× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0a8a65f81001f20152e3b7591b01cfc82d3af55dd6a45187f8cdf38e15c23875
File name: e64c406bed77dc5a0acf44978b8c6ab5.vir
Detection ratio: 53 / 69
Analysis date: 2018-09-23 19:36:22 UTC ( 4 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.CMGQ 20180923
AegisLab Ml.Attribute.Gen!c 20180923
AhnLab-V3 Trojan/Win32.Trickbot.R208205 20180923
ALYac Trojan.Trickster.Gen 20180923
Arcabit Trojan.Generic 20180923
Avast Win32:Malware-gen 20180923
AVG Win32:Malware-gen 20180923
Avira (no cloud) TR/Crypt.XPACK.Gen7 20180923
AVware Trojan.Win32.Generic!BT 20180923
BitDefender Trojan.Agent.CMGQ 20180923
CAT-QuickHeal Trojan.Mauvaise.SL1 20180923
Comodo UnclassifiedMalware 20180923
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.bed77d 20180225
Cylance Unsafe 20180923
Cyren W32/Trojan.OOEF-7116 20180923
DrWeb Trojan.Packed2.40335 20180923
Emsisoft Trojan.Agent.CMGQ (B) 20180923
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/TrickBot.V 20180923
F-Secure Trojan.Agent.CMGQ 20180923
Fortinet W32/Kryptik.TRICKB!tr 20180923
GData Trojan.Agent.CMGQ 20180923
Ikarus Trojan-Banker.TrickBot 20180923
Sophos ML heuristic 20180717
Jiangmin Trojan.Trickster.oe 20180923
K7AntiVirus Trojan ( 005158a21 ) 20180923
K7GW Trojan ( 005158a21 ) 20180923
Kaspersky HEUR:Trojan.Win32.Generic 20180923
MAX malware (ai score=100) 20180923
McAfee Trojan-FNZP!E64C406BED77 20180923
McAfee-GW-Edition BehavesLike.Win32.Generic.gh 20180923
Microsoft Trojan:Win32/Skeeyah.A!rfn 20180923
eScan Trojan.Agent.CMGQ 20180923
NANO-Antivirus Trojan.Win32.Trickster.eslzks 20180923
Palo Alto Networks (Known Signatures) generic.ml 20180923
Panda Trj/GdSda.A 20180923
Qihoo-360 HEUR/QVM06.2.9811.Malware.Gen 20180923
Rising Trojan.TrickBot!8.E313 (CLOUD) 20180923
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Troj/Trickbo-Y 20180923
Symantec Trojan.Trickybot 20180923
TACHYON Trojan/W32.Trickster.500224 20180922
Tencent Win32.Trojan.Generic.Ajbo 20180923
TrendMicro TSPY_TRICKBOT.AUTM 20180923
TrendMicro-HouseCall TSPY_TRICKBOT.AUTM 20180923
VBA32 Trojan.Trickster 20180921
VIPRE Trojan.Win32.Generic!BT 20180923
ViRobot Trojan.Win32.U.Agent.500224.B 20180923
Webroot W32.Trojan.Gen 20180923
Yandex Trojan.Trickster! 20180922
Zillya Trojan.Trickster.Win32.408 20180922
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180923
Alibaba 20180921
Antiy-AVL 20180923
Avast-Mobile 20180923
Babable 20180918
Baidu 20180914
Bkav 20180921
ClamAV 20180923
CMC 20180923
eGambit 20180923
F-Prot 20180923
Kingsoft 20180923
Malwarebytes 20180923
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180918
TheHacker 20180920
TotalDefense 20180923
Trustlook 20180923
Zoner 20180922
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-09-28 10:01:45
Entry Point 0x00001D96
Number of sections 3
PE sections
PE imports
InitCommonControlsEx
GetLastError
lstrlenA
lstrcmpA
GetSystemInfo
GetModuleHandleA
lstrcatA
GetCommandLineW
GetCurrentDirectoryA
ExitProcess
GetStartupInfoA
HeapAlloc
MapViewOfFile
CreateFileA
GetCommandLineA
SetLastError
GetProcessHeap
CommandLineToArgvW
SetFocus
GetMessageA
GetParent
BeginPaint
PostQuitMessage
DefWindowProcA
LoadMenuW
MapWindowPoints
GetWindowRect
DispatchMessageA
EndPaint
MoveWindow
MessageBoxA
TranslateMessage
SetDlgItemTextW
GetMenuItemID
RegisterClassExA
GetCursorPos
ShowCaret
GetMenu
LoadStringA
RegisterClassW
SendMessageA
LoadStringW
LoadAcceleratorsA
wsprintfA
CreateWindowExA
LoadCursorA
LoadIconA
GetKeyboardState
GetActiveWindow
ModifyMenuW
GetDesktopWindow
LockWindowUpdate
OpenClipboard
DestroyWindow
Number of PE resources by type
RT_MENU 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:09:28 11:01:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
33280

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1d96

InitializedDataSize
465920

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 e64c406bed77dc5a0acf44978b8c6ab5
SHA1 7dc3e6c6745a6e7f605697ce3d2262d56a5671a5
SHA256 0a8a65f81001f20152e3b7591b01cfc82d3af55dd6a45187f8cdf38e15c23875
ssdeep
6144:kebHYvzamoKgzQCBUlYTv2oia6z4NjYg7jTNBkMIltczGvfo+jpU05KoZCH4:kloKMrQYjXijGjYQvcMat2N+l7NV

authentihash 045f747e109353b60916fb090878b92bb28af1f176a9f5d9975cff44479043a9
imphash e760982cb87b9361dcc06db398267fb2
File size 488.5 KB ( 500224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-01 10:13:34 UTC ( 1 year, 5 months ago )
Last submission 2018-05-19 21:37:17 UTC ( 9 months ago )
File names scewys.exe
kas7.png
scewys.exe
e64c406bed77dc5a0acf44978b8c6ab5.exe
rbdvxr.exe
scewys.exe
e64c406bed77dc5a0acf44978b8c6ab5.vir
scewys.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications