× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 040f90d832f030220483f716fbb931a53aaa59139220d58b824b6cb29ac0d328
File name: arro.exe
Detection ratio: 41 / 65
Analysis date: 2019-04-08 17:55:03 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Acronis suspicious 20190408
Ad-Aware Trojan.GenericKD.31863041 20190408
AegisLab Trojan.Multi.Generic.4!c 20190408
Alibaba Backdoor:Win32/Backboot.0caa0acf 20190402
Arcabit Trojan.Generic.D1E63101 20190408
Avast Win32:Malware-gen 20190408
AVG Win32:Malware-gen 20190408
Avira (no cloud) TR/AD.Pitou.P 20190408
BitDefender Trojan.GenericKD.31863041 20190408
Comodo Malware@#10w3911yabfe3 20190408
CrowdStrike Falcon (ML) win/malicious_confidence_80% (W) 20190212
Cybereason malicious.e5fe44 20190403
Cyren W32/Trojan.QNQF-1387 20190408
Emsisoft Trojan.GenericKD.31863041 (B) 20190408
Endgame malicious (moderate confidence) 20190403
ESET-NOD32 a variant of Win32/Kryptik.GRUN 20190408
F-Secure Trojan.TR/AD.Pitou.P 20190408
FireEye Generic.mg.fb23389d6dcb4f3b 20190408
Fortinet W32/Generik.LAFUNYD!tr 20190408
GData Trojan.GenericKD.31863041 20190408
Ikarus Trojan.SuspectCRC 20190408
Sophos ML heuristic 20190313
K7AntiVirus Riskware ( 0040eff71 ) 20190408
K7GW Riskware ( 0040eff71 ) 20190408
Kaspersky Backdoor.Win32.Backboot.akm 20190408
Malwarebytes Trojan.Crypt 20190408
McAfee Artemis!FB23389D6DCB 20190408
McAfee-GW-Edition BehavesLike.Win32.SoftPulse.jc 20190408
Microsoft Trojan:Win32/Occamy.C 20190408
eScan Trojan.GenericKD.31863041 20190408
Palo Alto Networks (Known Signatures) generic.ml 20190408
Panda Trj/GdSda.A 20190408
Qihoo-360 Win32/Backdoor.BO.c67 20190408
Rising Backdoor.Backboot!8.DE4B (CLOUD) 20190408
SentinelOne (Static ML) DFI - Malicious PE 20190407
Sophos AV Mal/Generic-S 20190408
Trapmine suspicious.low.ml.score 20190325
TrendMicro-HouseCall Trojan.Win32.AZDEN.USXVPD619 20190408
VIPRE Trojan.Win32.Generic!BT 20190408
ViRobot Backdoor.Win32.Backboot.856064[UPX] 20190408
ZoneAlarm by Check Point Backdoor.Win32.Backboot.akm 20190408
AhnLab-V3 20190408
Antiy-AVL 20190408
Avast-Mobile 20190408
Baidu 20190318
Bkav 20190408
CAT-QuickHeal 20190407
ClamAV 20190408
CMC 20190321
DrWeb 20190408
eGambit 20190408
Jiangmin 20190408
Kingsoft 20190408
MAX 20190408
NANO-Antivirus 20190408
SUPERAntiSpyware 20190404
Symantec Mobile Insight 20190408
TACHYON 20190408
Tencent 20190408
TheHacker 20190405
TotalDefense 20190408
Trustlook 20190408
VBA32 20190408
Yandex 20190407
Zillya 20190408
Zoner 20190407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-04-05 19:31:00
Entry Point 0x000D2790
Number of sections 3
PE sections
PE imports
SystemFunction036
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SetRectEmpty
Number of PE resources by type
RT_BITMAP 2
RT_DIALOG 1
RT_GROUP_CURSOR 1
RT_ICON 1
Struct(240) 1
AFX_DIALOG_LAYOUT 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:04:05 21:31:00+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
671744

LinkerVersion
14.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xd2790

InitializedDataSize
8192

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
188416

Execution parents
File identification
MD5 fb23389d6dcb4f3b8e4e82db5e0b98c1
SHA1 c7804abe5fe4437c78efe44afe1ac7422e4f4537
SHA256 040f90d832f030220483f716fbb931a53aaa59139220d58b824b6cb29ac0d328
ssdeep
12288:w+PCX65qLdxiU3z/GBgOf5eaUW+02THsW5PRSW6do1iaHl:w+P468LdJYgOxeaA0CHsW5pnN1tl

authentihash b70fb9a855e7d3d4b2d34570e84c10f6c2150a1650fc3e90c9f5f97adad14970
imphash 347acf4494f903994e6675e9babf3df6
File size 660.0 KB ( 675840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2019-04-05 21:36:11 UTC ( 1 month, 2 weeks ago )
Last submission 2019-04-05 21:36:11 UTC ( 1 month, 2 weeks ago )
File names zbetcheckin_tracker_arro.exe
arro.exe
cc38.tmp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs