× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 046a7fac35a29f66e37193a2048f6a324754df131bad07c21f87fc814d7763f5
File name: 734AADD62D0662256A65510271D40048_103-readme.exe
Detection ratio: 58 / 68
Analysis date: 2018-11-10 05:00:40 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KDV.647871 20181110
AegisLab Hacktool.Win32.Krap.x!c 20181110
AhnLab-V3 Trojan/Win32.Zbot.R79702 20181109
ALYac Spyware.Zbot.KB 20181110
Antiy-AVL Trojan[Packed]/Win32.Krap 20181110
Arcabit Trojan.Generic.KDV.D9E2BF 20181110
Avast Win32:Cridex-N [Trj] 20181110
AVG Win32:Cridex-N [Trj] 20181110
Avira (no cloud) WORM/Cridex.E.5 20181110
AVware Trojan.Win32.Generic!SB.0 20180925
BitDefender Trojan.Generic.KDV.647871 20181110
Bkav W32.OnGameWPAIIXUSR.Trojan 20181110
CAT-QuickHeal Worm.Cridex 20181108
ClamAV Win.Trojan.Agent-1236425 20181109
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.62d066 20180225
Cylance Unsafe 20181110
Cyren W32/Zbot.DQ.gen!Eldorado 20181110
DrWeb Trojan.DownLoader15.17379 20181110
Emsisoft Trojan.Generic.KDV.647871 (B) 20181110
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/AutoRun.Spy.Banker.P 20181110
F-Prot W32/Zbot.DQ.gen!Eldorado 20181110
F-Secure Trojan.Generic.KDV.647871 20181110
Fortinet W32/Dapato.BHXH!tr 20181110
GData Win32.Trojan.Agent.CUU8T9 20181110
Ikarus Packer.Win32.Krap 20181109
Sophos ML heuristic 20181108
Jiangmin TrojanDropper.Dapato.hxn 20181110
K7AntiVirus P2PWorm ( 003ae9c41 ) 20181109
K7GW P2PWorm ( 003ae9c41 ) 20181109
Kaspersky Trojan-Ransom.Win32.Blocker.hmnq 20181110
Kingsoft Win32.Troj.Dapato.(kcloud) 20181110
Malwarebytes Spyware.Zbot.DG 20181110
MAX malware (ai score=100) 20181110
McAfee PWS-Zbot.gen.uh 20181110
McAfee-GW-Edition PWS-Zbot.gen.uh 20181110
Microsoft Worm:Win32/Cridex.E 20181110
eScan Trojan.Generic.KDV.647871 20181110
NANO-Antivirus Trojan.Win32.Dwn.stlir 20181110
Panda Generic Malware 20181109
Qihoo-360 Trojan.Generic 20181110
Rising Ransom.Reveton!8.F2 (CLOUD) 20181110
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Troj/DwnLdr-KAY 20181110
Symantec W32.Cridex 20181109
Tencent Win32.Trojan.Falsesign.Afhq 20181110
TheHacker Trojan/Dropper.Dapato.bhxh 20181108
TotalDefense Win32/Cridex.BA 20181109
TrendMicro TROJ_KRYPTIK.MIC 20181110
TrendMicro-HouseCall TROJ_KRYPTIK.MIC 20181110
VBA32 BScope.Malware-Cryptor.SB.01798 20181109
VIPRE Trojan.Win32.Generic!SB.0 20181109
Webroot W32.Trojan.Gen 20181110
Yandex Worm.AutoRun!tSqW3tx0AYY 20181109
Zillya Dropper.Dapato.Win32.10107 20181109
ZoneAlarm by Check Point Trojan-Ransom.Win32.Blocker.hmnq 20181110
Zoner Trojan.Dapato 20181110
Alibaba 20180921
Avast-Mobile 20181109
Babable 20180918
Baidu 20181109
CMC 20181110
Palo Alto Networks (Known Signatures) 20181110
SUPERAntiSpyware 20181107
Symantec Mobile Insight 20181108
TACHYON 20181110
Trustlook 20181110
ViRobot 20181109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 5:50 AM 11/10/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-12 06:01:32
Entry Point 0x000015E0
Number of sections 6
PE sections
Overlays
MD5 27a9fc121dda2c8f6c60fd6aa92a8780
File type data
Offset 111104
Size 992
Entropy 6.98
PE imports
TextOutA
SelectObject
GetTextMetricsA
GetStockObject
SetBkMode
GetWindowsDirectoryW
LoadLibraryW
CreateFileW
ReadFile
GetCommandLineA
GetProcAddress
lstrcatW
ReleaseDC
CreateWindowExA
LoadCursorA
LoadIconA
UpdateWindow
DispatchMessageA
BeginPaint
TranslateMessage
PostQuitMessage
DefWindowProcA
ShowWindow
RegisterClassExA
GetMessageA
GetDC
InvalidateRect
Number of PE resources by type
RT_STRING 3
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:06:12 07:01:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23040

LinkerVersion
2.5

FileTypeExtension
exe

InitializedDataSize
87552

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x15e0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 734aadd62d0662256a65510271d40048
SHA1 67e9c32c97b47e058aeee928c4cdc28773883b90
SHA256 046a7fac35a29f66e37193a2048f6a324754df131bad07c21f87fc814d7763f5
ssdeep
1536:vTraAg6weVtDASIUh5gOH3u17bZP16DwpyLJrnlIsyI:vvX6Y5jMbzByBIzI

authentihash 8509b4f3309278adc802a1702c0921ac4c295864a5e6cfe11ccd7d636724ff25
imphash 5cc5f65225f24f0f8c6c7c1da0c021f1
File size 109.5 KB ( 112096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (87.5%)
Win32 Dynamic Link Library (generic) (4.2%)
Win32 Executable (generic) (2.9%)
Win16/32 Executable Delphi generic (1.3%)
OS/2 Executable (generic) (1.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-06-12 08:23:41 UTC ( 6 years, 6 months ago )
Last submission 2018-11-10 05:00:40 UTC ( 1 month ago )
File names 182b5-eDI6dn
KB01148523.exe
vti-rescan
004028859
182b5.EXE
"calc.exe"
47E9A414E04FECF8B52A010E05F1BE00BAF66BCA.exe
734aadd62d0662256a65510271d40048
"contacts.exe"
readme.exe
168-734AADD62D0662256A65510271D40048_103-readme.exe
182b5
046a7fac35a29f66e37193a2048f6a324754df131bad07c21f87fc814d7763f5.bin
KB00698548.xe
WL-98552070892aab074e58272ebe1ca21d-0
734AADD62D0662256A65510271D40048_103-readme.exe
file-4095128_
734aadd62d0662256a65510271d40048.malware
KB00565190.exe
output.1666019.txt
1666019
734AADD62D0662256A65510271D40048_103-readme.exe
734aadd62d0662256a65510271d40048
046a7fac35a29f66e37193a2048f6a324754df131bad07c21f87fc814d7763f5
u1206a.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!