 20180406
Cyren 20180406
DrWeb 20180406
eGambit 20180406
Emsisoft 20180406
F-Prot 20180406
F-Secure 20180406
Fortinet 20180406
GData 20180406
Ikarus 20180406
Jiangmin 20180406
K7AntiVirus 20180404
K7GW 20180406
Kaspersky 20180406
Kingsoft 20180406
Malwarebytes 20180406
MAX 20180406
McAfee 20180406
Microsoft 20180406
eScan 20180406
NANO-Antivirus 20180406
nProtect 20180406
Palo Alto Networks (Known Signatures) 20180406
Panda 20180405
Rising 20180406
Sophos AV 20180406
SUPERAntiSpyware 20180406
Symantec 20180406
Symantec Mobile Insight 20180406
Tencent 20180406
TheHacker 20180404
TotalDefense 20180406
TrendMicro 20180406
TrendMicro-HouseCall 20180406
Trustlook 20180406
VBA32 20180405
ViRobot 20180406
WhiteArmor 20180405
Yandex 20180406
Zillya 20180405
ZoneAlarm by Check Point 20180406
Zoner 20180406
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-05 17:13:02
Entry Point 0x000027A6
Number of sections 4
PE sections
PE imports
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
GetCurrentThread
LCMapStringW
SetHandleCount
GetModuleFileNameW
WaitForSingleObject
SetEvent
LCMapStringA
TlsSetValue
CompareStringW
ExitProcess
IsBadWritePtr
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
EnumSystemLocalesA
EnterCriticalSection
GetEnvironmentStrings
GetLocaleInfoA
LocalAlloc
GetCPInfo
UnhandledExceptionFilter
GetEnvironmentVariableA
MultiByteToWideChar
FatalAppExitA
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
SetEnvironmentVariableA
TlsFree
GetLocaleInfoW
LeaveCriticalSection
GetModuleHandleA
HeapAlloc
InitializeCriticalSection
WideCharToMultiByte
GetStringTypeA
SetFilePointer
InterlockedExchange
WriteFile
GetCurrentProcess
CompareStringA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapDestroy
GetOEMCP
LocalFree
TerminateProcess
LocalSize
InterlockedDecrement
GetTimeZoneInformation
HeapCreate
VirtualFree
TlsGetValue
Sleep
GetFileType
SetConsoleCtrlHandler
GetCurrentThreadId
GetVersion
GetProcAddress
VirtualAlloc
SetLastError
InterlockedIncrement
CreateWindowExA
CheckMenuItem
SendMessageW
UnregisterClassA
DestroyWindow
PtInRect
SetMenuItemInfoA
ShowWindowAsync
LoadStringW
DefWindowProcW
SetWindowLongW
CreateWindowExW
TrackPopupMenu
PostMessageW
GetMenuStringW
GetKeyState
Number of PE resources by type
RT_STRING 1
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:04:05 18:13:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
98304

SubsystemVersion
4.0

EntryPoint
0x27a6

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 e3574773425d41e8c2b5a3b1319c401d
SHA1 717c50919b6fddaebf9615815d6ab90b825902a5
SHA256 8429e7dd5ae9225d7be50bc3d36e33e551fe9bc051c535b996f0d533f6804dcd
ssdeep
3072:ZxEzSgF4QdcwoPck9iGpbCXUi3WSmhGVUVTZj+:ZxgSQ4nwoniGpyUCqwm

authentihash a8a6467e4fcc62c389f3a07079c12e6129d378eba1cad5ac1b9ef2ec560bca6a
imphash 021e66bef5c9180e6bf544956ebbcf05
File size 152.0 KB ( 155648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-06 09:04:57 UTC ( vor 1 Jahr, 1 Monat )
Last submission 2018-04-27 11:02:20 UTC ( vor 1 Jahr )
Dateinamen gf54rt32t.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
DNS requests