× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 092fd4caf46ec36e07fdc9c8b156ce05cda0fb2abd7c49ba8dddfe8ac6cdbb67
File name: 2017-04-25-Goodma-campaign-Rig-EK-payload-Latentbot.exe
Detection ratio: 53 / 63
Analysis date: 2017-08-19 19:35:43 UTC ( 1 day, 14 hours ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Brresmon.Gen.1 20170819
AegisLab Ml.Attribute.Gen!c 20170819
AhnLab-V3 Backdoor/Win32.Androm.R199098 20170819
ALYac Trojan.Agent.Latentbot 20170819
Antiy-AVL Trojan/Win32.TSGeneric 20170819
Arcabit Trojan.Brresmon.Gen.1 20170819
Avast Win32:Rootkit-gen [Rtk] 20170819
AVG Win32:Rootkit-gen [Rtk] 20170819
Avira (no cloud) TR/Dropper.dbiga 20170819
AVware Trojan.Win32.Generic!BT 20170819
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9990 20170817
BitDefender Gen:Trojan.Brresmon.Gen.1 20170819
CAT-QuickHeal Trojan.Mauvaise.SL1 20170819
Comodo TrojWare.Win32.GenKryptik.~ACVC 20170819
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170819
Cyren W32/Trojan.SSNE-3336 20170819
DrWeb Trojan.DownLoader24.49784 20170819
Emsisoft Gen:Trojan.Brresmon.Gen.1 (B) 20170819
Endgame malicious (high confidence) 20170721
ESET-NOD32 Win32/Delf.ATW 20170819
F-Secure Gen:Trojan.Brresmon.Gen.1 20170819
Fortinet W32/GenKryptik.ACVC!tr 20170819
GData Gen:Trojan.Brresmon.Gen.1 20170819
Ikarus Trojan.Win32.Krypt 20170819
Sophos ML heuristic 20170818
Jiangmin Backdoor.Androm.ovi 20170819
K7AntiVirus Trojan ( 0050c3011 ) 20170819
K7GW Hacktool ( 655367771 ) 20170817
Kaspersky HEUR:Trojan.Win32.Generic 20170819
MAX malware (ai score=86) 20170819
McAfee RDN/Generic.hbg 20170819
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20170819
Microsoft Trojan:Win32/Satbrop.A 20170819
eScan Gen:Trojan.Brresmon.Gen.1 20170819
NANO-Antivirus Trojan.Win32.Androm.enuqpi 20170819
nProtect Trojan/W32.Droma.312832 20170819
Palo Alto Networks (Known Signatures) generic.ml 20170819
Panda Trj/GdSda.A 20170819
Qihoo-360 Trojan.Generic 20170819
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Generic-S 20170819
Symantec Trojan.Gen.2 20170818
Tencent Trojan.Win32.YY.Gen.6 20170819
TrendMicro TROJ_FRS.0NA003DP17 20170819
TrendMicro-HouseCall TROJ_FRS.0NA003DP17 20170819
VBA32 Trojan.Droma 20170818
VIPRE Trojan.Win32.Generic!BT 20170819
ViRobot Trojan.Win32.Z.Dropper.312832.F 20170819
Webroot W32.Trojan.Gen 20170819
Yandex Trojan.Droma!yCJpWWQdOJ4 20170818
Zillya Trojan.Droma.Win32.1332 20170819
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170819
Alibaba 20170818
ClamAV 20170819
CMC 20170819
F-Prot 20170819
Kingsoft 20170819
Malwarebytes 20170819
SUPERAntiSpyware 20170819
Symantec Mobile Insight 20170818
TheHacker 20170817
TotalDefense 20170819
Trustlook 20170819
WhiteArmor 20170817
Zoner 20170819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Jdsfiugh sdfiguh adsfgiouhsd fgisudhfg

File version 1, 15, 0, 0
Comments KJSDbigjbd sfojksd guiydsgf8ysdf gousdgsdf
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-21 05:59:49
Entry Point 0x0000126C
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
HeapSize
WideCharToMultiByte
LoadLibraryW
TlsFree
GetModuleHandleA
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_ICON 8
RT_BITMAP 5
RT_GROUP_CURSOR 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 4
PE resources
ExifTool file metadata
SpecialBuild
4651

UninitializedDataSize
0

Comments
KJSDbigjbd sfojksd guiydsgf8ysdf gousdgsdf

InitializedDataSize
298496

ImageVersion
0.0

FileVersionNumber
1.15.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0037

CharacterSet
Unicode

LinkerVersion
10.0

EntryPoint
0x126c

MIMEType
application/octet-stream

LegalCopyright
Jdsfiugh sdfiguh adsfgiouhsd fgisudhfg

FileVersion
1, 15, 0, 0

TimeStamp
2017:04:21 06:59:49+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 15, 0, 0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
18432

FileSubtype
0

ProductVersionNumber
1.15.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 331d47e41fad11209dc3ff9a67f5201d
SHA1 822325a224ec5d1f133e408eabcaf7f9761e0fd2
SHA256 092fd4caf46ec36e07fdc9c8b156ce05cda0fb2abd7c49ba8dddfe8ac6cdbb67
ssdeep
6144:gqwgfamuDZkJBSsDzjweyH0ta7uctAZjH2t4dQEiFSVQHWpN5rTlDmHxao9+DHdX:gqwgyz9sNMee6y9iH2t4dHpN5rTlD

authentihash f406cf5d758c5103275bf0887549106dc899e16fcf411f6a853a74c5ef4da731
imphash 811a267592c92fccca97572293ebbd3a
File size 305.5 KB ( 312832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-21 16:00:55 UTC ( 4 months ago )
Last submission 2017-08-19 19:35:43 UTC ( 1 day, 14 hours ago )
File names 2017-04-25-Goodma-campaign-Rig-EK-payload-Latentbot.exe
76w4f9kb.exe
etcp5pyw.exe
Goodma-campaign-Rig-EK-payload-Latentbot.exe
76w4f9kb.exe.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications