× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0a94c5ad0b6466b53ca363673dbac7b3e97030c4121048042f34f38769444ea8
File name: avast_free_antivirus_setup_online.exe
Detection ratio: 49 / 67
Analysis date: 2018-06-16 23:00:43 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12397186 20180616
AegisLab Uds.Dangerousobject.Multi!c 20180616
AhnLab-V3 Trojan/Win32.Tiggre.R215363 20180616
ALYac Trojan.GenericKD.12397186 20180616
Antiy-AVL Trojan/Win32.StrongPity 20180616
Arcabit Trojan.Generic.DBD2A82 20180616
Avast Win32:Malware-gen 20180616
AVG Win32:Malware-gen 20180616
Avira (no cloud) TR/Drop.Daws.udtug 20180616
AVware Trojan.Win32.Generic!BT 20180616
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9990 20180615
BitDefender Trojan.GenericKD.12397186 20180616
CAT-QuickHeal Trojan.Mauvaise.SL1 20180616
Comodo UnclassifiedMalware 20180616
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.fc1e38 20180225
Cylance Unsafe 20180617
Cyren W32/Trojan.VHRU-3444 20180616
DrWeb Trojan.DownLoader26.10266 20180616
Emsisoft Trojan.GenericKD.12397186 (B) 20180616
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/StrongPity2.A 20180616
F-Secure Trojan.GenericKD.12397186 20180616
Fortinet W32/SpyAgent.PHE!tr 20180616
GData Trojan.GenericKD.12397186 20180616
Ikarus Win32.SuspectCrc 20180616
Sophos ML heuristic 20180601
Jiangmin TrojanDropper.Daws.hnc 20180616
K7AntiVirus Riskware ( 0040eff71 ) 20180616
K7GW Riskware ( 0040eff71 ) 20180616
Kaspersky HEUR:Trojan.Win32.StrongPity.gen 20180616
MAX malware (ai score=100) 20180617
McAfee GenericRXCV-DK!9544A11FC1E3 20180616
McAfee-GW-Edition BehavesLike.Win32.Gupboot.jc 20180616
eScan Trojan.GenericKD.12397186 20180616
NANO-Antivirus Trojan.Win32.StrongPity.etijyx 20180616
Palo Alto Networks (Known Signatures) generic.ml 20180617
Panda Trj/Genetic.gen 20180616
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180616
Symantec Trojan.Gen 20180616
Tencent Win32.Trojan-dropper.Daws.Hryi 20180617
TrendMicro TROJ_GEN.R002C0OE618 20180616
TrendMicro-HouseCall TROJ_GEN.R002C0OE618 20180616
VBA32 TrojanDropper.Daws 20180615
VIPRE Trojan.Win32.Generic!BT 20180616
Yandex Trojan.StrongPity! 20180615
Zillya Trojan.StrongPity.Win32.32 20180615
ZoneAlarm by Check Point HEUR:Trojan.Win32.StrongPity.gen 20180616
Alibaba 20180615
Avast-Mobile 20180616
Babable 20180406
Bkav 20180616
ClamAV 20180616
CMC 20180616
eGambit 20180617
F-Prot 20180616
Kingsoft 20180617
Malwarebytes 20180616
Microsoft 20180616
Qihoo-360 20180617
Rising 20180616
SUPERAntiSpyware 20180616
Symantec Mobile Insight 20180614
TACHYON 20180616
TheHacker 20180613
Trustlook 20180617
ViRobot 20180616
Webroot 20180617
Zoner 20180615
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-18 15:15:41
Entry Point 0x00002A3C
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
OutputDebugStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
SizeofResource
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
LockResource
GetCPInfo
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
CreateDirectoryW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
WriteFile
RaiseException
UnhandledExceptionFilter
WideCharToMultiByte
TlsFree
GetSystemTimeAsFileTime
ReadFile
SetEndOfFile
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
IsProcessorFeaturePresent
DeleteFileW
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
FreeResource
ReadConsoleW
TerminateProcess
GetModuleHandleExW
IsValidCodePage
LoadResource
FindResourceW
CreateFileW
TlsGetValue
Sleep
SetLastError
SetFileAttributesW
TlsSetValue
EncodePointer
GetCurrentThreadId
WriteConsoleW
LeaveCriticalSection
ShellExecuteW
wsprintfW
Number of PE resources by type
RT_ICON 5
RT_HTML 3
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
TURKISH DEFAULT 9
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:09:18 16:15:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
61952

LinkerVersion
12.0

EntryPoint
0x2a3c

InitializedDataSize
612352

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 9544a11fc1e38027920b57e051a396b1
SHA1 764748350ca14d38156b92ec57ba54f230097e5d
SHA256 0a94c5ad0b6466b53ca363673dbac7b3e97030c4121048042f34f38769444ea8
ssdeep
12288:lJP/SYRHiwGIHiZPdlgIVEX4wJBi04dmP1rsunbiAt:lJSYtGI431rw/iXmP19neAt

authentihash 431b5fee8143715a41f6349a20cf831b3f93e74013c55bd70c85357cc31a9b41
imphash 19aab448aea5b08b156c7070cd50e863
File size 652.0 KB ( 667648 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-21 15:26:11 UTC ( 10 months ago )
Last submission 2018-05-17 05:19:44 UTC ( 2 months ago )
File names avast_free_antivirus_setup_online.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications