× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0ab7a5ce87a3d7a67177805114c2344cc15c791ceba775d99dab6db07af2f3f5
File name: 922f26076daf81c300e303f032541a47_exe
Detection ratio: 10 / 68
Analysis date: 2018-06-14 12:58:20 UTC ( 9 months, 1 week ago ) View latest
Antivirus Result Update
Bkav W32.eHeur.Malware08 20180614
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180530
Cylance Unsafe 20180614
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/GenKryptik.CCIL 20180614
Sophos ML heuristic 20180601
Kaspersky UDS:DangerousObject.Multi.Generic 20180614
Palo Alto Networks (Known Signatures) generic.ml 20180614
Webroot W32.Trojan.Trickbot 20180614
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180614
Ad-Aware 20180614
AegisLab 20180614
AhnLab-V3 20180614
Alibaba 20180614
ALYac 20180614
Antiy-AVL 20180614
Arcabit 20180614
Avast 20180614
Avast-Mobile 20180613
AVG 20180614
Avira (no cloud) 20180614
AVware 20180614
Babable 20180406
Baidu 20180614
BitDefender 20180614
CAT-QuickHeal 20180614
ClamAV 20180614
CMC 20180614
Comodo 20180613
Cybereason 20180225
Cyren 20180614
DrWeb 20180614
eGambit 20180614
Emsisoft 20180614
F-Prot 20180614
F-Secure 20180614
Fortinet 20180614
GData 20180614
Ikarus 20180614
Jiangmin 20180614
K7AntiVirus 20180614
K7GW 20180614
Kingsoft 20180614
Malwarebytes 20180614
MAX 20180614
McAfee 20180614
McAfee-GW-Edition 20180613
Microsoft 20180614
eScan 20180614
NANO-Antivirus 20180614
Panda 20180614
Qihoo-360 20180614
Rising 20180614
SentinelOne (Static ML) 20180225
Sophos AV 20180614
SUPERAntiSpyware 20180614
Symantec 20180614
Symantec Mobile Insight 20180614
TACHYON 20180614
Tencent 20180614
TheHacker 20180613
TotalDefense 20180614
TrendMicro 20180614
TrendMicro-HouseCall 20180614
Trustlook 20180614
VBA32 20180614
VIPRE 20180614
ViRobot 20180614
Yandex 20180614
Zillya 20180614
Zoner 20180613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-14 09:25:01
Entry Point 0x000072E4
Number of sections 4
PE sections
PE imports
QueryServiceStatusEx
CloseServiceHandle
OpenSCManagerA
OpenServiceA
CreateToolhelp32Snapshot
GetModuleFileNameW
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
Process32NextW
GetStartupInfoA
GetCurrentProcessId
OpenProcess
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
Process32FirstW
InterlockedExchange
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
lstrcmpW
GetModuleHandleW
TerminateProcess
Sleep
GetCurrentThreadId
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
__p__fmode
memset
__dllonexit
_controlfp_s
_invoke_watson
_cexit
?terminate@@YAXXZ
isalnum
_lock
__p__commode
_onexit
_amsg_exit
exit
_XcptFilter
_encode_pointer
__setusermatherr
_decode_pointer
_adjust_fdiv
_acmdln
_ismbblead
_unlock
_crt_debugger_hook
__CxxFrameHandler3
_except_handler4_common
__getmainargs
_initterm
_initterm_e
_configthreadlocale
_exit
__set_app_type
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:06:14 11:25:01+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
30720

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
330240

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x72e4

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
Compressed bundles
File identification
MD5 922f26076daf81c300e303f032541a47
SHA1 22cc50d1ef127ab8587d1496d29b427c2f7dad74
SHA256 0ab7a5ce87a3d7a67177805114c2344cc15c791ceba775d99dab6db07af2f3f5
ssdeep
6144:RYRfXROeEkXBGAEuCSXcqR2KLrGmcfTrJSZNSVwBJX2/049FzWMcryUEnoF3lfm/:RYRvcejQWCSXcqRflcL1iEVwD4jzWMxX

authentihash 1050a9d15a249121bb5c1b7247e8efc496bb154bba386a5e479e7e6ff44a9ce1
imphash 406443b1ad3b382b6213cc223d23e6fe
File size 353.5 KB ( 361984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-14 12:36:52 UTC ( 9 months, 1 week ago )
Last submission 2018-06-16 10:04:28 UTC ( 9 months, 1 week ago )
File names jas.bin
jas.bin.exe
bblgnkgrp.exe
922f26076daf81c300e303f032541a47
lopercot.bin
jas.bin
SZLYWFU.EXE
b37a36a9b612b82ee2e9fec02d5f929d24aaa829
922f26076daf81c300e303f032541a47_exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs