× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 092fd4caf46ec36e07fdc9c8b156ce05cda0fb2abd7c49ba8dddfe8ac6cdbb67
File name: 2017-04-25-Goodma-campaign-Rig-EK-payload-Latentbot.exe
Detection ratio: 55 / 65
Analysis date: 2017-09-15 15:36:58 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Brresmon.Gen.1 20170915
AegisLab Ml.Attribute.Gen!c 20170915
AhnLab-V3 Backdoor/Win32.Androm.R199098 20170915
ALYac Trojan.Agent.Latentbot 20170915
Antiy-AVL Trojan/Win32.TSGeneric 20170915
Arcabit Trojan.Brresmon.Gen.1 20170915
Avast Win32:Rootkit-gen [Rtk] 20170915
AVG Win32:Rootkit-gen [Rtk] 20170915
Avira (no cloud) TR/Dropper.dbiga 20170915
AVware Trojan.Win32.Generic!BT 20170915
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9990 20170915
BitDefender Gen:Trojan.Brresmon.Gen.1 20170915
CAT-QuickHeal Trojan.Mauvaise.SL1 20170915
ClamAV Win.Ransomware.Globeimposter-6336188-0 20170915
Comodo TrojWare.Win32.GenKryptik.~ACVC 20170915
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170915
Cyren W32/Trojan.SSNE-3336 20170915
DrWeb Trojan.DownLoader24.49784 20170915
Emsisoft Gen:Trojan.Brresmon.Gen.1 (B) 20170915
Endgame malicious (high confidence) 20170821
ESET-NOD32 Win32/Delf.ATW 20170915
F-Secure Gen:Trojan.Brresmon.Gen.1 20170915
Fortinet W32/GenKryptik.ACVC!tr 20170915
GData Gen:Trojan.Brresmon.Gen.1 20170915
Ikarus Trojan.Win32.Krypt 20170915
Sophos ML heuristic 20170914
Jiangmin Backdoor.Androm.ovi 20170915
K7AntiVirus Trojan ( 0050c3011 ) 20170915
K7GW Hacktool ( 655367771 ) 20170915
Kaspersky HEUR:Trojan.Win32.Generic 20170915
MAX malware (ai score=100) 20170915
McAfee RDN/Generic.hbg 20170915
McAfee-GW-Edition BehavesLike.Win32.DocumentCrypt.fc 20170915
Microsoft Trojan:Win32/Satbrop.A 20170915
eScan Gen:Trojan.Brresmon.Gen.1 20170915
NANO-Antivirus Trojan.Win32.Androm.enuqpi 20170915
nProtect Trojan/W32.Droma.312832 20170915
Palo Alto Networks (Known Signatures) generic.ml 20170915
Panda Trj/GdSda.A 20170915
Qihoo-360 Trojan.Generic 20170915
Rising Trojan.Kryptik!1.AA2B (ktse) 20170915
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Generic-S 20170915
Symantec Trojan.Gen.2 20170915
Tencent Win32.Trojan.Inject.Auto 20170915
TrendMicro TROJ_FRS.0NA003DP17 20170915
TrendMicro-HouseCall TROJ_FRS.0NA003DP17 20170915
VBA32 Trojan.Droma 20170915
VIPRE Trojan.Win32.Generic!BT 20170915
ViRobot Trojan.Win32.Z.Dropper.312832.F 20170915
Webroot W32.Trojan.Gen 20170915
Yandex Trojan.Droma!yCJpWWQdOJ4 20170908
Zillya Trojan.Droma.Win32.1332 20170915
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20170915
Alibaba 20170911
Avast-Mobile 20170829
CMC 20170915
F-Prot 20170915
Kingsoft 20170915
Malwarebytes 20170915
SUPERAntiSpyware 20170915
Symantec Mobile Insight 20170915
TheHacker 20170911
TotalDefense 20170915
Trustlook 20170915
WhiteArmor 20170829
Zoner 20170915
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Jdsfiugh sdfiguh adsfgiouhsd fgisudhfg

File version 1, 15, 0, 0
Comments KJSDbigjbd sfojksd guiydsgf8ysdf gousdgsdf
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-21 05:59:49
Entry Point 0x0000126C
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetStringTypeW
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
HeapSize
WideCharToMultiByte
LoadLibraryW
TlsFree
GetModuleHandleA
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
IsValidCodePage
HeapCreate
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_ICON 8
RT_BITMAP 5
RT_GROUP_CURSOR 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 14
ENGLISH US 4
PE resources
ExifTool file metadata
SpecialBuild
4651

UninitializedDataSize
0

Comments
KJSDbigjbd sfojksd guiydsgf8ysdf gousdgsdf

InitializedDataSize
298496

ImageVersion
0.0

FileVersionNumber
1.15.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0037

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 15, 0, 0

TimeStamp
2017:04:21 06:59:49+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 15, 0, 0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Jdsfiugh sdfiguh adsfgiouhsd fgisudhfg

MachineType
Intel 386 or later, and compatibles

CodeSize
18432

FileSubtype
0

ProductVersionNumber
1.15.0.0

EntryPoint
0x126c

ObjectFileType
Unknown

Compressed bundles
File identification
MD5 331d47e41fad11209dc3ff9a67f5201d
SHA1 822325a224ec5d1f133e408eabcaf7f9761e0fd2
SHA256 092fd4caf46ec36e07fdc9c8b156ce05cda0fb2abd7c49ba8dddfe8ac6cdbb67
ssdeep
6144:gqwgfamuDZkJBSsDzjweyH0ta7uctAZjH2t4dQEiFSVQHWpN5rTlDmHxao9+DHdX:gqwgyz9sNMee6y9iH2t4dHpN5rTlD

authentihash f406cf5d758c5103275bf0887549106dc899e16fcf411f6a853a74c5ef4da731
imphash 811a267592c92fccca97572293ebbd3a
File size 305.5 KB ( 312832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-04-21 16:00:55 UTC ( 6 months ago )
Last submission 2017-09-15 15:36:58 UTC ( 1 month, 1 week ago )
File names 2017-04-25-Goodma-campaign-Rig-EK-payload-Latentbot.exe
76w4f9kb.exe
etcp5pyw.exe
Goodma-campaign-Rig-EK-payload-Latentbot.exe
76w4f9kb.exe.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications