× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0a48504b794b57a3e6544c49e4afde159923c16e601e1abce2e50f30f33ec1ae
File name: wp-cron.exe
Detection ratio: 24 / 68
Analysis date: 2018-10-19 05:54:52 UTC ( 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40620714 20181019
ALYac Trojan.GenericKD.40620714 20181019
Arcabit Trojan.Generic.D26BD2AA 20181019
Avast Win32:Malware-gen 20181019
AVG Win32:Malware-gen 20181019
BitDefender Trojan.GenericKD.40620714 20181019
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cylance Unsafe 20181019
Emsisoft Trojan.GenericKD.40620714 (B) 20181019
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Generik.CBDDSQK 20181019
F-Secure Trojan.GenericKD.40620714 20181019
GData Trojan.GenericKD.40620714 20181019
Ikarus Trojan.SuspectCRC 20181018
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0053f2e81 ) 20181019
K7GW Trojan ( 0053f2e81 ) 20181019
Kaspersky Trojan.Win32.Yakes.xqps 20181019
Malwarebytes Trojan.IcedID 20181019
McAfee RDN/Generic.tfr 20181019
McAfee-GW-Edition BehavesLike.Win32.Generic.jh 20181019
eScan Trojan.GenericKD.40620714 20181019
Symantec ML.Attribute.HighConfidence 20181018
ZoneAlarm by Check Point Trojan.Win32.Yakes.xqps 20181019
AegisLab 20181019
AhnLab-V3 20181018
Alibaba 20180921
Antiy-AVL 20181019
Avast-Mobile 20181018
Avira (no cloud) 20181019
Babable 20180918
Baidu 20181019
Bkav 20181018
CAT-QuickHeal 20181018
ClamAV 20181019
CMC 20181019
Cybereason 20180225
Cyren 20181019
DrWeb 20181019
eGambit 20181019
F-Prot 20181019
Fortinet 20181019
Jiangmin 20181019
Kingsoft 20181019
MAX 20181019
Microsoft 20181019
NANO-Antivirus 20181019
Palo Alto Networks (Known Signatures) 20181019
Panda 20181018
Qihoo-360 20181019
Rising 20181019
SentinelOne (Static ML) 20181011
Sophos AV 20181019
SUPERAntiSpyware 20181015
Symantec Mobile Insight 20181001
TACHYON 20181019
Tencent 20181019
TheHacker 20181018
TotalDefense 20181018
TrendMicro 20181019
TrendMicro-HouseCall 20181019
Trustlook 20181019
VBA32 20181018
VIPRE 20181018
ViRobot 20181019
Webroot 20181019
Yandex 20181018
Zillya 20181018
Zoner 20181018
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Google Ventures ©. All rights reserved.

Product Stern
Original name Stern
Internal name Stern
File version 3.4.64.6
Description Randy Hack
Comments Randy Hack
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-17 19:21:49
Entry Point 0x0000E580
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorDacl
CryptReleaseContext
CryptAcquireContextA
SetSecurityDescriptorGroup
CryptGenRandom
CryptGenKey
AVIStreamOpenFromFileA
AVIFileInit
AVIMakeCompressedStream
AVIStreamSetFormat
AVIFileExit
AVIStreamInfoA
ImageList_Create
GetDeviceCaps
GetObjectA
TextOutA
ExtTextOutW
SelectObject
CreateFontA
GetTextMetricsA
SetViewportOrgEx
SelectPalette
CreateFontIndirectA
AddFontResourceExW
CreateSolidBrush
CombineRgn
SetBkColor
SelectClipRgn
CreateCompatibleDC
DeleteObject
RealizePalette
SetTextColor
GetStdHandle
CancelIoEx
WaitForSingleObject
HeapDestroy
EncodePointer
GetCommandLineW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
OutputDebugStringW
TlsGetValue
EnumDateFormatsA
OutputDebugStringA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FatalAppExitA
SetFilePointer
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetDateFormatA
GetStartupInfoW
GetUserDefaultLCID
SetFileInformationByHandle
VirtualProtectEx
HeapValidate
FreeConsole
IsValidLocale
GetProcAddress
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
GetEnvironmentStringsW
GetCurrentProcessId
GetCompressedFileSizeW
HeapQueryInformation
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
WriteFile
Sleep
IsBadReadPtr
VirtualAlloc
NetWkstaUserGetInfo
SysFreeString
OleTranslateColor
SysAllocStringLen
UuidToStringA
UuidCreate
CommandLineToArgvW
PathFileExistsW
PathIsDirectoryW
SendNotifyMessageA
GetParent
UpdateWindow
AttachThreadInput
BeginPaint
OffsetRect
SetScrollRange
ScrollWindowEx
AppendMenuW
SetCaretBlinkTime
GetSysColor
SetActiveWindow
GetDC
CreateDialogParamW
ReleaseDC
GetMenu
EndMenu
SendMessageA
SetScrollPos
FrameRect
CreateWindowExA
LoadCursorA
IsDlgButtonChecked
GetSysColorBrush
GetDialogBaseUnits
DestroyWindow
mmioStringToFOURCCA
mmioDescend
mmioOpenA
mmioClose
EnumerateLoadedModules
GdiplusShutdown
PdhBrowseCountersA
Number of PE resources by type
RT_STRING 15
RT_DIALOG 5
RT_ICON 4
RT_BITMAP 3
RCDATA 2
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 33
PE resources
Debug information
ExifTool file metadata
CodeSize
328704

SubsystemVersion
5.1

Comments
Randy Hack

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.4.64.6

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Randy Hack

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
299008

PrivateBuild
3.4.64.6

EntryPoint
0xe580

OriginalFileName
Stern

MIMEType
application/octet-stream

LegalCopyright
Google Ventures . All rights reserved.

FileVersion
3.4.64.6

TimeStamp
2018:10:17 21:21:49+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Stern

ProductVersion
3.4.64.6

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Google Ventures

LegalTrademarks
Google Ventures . All rights reserved.

ProductName
Stern

ProductVersionNumber
3.4.64.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ea8b07f3f63dc97312e483394da5ad1c
SHA1 84c9265985dfe10089bf5b749e47cbeef6bf5e75
SHA256 0a48504b794b57a3e6544c49e4afde159923c16e601e1abce2e50f30f33ec1ae
ssdeep
12288:tgetbkhQUf0C7/BhL/3H/4MfubQQsnOrRHgLD4oaI8xGSjo:tgeFUfH/zPp1urlgLD4fjo

authentihash 1cb5bc7e7bc6fd0c34aa0295f097586b81ad8a9a3713812c46d25ee5f930b136
imphash c983bfad24d4e08b23d756805b2848fa
File size 614.0 KB ( 628736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-18 04:31:38 UTC ( 6 months ago )
Last submission 2018-11-07 05:24:45 UTC ( 5 months, 1 week ago )
File names crypt.exe
output.114388090.txt
ea8b07f3f63dc97312e483394da5ad1c
wp-cron.exe
Stern
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!