× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 082c77b6d1abbbdb889d27966cf2a0da5dca1b0e10c44ccfd42be5bbdd8549a7
File name: 04505f98297cc11fb53e3a5b5d41b46c
Detection ratio: 35 / 66
Analysis date: 2018-01-19 21:12:29 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Midie.43247 20180119
AhnLab-V3 Trojan/Win32.Poison.R218060 20180119
ALYac Gen:Variant.Midie.43247 20180119
Antiy-AVL Trojan/Win32.Refinka 20180119
Arcabit Trojan.Midie.DA8EF 20180119
Avast Win32:Malware-gen 20180119
AVG Win32:Malware-gen 20180119
Avira (no cloud) TR/Crypt.XPACK.Gen 20180119
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180118
BitDefender Gen:Variant.Midie.43247 20180119
Bkav HW32.Packed.914E 20180119
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20180119
eGambit Unsafe.AI_Score_100% 20180119
Emsisoft Gen:Variant.Midie.43247 (B) 20180119
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.GBVD 20180119
GData Gen:Variant.Midie.43247 20180119
Ikarus Trojan.Win32.Crypt 20180119
Sophos ML heuristic 20170914
K7GW Trojan ( 0052433d1 ) 20180119
Kaspersky Trojan.Win32.Refinka.orr 20180119
MAX malware (ai score=86) 20180119
McAfee RDN/Generic.hbg 20180119
McAfee-GW-Edition BehavesLike.Win32.Ransomware.cc 20180119
eScan Gen:Variant.Midie.43247 20180119
Qihoo-360 HEUR/QVM20.1.A387.Malware.Gen 20180119
Rising Trojan.Kryptik!1.AE8C (CLASSIC) 20180119
SentinelOne (Static ML) static engine - malicious 20180115
Sophos AV Mal/Generic-S 20180119
Symantec Packed.Generic.493 20180119
TrendMicro Ransom_CERBER.SMALY0A 20180119
TrendMicro-HouseCall Ransom_CERBER.SMALY0A 20180119
Webroot W32.Trojan.Gen 20180119
ZoneAlarm by Check Point Trojan.Win32.Refinka.orr 20180119
AegisLab 20180119
Alibaba 20180119
Avast-Mobile 20180119
AVware 20180119
CAT-QuickHeal 20180119
ClamAV 20180119
CMC 20180116
Comodo 20180119
Cybereason 20171103
Cyren 20180119
DrWeb 20180119
F-Prot 20180119
Fortinet 20180119
Jiangmin 20180119
K7AntiVirus 20180119
Kingsoft 20180119
Malwarebytes 20180119
Microsoft 20180119
NANO-Antivirus 20180119
nProtect 20180119
Palo Alto Networks (Known Signatures) 20180119
Panda 20180119
SUPERAntiSpyware 20180119
Symantec Mobile Insight 20180119
Tencent 20180119
TheHacker 20180119
TotalDefense 20180118
Trustlook 20180119
VBA32 20180119
VIPRE 20180119
ViRobot 20180119
Yandex 20180112
Zillya 20180119
Zoner 20180119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-09 09:13:41
Entry Point 0x00001014
Number of sections 4
PE sections
PE imports
ReadEventLogA
RegOpenKeyA
RegSaveKeyA
RegUnLoadKeyW
RegDeleteValueW
OpenEventLogA
CryptSignHashA
GetUserNameA
LogonUserA
RegLoadKeyW
RegRestoreKeyW
RegEnumKeyA
CreateServiceW
CoRegCleanup
SetSetupSave
DowngradeAPL
ComPlusMigrate
SetSetupOpen
CertFreeCTLContext
CertGetNameStringA
CertOpenStore
CertCloseStore
CertAlgIdToOID
CryptMsgUpdate
CertDeleteCTLFromStore
CryptMsgControl
CryptMemAlloc
CryptMsgGetParam
CertFindCTLInStore
CertCreateCRLContext
CertGetStoreProperty
CDLocateRng
CDBuildVect
MD5Final
MD5Init
MD5Update
GetOEMCP
LoadLibraryExA
GetConsoleAliasA
lstrlen
Heap32Next
GetModuleHandleA
OpenEventW
WaitForSingleObject
GetCommandLineW
lstrcmp
GetLogicalDriveStringsW
WriteFile
CreateMutexW
CreateFileW
GetCommandLineA
GetProcAddress
GetStringTypeW
LeaveCriticalSection
InsertMenuA
IsDialogMessageW
DrawStateA
IsWindowVisible
CreateDesktopW
MessageBoxA
GetClassLongA
GetMessageW
DialogBoxParamA
GetWindow
CharToOemA
LoadMenuW
DispatchMessageW
GetDlgItemTextW
Number of PE resources by type
RT_MENU 1
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:06:09 10:13:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
140288

LinkerVersion
32.35

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1014

InitializedDataSize
20992

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 04505f98297cc11fb53e3a5b5d41b46c
SHA1 b54243b908defca9d7f9a34a500b428d83cb5675
SHA256 082c77b6d1abbbdb889d27966cf2a0da5dca1b0e10c44ccfd42be5bbdd8549a7
ssdeep
3072:W+UZl9EJmINcefEgicutQrSnOIbuP0366Rtmluat0pR:KZIxLxiqenOYzrGTS

authentihash 987461789d1037fb4e1e1bb4df265b62f26377aafa6d29004495bc9018725f12
imphash 6f3a6fd412b8c5b4bb78abd28e53354c
File size 158.5 KB ( 162304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (40.5%)
Win32 Dynamic Link Library (generic) (20.3%)
Win32 Executable (generic) (13.9%)
Win16/32 Executable Delphi generic (6.4%)
OS/2 Executable (generic) (6.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-01-19 21:12:29 UTC ( 1 year, 4 months ago )
Last submission 2018-01-19 21:12:29 UTC ( 1 year, 4 months ago )
File names 04505f98297cc11fb53e3a5b5d41b46c
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs