× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 065978646f1e8ff383d866a8c0c7f74d36ed10c9082d758bc0a6c69668abb727
File name: x_WABVDATF.EXE
Detection ratio: 39 / 71
Analysis date: 2019-01-12 02:28:08 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31515255 20190112
AegisLab Trojan.Win32.Mokes.4!c 20190112
AhnLab-V3 Trojan/Win32.Kryptik.R251466 20190112
ALYac Trojan.GenericKD.31515255 20190112
Antiy-AVL Trojan[Ransom]/Win32.Chapak.a 20190112
Arcabit Trojan.Generic.D1E0E277 20190112
Avast Win32:Malware-gen 20190112
AVG Win32:Malware-gen 20190112
BitDefender Trojan.GenericKD.31515255 20190112
Comodo Malware@#12n643nh0xenn 20190112
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20181023
Cylance Unsafe 20190112
Cyren W32/Trojan.DDSK-4174 20190112
Emsisoft Trojan.GenericKD.31515255 (B) 20190112
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GONI 20190112
Fortinet W32/Kryptik.GOMB!tr 20190112
GData Trojan.GenericKD.31515255 20190112
Sophos ML heuristic 20181128
Jiangmin Trojan.Chapak.aqr 20190112
K7AntiVirus Trojan ( 005454e81 ) 20190112
K7GW Trojan ( 005454e81 ) 20190112
Kaspersky Backdoor.Win32.Mokes.yvn 20190112
MAX malware (ai score=100) 20190112
McAfee Trojan-FPST!2635079E4B49 20190112
McAfee-GW-Edition BehavesLike.Win32.Dropper.dh 20190112
Microsoft Trojan:Win32/Injeber.A!bit 20190112
eScan Trojan.GenericKD.31515255 20190112
Palo Alto Networks (Known Signatures) generic.ml 20190112
Qihoo-360 Win32/Backdoor.d03 20190112
Rising Malware.Heuristic.MLite(100%) (AI-LITE:tesKjDSMGdcV77ZjoyJ3Cw) 20190112
Sophos AV Mal/Generic-S 20190112
Symantec ML.Attribute.HighConfidence 20190112
Tencent Win32.Backdoor.Mokes.Hpib 20190112
Trapmine malicious.high.ml.score 20190103
VBA32 BScope.Trojan.Chapak 20190111
ViRobot Trojan.Win32.Z.Injeber.216064 20190111
Webroot W32.Trojan.Gen 20190112
ZoneAlarm by Check Point Backdoor.Win32.Mokes.yvn 20190112
Acronis 20190111
Alibaba 20180921
Avast-Mobile 20190112
Avira (no cloud) 20190112
Babable 20180918
Baidu 20190111
Bkav 20190108
CAT-QuickHeal 20190111
ClamAV 20190112
CMC 20190111
Cybereason 20190109
DrWeb 20190112
eGambit 20190112
F-Prot 20190112
F-Secure 20190111
Ikarus 20190112
Kingsoft 20190112
Malwarebytes 20190112
NANO-Antivirus 20190112
Panda 20190112
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190109
TACHYON 20190112
TheHacker 20190106
TotalDefense 20190112
TrendMicro 20190112
TrendMicro-HouseCall 20190112
Trustlook 20190112
VIPRE 20190112
Yandex 20190111
Zillya 20190111
Zoner 20190112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-18 16:17:54
Entry Point 0x0000854E
Number of sections 8
PE sections
PE imports
SetPixelV
SetStretchBltMode
GetStdHandle
GetConsoleOutputCP
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
GetFileInformationByHandle
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
InterlockedDecrement
SetLastError
PeekNamedPipe
CopyFileA
HeapAlloc
GetModuleFileNameA
FillConsoleOutputCharacterW
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
FatalAppExitA
SetUnhandledExceptionFilter
ExitThread
SetEnvironmentVariableA
TerminateProcess
FindCloseChangeNotification
WriteConsoleA
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
AddAtomA
GetProcAddress
CompareStringW
FreeEnvironmentStringsW
CompareStringA
IsValidLocale
GetUserDefaultLCID
GetTimeZoneInformation
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
FindFirstChangeNotificationA
GlobalFree
GetConsoleCP
LCMapStringA
SetProcessShutdownParameters
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
GetModuleHandleW
GetSystemTimeAdjustment
WideCharToMultiByte
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetTimeFormatA
DragQueryFileW
ShellExecuteW
ShellAboutA
GetListBoxInfo
CallMsgFilterA
MapVirtualKeyExA
GetDialogBaseUnits
PeekMessageA
CloseClipboard
GetNextDlgTabItem
GetClipboardSequenceNumber
OpenClipboard
WinHttpConnect
Number of PE resources by type
RT_ICON 8
RT_DIALOG 2
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SERBIAN DEFAULT 13
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
86016

EntryPoint
0x854e

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.9.2.82

TimeStamp
2017:08:18 18:17:54+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
gucegi.exe

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0x40534)

LegalCopyright
Copyright (C) 2018, rewesesel

MachineType
Intel 386 or later, and compatibles

CodeSize
146944

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2635079e4b497509024bbe13b68077f1
SHA1 73552c1e96cc951d737db56c6a5bf89b74a19cf4
SHA256 065978646f1e8ff383d866a8c0c7f74d36ed10c9082d758bc0a6c69668abb727
ssdeep
3072:FIigkJcUnwSKU17DoFr6ebEQJi9eMc80rl7zRX7t28n:WihJ1wSZoFrvbEteTF79n

authentihash 5aa03220b9d96db3ea497c3d64920e2e3803c47168c92ff9acc14e31b8d4361f
imphash ca97b30246f18f72a5a3aef293db32f3
File size 211.0 KB ( 216064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-01-11 01:22:27 UTC ( 2 months, 1 week ago )
Last submission 2019-01-11 01:45:31 UTC ( 2 months, 1 week ago )
File names x_WABVDATF.EXE
copyland.png
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs