× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 06a31575b2306421d8a6f186275848ef409c5835549db2a45d62ef4d1bd09c6e
File name: 1ca3f6cbafc139d6a8d5bf3a9b16f26eb57c9314
Detection ratio: 29 / 71
Analysis date: 2018-12-29 15:11:33 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40873866 20181229
AhnLab-V3 Trojan/Win32.Fuerboos.R250171 20181228
ALYac Trojan.GenericKD.40873866 20181229
Arcabit Trojan.Generic.D26FAF8A 20181229
Avast Win32:Trojan-gen 20181229
AVG Win32:Trojan-gen 20181229
BitDefender Trojan.GenericKD.40873866 20181229
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20181022
Cylance Unsafe 20181229
Emsisoft Trojan.GenericKD.40873866 (B) 20181229
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GODF 20181229
Fortinet W32/Kryptik.GOBG!tr 20181229
GData Trojan.GenericKD.40873866 20181229
Sophos ML heuristic 20181128
Jiangmin Trojan.Chapak.alq 20181229
Kaspersky Trojan-Spy.Win32.Ursnif.afzj 20181229
Malwarebytes Trojan.MalPack.GS 20181229
MAX malware (ai score=84) 20181229
Microsoft Trojan:Win32/Fuerboos.C!cl 20181229
eScan Trojan.GenericKD.40873866 20181229
Panda Generic Suspicious 20181228
Qihoo-360 HEUR/QVM10.1.3129.Malware.Gen 20181229
Rising Malware.Obscure/Heur!1.A89E (CLASSIC) 20181229
Sophos AV Mal/Generic-S 20181229
Trapmine malicious.high.ml.score 20181205
VBA32 BScope.Trojan.Chapak 20181229
Webroot W32.Trojan.Gen 20181229
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.afzj 20181229
Acronis 20181227
AegisLab 20181229
Alibaba 20180921
Antiy-AVL 20181229
Avast-Mobile 20181229
Avira (no cloud) 20181229
Babable 20180918
Baidu 20181207
Bkav 20181227
CAT-QuickHeal 20181228
ClamAV 20181229
CMC 20181228
Comodo 20181229
Cybereason 20180225
Cyren 20181229
DrWeb 20181229
eGambit 20181229
F-Prot 20181229
F-Secure 20181229
Ikarus 20181229
K7AntiVirus 20181229
K7GW 20181229
Kingsoft 20181229
McAfee 20181229
McAfee-GW-Edition 20181229
NANO-Antivirus 20181229
Palo Alto Networks (Known Signatures) 20181229
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20181226
Symantec 20181228
Symantec Mobile Insight 20181225
TACHYON 20181229
Tencent 20181229
TheHacker 20181225
TotalDefense 20181229
TrendMicro 20181229
TrendMicro-HouseCall 20181229
Trustlook 20181229
VIPRE 20181229
ViRobot 20181228
Yandex 20181229
Zillya 20181228
Zoner 20181229
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-01 02:25:40
Entry Point 0x00012B53
Number of sections 5
PE sections
PE imports
BackupEventLogW
OpenServiceW
ChangeServiceConfigW
ClearEventLogW
SetStretchBltMode
CreateDiscardableBitmap
SetViewportOrgEx
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
FindFirstChangeNotificationA
LoadLibraryW
GlobalFree
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
SetProcessShutdownParameters
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
ExitThread
IsProcessorFeaturePresent
DeleteCriticalSection
EnumTimeFormatsW
DecodePointer
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
SetHandleCount
GetProcAddress
AddAtomW
EncodePointer
GetStartupInfoW
GetModuleFileNameW
FindResourceExA
RaiseException
WideCharToMultiByte
FillConsoleOutputCharacterA
TlsFree
FreeEnvironmentStringsW
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
GetSystemTimes
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
GetProcessShutdownParameters
IsValidCodePage
HeapCreate
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
GetProcessVersion
ExitProcess
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
ShellExecuteW
FindExecutableW
DragFinish
DragQueryFileA
MapWindowPoints
MapVirtualKeyA
UpdateWindow
GetNextDlgGroupItem
SendDlgItemMessageA
GetRegisteredRawInputDevices
MapVirtualKeyExA
LookupIconIdFromDirectory
LoadCursorFromFileA
LoadBitmapA
GetMessageExtraInfo
PeekMessageA
LoadKeyboardLayoutA
GetClipboardSequenceNumber
DlgDirSelectExA
SetParent
CloseClipboard
GetNextDlgTabItem
RealGetWindowClassA
LoadImageW
DefDlgProcA
LoadIconW
UserHandleGrantAccess
ScrollWindow
GetUpdateRect
PE exports
Number of PE resources by type
RT_BITMAP 4
RT_STRING 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SERBIAN DEFAULT 8
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
274432

EntryPoint
0x12b53

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2018, hilufumamado

FileVersion
3.7.3.77

TimeStamp
2018:03:01 03:25:40+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wuniduzuce.exe

ProductVersion
3.7.3.77

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
97792

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3bcb5c82650b1eb335d682109f0a2cc7
SHA1 1ca3f6cbafc139d6a8d5bf3a9b16f26eb57c9314
SHA256 06a31575b2306421d8a6f186275848ef409c5835549db2a45d62ef4d1bd09c6e
ssdeep
6144:XZfQ5IRYts5lt0LatsGHGhDyGbGjjqbW/BX:XROdyZIW/

authentihash 55a99dfea210874fbcfdb9e9d08ed51a419928de4f3b0ddc7a7f7b5741b65d4a
imphash a51119f32d0e30579e1b4702fec2dc30
File size 251.0 KB ( 257024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-29 15:11:33 UTC ( 1 month, 2 weeks ago )
Last submission 2018-12-29 15:11:33 UTC ( 1 month, 2 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections