× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 01bf06d95a2712bf6b4eeaa421bf7270390193d7128786c12c76fbd7844648a7
File name: 921dd18d42901e65ebc093a39209e0dc.virus
Detection ratio: 33 / 69
Analysis date: 2018-10-07 01:05:44 UTC ( 1 week, 6 days ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.174274 20181007
AhnLab-V3 Trojan/Win32.Ursnif.R238477 20181006
ALYac Gen:Variant.Strictor.174274 20181007
Arcabit Trojan.Strictor.D2A8C2 20181007
Avast Win32:Malware-gen 20181006
AVG Win32:Malware-gen 20181006
BitDefender Gen:Variant.Strictor.174274 20181007
Cylance Unsafe 20181007
Emsisoft Gen:Variant.Strictor.174274 (B) 20181006
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLJU 20181007
F-Secure Gen:Variant.Strictor.174274 20181006
Fortinet W32/GenKryptik.CNDB!tr 20181007
GData Gen:Variant.Strictor.174274 20181006
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 00516fdf1 ) 20181006
K7GW Trojan ( 00516fdf1 ) 20181006
Kaspersky Trojan-PSW.Win32.Fareit.eler 20181007
Malwarebytes Trojan.MalPack 20181007
MAX malware (ai score=87) 20181007
McAfee Trojan-FPST!921DD18D4290 20181007
McAfee-GW-Edition BehavesLike.Win32.AdwareInstCap.ch 20181007
Microsoft Trojan:Win32/Vigorf.A 20181006
eScan Gen:Variant.Strictor.174274 20181006
Panda Trj/Genetic.gen 20181006
Rising Malware.Heuristic!ET#89% (RDM+:cmRtazoSv5Fmu5fCqLH29R8v1jub) 20181007
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Mal/Generic-S 20181006
Symantec Packed.Generic.525 20181006
TrendMicro TROJ_GEN.R015C0OJ518 20181006
TrendMicro-HouseCall TROJ_GEN.R015C0OJ518 20181006
Webroot W32.Adware.Installcore 20181007
ZoneAlarm by Check Point Trojan-PSW.Win32.Fareit.eler 20181006
AegisLab 20181006
Alibaba 20180921
Antiy-AVL 20181007
Avast-Mobile 20181006
Avira (no cloud) 20181006
AVware 20180925
Babable 20180918
Baidu 20180930
Bkav 20181005
CAT-QuickHeal 20181006
ClamAV 20181006
CMC 20181006
Comodo 20181006
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cyren 20181006
DrWeb 20181006
eGambit 20181007
F-Prot 20181006
Ikarus 20181006
Jiangmin 20181006
Kingsoft 20181007
NANO-Antivirus 20181007
Palo Alto Networks (Known Signatures) 20181007
Qihoo-360 20181007
SUPERAntiSpyware 20181006
Symantec Mobile Insight 20181001
TACHYON 20181006
Tencent 20181007
TheHacker 20181001
TotalDefense 20181006
Trustlook 20181007
VBA32 20181005
VIPRE 20181006
ViRobot 20181006
Yandex 20181005
Zillya 20181005
Zoner 20181006
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-10 17:38:24
Entry Point 0x00002024
Number of sections 5
PE sections
PE imports
CreateDiscardableBitmap
SetViewportExtEx
CreateCompatibleBitmap
GetLastError
InterlockedDecrement
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
FindFirstChangeNotificationA
LoadLibraryW
GetConsoleCP
GetOEMCP
LCMapStringA
IsDebuggerPresent
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetEnvironmentStringsW
GetACP
HeapAlloc
EnumTimeFormatsW
GetEnvironmentStrings
GetCurrentDirectoryW
GetConsoleMode
HeapSize
LocalAlloc
GetConsoleOutputCP
SetHandleCount
GetCommandLineW
GetLocaleInfoA
UnhandledExceptionFilter
TerminateProcess
MultiByteToWideChar
GetStartupInfoW
SetStdHandle
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetProcAddress
QueryPerformanceCounter
AddAtomW
GetFileType
GetComputerNameW
GetModuleHandleA
FindResourceExA
RaiseException
GetCPInfo
GetModuleFileNameW
GetStringTypeA
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
GetCurrentProcessId
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetMailslotInfo
GetSystemTimes
ExitThread
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TlsFree
FindAtomW
WriteConsoleOutputCharacterW
WriteConsoleA
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
FindAtomA
TlsGetValue
Sleep
SetLastError
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
GetStartupInfoA
WriteConsoleW
LeaveCriticalSection
RegisterClassExW
GetMenu
GetAltTabInfoA
SetParent
BeginPaint
DlgDirSelectExW
SetProcessDefaultLayout
Number of PE resources by type
RT_BITMAP 2
RT_ICON 2
RT_ACCELERATOR 1
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH UK 5
TURKISH DEFAULT 1
TURKISH NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:08:10 18:38:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
117248

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
75264

SubsystemVersion
5.0

EntryPoint
0x2024

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 921dd18d42901e65ebc093a39209e0dc
SHA1 1c840250a36a7dcc65c863e264189d09ae89ce0e
SHA256 01bf06d95a2712bf6b4eeaa421bf7270390193d7128786c12c76fbd7844648a7
ssdeep
3072:CafLNvjQFHalBq+E0FuCgXqg3jtPff4iHNBNh5Nm:CSLOt2Bq+E0FKXxn4iznm

authentihash 063a1b7492007932751885157eda42477edc11e4f2d5471e889595d2f050cb9f
imphash 3b3c77477f711704cfb808ef3615140e
File size 181.5 KB ( 185856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe nxdomain

VirusTotal metadata
First submission 2018-10-07 01:05:44 UTC ( 1 week, 6 days ago )
Last submission 2018-10-07 01:05:44 UTC ( 1 week, 6 days ago )
File names 921dd18d42901e65ebc093a39209e0dc.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications