× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 02978385cbeffaae26f0fbca7d84a232c147533dfa813327f77e08f91f3c1185
File name: 030817Bunitu.exe
Detection ratio: 46 / 64
Analysis date: 2017-08-06 12:36:21 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.CKPO 20170806
AegisLab Backdoor.W32.Androm!c 20170806
AhnLab-V3 Trojan/Win32.Globeimposter.C2071600 20170806
ALYac Trojan.Agent.CKPO 20170806
Antiy-AVL Trojan/Win32.TSGeneric 20170806
Arcabit Trojan.Agent.CKPO 20170806
Avast Win32:Malware-gen 20170806
AVG Win32:Malware-gen 20170806
Avira (no cloud) TR/Crypt.Xpack.cduku 20170806
AVware Trojan.Win32.Generic!BT 20170806
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9991 20170804
BitDefender Trojan.Agent.CKPO 20170806
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20170710
Cylance Unsafe 20170806
Cyren W32/Trojan.GKWY-7024 20170806
DrWeb Trojan.DownLoader25.16304 20170806
Emsisoft Trojan.Agent.CKPO (B) 20170806
Endgame malicious (high confidence) 20170721
ESET-NOD32 a variant of Win32/Kryptik.FVEG 20170806
F-Secure Trojan.Agent.CKPO 20170806
Fortinet W32/GenKryptik.AQTE!tr 20170806
GData Trojan.Agent.CKPO 20170806
Ikarus Trojan.Win32.Crypt 20170806
Jiangmin Trojan.Spora.yl 20170806
Kaspersky Backdoor.Win32.Androm.nubc 20170806
Malwarebytes Trojan.MalPack 20170806
MAX malware (ai score=82) 20170806
McAfee Emotet-FAL!E68B1AA4DA7F 20170804
McAfee-GW-Edition BehavesLike.Win32.Dropper.dh 20170806
Microsoft TrojanProxy:Win32/Bunitu.Q!bit 20170806
eScan Trojan.Agent.CKPO 20170806
NANO-Antivirus Trojan.Win32.Deshacop.eroqoz 20170806
Palo Alto Networks (Known Signatures) generic.ml 20170806
Panda Trj/GdSda.A 20170806
Qihoo-360 Win32/Backdoor.33f 20170806
Rising Malware.Obscure/Heur!1.9E03 (cloud:nHGAJfE0teD) 20170806
SentinelOne (Static ML) static engine - malicious 20170718
Sophos AV Mal/Emotet-E 20170806
Symantec Ransom.GlobeImpstr!g2 20170805
Tencent Win32.Trojan.Inject.Auto 20170806
TrendMicro TROJ_GEN.R08NC0DH417 20170806
TrendMicro-HouseCall TROJ_GEN.R08NC0DH417 20170806
VIPRE Trojan.Win32.Generic!BT 20170806
Webroot W32.Trojan.Gen 20170806
WhiteArmor Malware.HighConfidence 20170731
ZoneAlarm by Check Point Backdoor.Win32.Androm.nubc 20170806
Alibaba 20170804
Bkav 20170805
CAT-QuickHeal 20170805
ClamAV 20170806
CMC 20170805
Comodo 20170806
F-Prot 20170806
Sophos ML 20170607
K7AntiVirus 20170804
K7GW 20170806
Kingsoft 20170806
nProtect 20170806
SUPERAntiSpyware 20170806
Symantec Mobile Insight 20170804
TheHacker 20170806
Trustlook 20170806
VBA32 20170803
ViRobot 20170805
Yandex 20170801
Zillya 20170806
Zoner 20170806
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-03 12:16:10
Entry Point 0x0000158D
Number of sections 4
PE sections
PE imports
GetLastError
InterlockedDecrement
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetOEMCP
GetEnvironmentStringsW
GlobalFindAtomA
HeapAlloc
TlsAlloc
GetSystemTimes
VirtualProtect
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
LCMapStringA
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
AddAtomW
RaiseException
GetCPInfo
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
GetStringTypeA
GetSystemTimeAsFileTime
TerminateProcess
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GlobalMemoryStatus
GetProcessHandleCount
IsValidCodePage
HeapCreate
GlobalAlloc
VirtualFree
IsDebuggerPresent
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
ShellExecuteA
LoadImageA
WinHttpCreateUrl
WinHttpCloseHandle
WinHttpOpen
Number of PE resources by type
RT_ICON 8
RT_ACCELERATOR 1
RT_BITMAP 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ESTONIAN DEFAULT 11
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:08:03 13:16:10+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
43008

LinkerVersion
9.0

EntryPoint
0x158d

InitializedDataSize
207872

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 e68b1aa4da7f1da2fced2f99e659aa35
SHA1 392dc1140ba9c3b51175898620ef6984016b4e49
SHA256 02978385cbeffaae26f0fbca7d84a232c147533dfa813327f77e08f91f3c1185
ssdeep
6144:aMUlPF0lFaz4AWnj60EF50mGGrv7/W+sg1Yeta0a6vBtig4/OS0ZECw0w28lsfzy:a9FEFaz4AWnj60EF50mGGrv7/W+sg1YJ

authentihash 4f26eae7cf897f3b73b1d27e3e042d4d6fcf411dfb5feca8b1b767c118068587
imphash fd72870a817a7c473cffad29be9ea498
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-05 19:09:53 UTC ( 1 year, 8 months ago )
Last submission 2018-05-19 01:57:59 UTC ( 11 months ago )
File names 030817Bunitu.exe
e68b1aa4da7f1da2fced2f99e659aa35.vir
e68b1aa4da7f1da2fced2f99e659aa35.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications