× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 01a2e5620831d0e28dfc82e6d07e1d35033b3f072911e2994f13e6972a180e2b
File name: a.jpg
Detection ratio: 59 / 67
Analysis date: 2018-10-23 13:21:17 UTC ( 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Delf.Agent.AH 20181023
AhnLab-V3 Trojan/Win32.Injector.R5297 20181023
ALYac Trojan.Delf.Agent.AH 20181023
Antiy-AVL Trojan[Backdoor]/Win32.Xtreme.bqj 20181023
Arcabit Trojan.Delf.Agent.AH 20181023
Avast Win32:Malware-gen 20181023
AVG Win32:Malware-gen 20181023
Avira (no cloud) BDS/Backdoor.Gen5 20181023
Baidu Win32.Backdoor.Agent.ag 20181023
BitDefender Trojan.Delf.Agent.AH 20181023
Bkav W32.FeylarmQ.Trojan 20181023
CAT-QuickHeal Backdoor.Xtrat.AA8 20181022
CMC Backdoor.Win32.Xtrat.1!O 20181023
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.952941 20180225
Cylance Unsafe 20181023
Cyren W32/Xtrat.A.gen!Eldorado 20181023
DrWeb BackDoor.Siggen.52725 20181023
Emsisoft Trojan.Delf.Agent.AH (B) 20181023
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 Win32/AutoRun.Remtasu.E 20181023
F-Prot W32/Xtrat.A.gen!Eldorado 20181023
F-Secure Rogue:W32/FakeAv.BI 20181023
Fortinet W32/Sasfis.BZMX!tr 20181023
GData Win32.Backdoor.Xtrat.L 20181023
Ikarus Trojan-Spy.Win32.KeyLogger 20181023
Sophos ML heuristic 20180717
Jiangmin TrojanSpy.Keylogger.grj 20181023
K7AntiVirus Trojan ( 0038dcf91 ) 20181023
K7GW Trojan ( 0038dcf91 ) 20181023
Kaspersky Backdoor.Win32.Xtreme.bqj 20181023
Malwarebytes Backdoor.XTRat.Gen 20181023
MAX malware (ai score=80) 20181023
McAfee GenericRXAA-EO!25FA21195294 20181023
McAfee-GW-Edition BehavesLike.Win32.Generic.nc 20181023
Microsoft Trojan:Win32/Fuerboos.C!cl 20181023
eScan Trojan.Delf.Agent.AH 20181023
NANO-Antivirus Trojan.Win32.Sasfis.dzcfs 20181023
Panda Trj/Keylogger.GM 20181023
Qihoo-360 HEUR/QVM11.1.B7DF.Malware.Gen 20181023
Rising Backdoor.Xtrat!1.6A25 (CLASSIC) 20181023
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/SillyFDC-A 20181023
SUPERAntiSpyware Trojan.Agent/Gen-CryptedInstaller 20181022
Symantec W32.Extrat!gen1 20181023
TACHYON Backdoor/W32.DP-Xtreme.67072 20181023
Tencent Trojan.Win32.Injector.r 20181023
TheHacker Trojan/Remtasu.a 20181018
TotalDefense Win32/Sipay.ADC 20181023
TrendMicro TSPY_KEYLOG.SMC 20181023
TrendMicro-HouseCall TSPY_KEYLOG.SMC 20181023
VBA32 Backdoor.Xtreme 20181023
VIPRE Trojan.Win32.Xpack.a (v) 20181023
ViRobot Backdoor.Win32.Xtreme.Gen 20181023
Webroot System.Monitor.Ardamax.Keylogge 20181023
Yandex Trojan.Sasfis!hDgBUqSKhHM 20181022
Zillya Trojan.Generic.Win32.37784 20181022
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20181023
Zoner Trojan.Remtasu.F 20181023
AegisLab 20181023
Alibaba 20180921
Avast-Mobile 20181023
Babable 20180918
eGambit 20181023
Kingsoft 20181023
Palo Alto Networks (Known Signatures) 20181023
Symantec Mobile Insight 20181001
Trustlook 20181023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0004B900
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
URLDownloadToCacheFileW
RegCloseKey
NtUnmapViewOfSection
SysFreeString
SHGetMalloc
SHDeleteKeyW
CharNextW
FtpPutFileW
Number of PE resources by type
RT_RCDATA 3
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x4b900

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
274432

File identification
MD5 25fa211952941cd6d8e9fbf5518ce641
SHA1 9c4fdd337f5addbed7586b0d8409d424232d2314
SHA256 01a2e5620831d0e28dfc82e6d07e1d35033b3f072911e2994f13e6972a180e2b
ssdeep
768:VxMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66l/tunOYN0LGJ1:wNW71rcYDAWeotvXlFOuk

authentihash 4a716e0efe2fbfe9ab729a72ed27c272def0c5e964435083bdcd2061c743421b
imphash e0f7991d50ceee521d7190effa3c494e
File size 33.0 KB ( 33792 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-10-23 13:21:17 UTC ( 5 months ago )
Last submission 2018-10-23 13:21:17 UTC ( 5 months ago )
File names a.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests