× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 08b78981feef2baa13f8ccc2199cad0a97fc039034b4b311befa700916e091d4
File name: output.113076614.txt
Detection ratio: 37 / 65
Analysis date: 2018-04-05 14:15:26 UTC ( 11 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.84675 20180405
AegisLab Troj.W32.Generic!c 20180405
AhnLab-V3 Trojan/Win32.Ekstak.C2299132 20180405
ALYac Gen:Variant.Symmi.84675 20180405
Antiy-AVL Trojan/Win32.TSGeneric 20180405
Arcabit Trojan.Symmi.D14AC3 20180405
Avast Win32:Malware-gen 20180405
AVG Win32:Malware-gen 20180405
AVware Trojan.Win32.Generic!BT 20180405
BitDefender Gen:Variant.Symmi.84675 20180405
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20170201
Cylance Unsafe 20180405
Cyren W32/Trojan.CBJV-2040 20180405
DrWeb Trojan.PWS.Banker1.27310 20180405
Emsisoft Gen:Variant.Symmi.84675 (B) 20180405
Endgame malicious (moderate confidence) 20180403
ESET-NOD32 a variant of Win32/Injector.DXAR 20180405
F-Prot W32/Trojan3.ALZT 20180405
F-Secure Gen:Variant.Symmi.84675 20180405
Fortinet W32/Injector.DXAR!tr 20180405
GData Gen:Variant.Symmi.84675 20180405
Ikarus Win32.Outbreak 20180405
Sophos ML heuristic 20180121
Kaspersky HEUR:Trojan.Win32.Generic 20180405
MAX malware (ai score=98) 20180405
McAfee Artemis!57E8A4916742 20180405
McAfee-GW-Edition BehavesLike.Win32.Generic.tc 20180405
eScan Gen:Variant.Symmi.84675 20180405
Palo Alto Networks (Known Signatures) generic.ml 20180405
Panda Trj/GdSda.A 20180405
Rising Backdoor.Fynloski!8.1FD (TFE:3:NlZ0owA9NdL) 20180405
Sophos AV Mal/Generic-S 20180405
Symantec Trojan.Gen.2 20180405
Tencent Win32.Trojan.Inject.Auto 20180405
TrendMicro-HouseCall TROJ_GEN.R020H06D418 20180405
VIPRE Trojan.Win32.Generic!BT 20180405
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180405
Alibaba 20180404
Avast-Mobile 20180405
Avira (no cloud) 20180405
Baidu 20180404
Bkav 20180405
CAT-QuickHeal 20180405
ClamAV 20180405
CMC 20180405
Comodo 20180405
Cybereason None
eGambit 20180405
Jiangmin 20180405
K7AntiVirus 20180404
K7GW 20180405
Kingsoft 20180405
Malwarebytes 20180405
Microsoft 20180405
NANO-Antivirus 20180405
nProtect 20180405
Qihoo-360 20180405
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180405
Symantec Mobile Insight 20180401
TheHacker 20180404
TotalDefense 20180405
TrendMicro 20180405
Trustlook 20180405
VBA32 20180405
ViRobot 20180405
Yandex 20180405
Zillya 20180405
Zoner 20180405
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x003D8B10
Number of sections 3
PE sections
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
VariantCopy
SHGetFolderPathA
VerQueryValueA
Number of PE resources by type
RT_STRING 17
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 5
RT_DIALOG 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 37
RUSSIAN 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 15:22:17-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2043904

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x3d8b10

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
1986560

File identification
MD5 57e8a491674281f44b22aca8d72c8ad7
SHA1 051ef94b95e5dca2087713486481e48c0b6afaa2
SHA256 08b78981feef2baa13f8ccc2199cad0a97fc039034b4b311befa700916e091d4
ssdeep
49152:H6/XJ4JPUj08e9B29QZ9k9RP4GjmcLAR7jqskRd2S6+IUR6xZ6:HIqJj8e9PZ9E6uiHqskRnI

authentihash 221c698d1212c8fc0623c03145889feb5778cb8079f900b8411a4db715782d58
imphash 7fdbee4a55ee41124cfc9a5131b45c10
File size 2.0 MB ( 2048512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-04-05 04:30:06 UTC ( 11 months, 2 weeks ago )
Last submission 2018-05-23 10:26:28 UTC ( 9 months, 4 weeks ago )
File names 051ef94b95e5dca2087713486481e48c0b6afaa2
output.113076614.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs