× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0b11f581e4d4a3fa3cc31b94839c221ea8b386a341c880e0d49f739dc12182b8
File name: MLim80qsx.exe
Detection ratio: 14 / 67
Analysis date: 2018-09-27 23:25:52 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20180927
Comodo TrojWare.Win32.Dovs.MO 20180927
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.5a7b01 20180225
Cylance Unsafe 20180927
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
K7GW Hacktool ( 700007861 ) 20180927
McAfee-GW-Edition BehavesLike.Win32.Dropper.ch 20180927
Palo Alto Networks (Known Signatures) generic.ml 20180927
Qihoo-360 HEUR/QVM20.1.2775.Malware.Gen 20180927
Rising Trojan.Emotet!8.B95 (TFE:dGZlOgOjYHGht61ixA) 20180927
SentinelOne (Static ML) static engine - malicious 20180926
Symantec ML.Attribute.HighConfidence 20180927
Ad-Aware 20180927
AegisLab 20180927
AhnLab-V3 20180927
Alibaba 20180921
Antiy-AVL 20180927
Arcabit 20180927
Avast 20180927
Avast-Mobile 20180927
Avira (no cloud) 20180927
AVware 20180925
Babable 20180918
Baidu 20180927
BitDefender 20180927
Bkav 20180927
CAT-QuickHeal 20180927
ClamAV 20180927
CMC 20180927
Cyren 20180927
DrWeb 20180927
eGambit 20180927
Emsisoft 20180927
ESET-NOD32 20180927
F-Prot 20180927
F-Secure 20180927
Fortinet 20180927
GData 20180927
Ikarus 20180927
Jiangmin 20180927
K7AntiVirus 20180927
Kaspersky 20180927
Kingsoft 20180927
Malwarebytes 20180927
MAX 20180927
McAfee 20180927
Microsoft 20180927
eScan 20180927
NANO-Antivirus 20180927
Panda 20180927
Sophos AV 20180927
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180927
Tencent 20180927
TheHacker 20180927
TotalDefense 20180925
TrendMicro 20180927
TrendMicro-HouseCall 20180927
Trustlook 20180927
VBA32 20180927
ViRobot 20180927
Webroot 20180927
Yandex 20180927
Zillya 20180927
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-27 23:15:56
Entry Point 0x00004220
Number of sections 5
PE sections
PE imports
RegSaveKeyExW
GetSecurityDescriptorControl
SetFileSecurityW
CreateToolbarEx
GetOpenFileNameW
CryptMsgGetAndVerifySigner
CryptStringToBinaryA
JetSetColumns
PaintRgn
GetCharABCWidthsW
GetCharacterPlacementW
InvertRgn
GetClipRgn
RectVisible
EqualRgn
ExtCreateRegion
EnumFontsA
GetBkColor
CreateFontW
ImmGetCompositionStringW
GetUserDefaultUILanguage
PeekNamedPipe
CompareStringW
SetCriticalSectionSpinCount
GetCurrencyFormatW
SetCurrentDirectoryW
GetNamedPipeServerProcessId
SetTimerQueueTimer
PostQueuedCompletionStatus
ResetEvent
FreeConsole
InterlockedCompareExchange
FillConsoleOutputAttribute
LZOpenFileW
MprConfigBufferFree
VARIANT_UserFree
SysAllocStringLen
glGetError
glTexCoord2f
WriteGlobalPwrPolicy
RpcUserFree
SetupInstallServicesFromInfSectionExW
SetupFindNextMatchLineW
CM_Get_Device_ID_ExW
PathIsSystemFolderW
QuerySecurityContextToken
ChildWindowFromPoint
GetOpenClipboardWindow
CopyAcceleratorTableW
ExcludeUpdateRgn
GetCursor
EnumDisplaySettingsExW
GetWindow
DlgDirSelectComboBoxExA
GetLastInputInfo
SetDlgItemTextW
midiOutGetDevCapsA
mciGetCreatorTask
EnumFormsW
DeletePrinter
SCardGetProviderIdA
CoUnmarshalHresult
OleBuildVersion
GetConvertStg
PdhEnumObjectItemsW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:09:28 01:15:56+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
159744

LinkerVersion
16.1

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x4220

InitializedDataSize
49152

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 53e9f2b5a7b01961f9f346581a5d7522
SHA1 300a775e5c1df294428511a87115ae07c97b94d6
SHA256 0b11f581e4d4a3fa3cc31b94839c221ea8b386a341c880e0d49f739dc12182b8
ssdeep
3072:1dmAobksPhYNxY0CdhKj3DQt9PE6paeFv0WFtg3F/m5kap3C0uk5mZQzXwlowtX:J+ksPCKdMj3DEL4ev0WFtgVe5Xp3uk58

authentihash 8647804a5b469a361e221b8c12c90d3d02e4fd18613aee26297be382a75dc756
imphash b4f0827e494dffa313107eb7be4f2164
File size 176.0 KB ( 180224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-27 23:20:51 UTC ( 4 months, 3 weeks ago )
Last submission 2019-01-03 08:21:10 UTC ( 1 month, 2 weeks ago )
File names pXYtuephZ9Y.exe
HRfTY5oofV.exe
hNduDhBG.exe
xBgC5eh8h.exe
LdmM2fLwyt.exe
YMw2XZhESMq7.exe
7mM1uJbl.exe
sq737zrEq1h.exe
vMM2bi5b.exe
GG8jHR8Fli2v.exe
FTo6fgTAZ.exe
oMwsMn8nQ.exe
COm1tbVmY.exe
TjHBSpDs.exe
9o5h9cqjrt.exe
oC6KKfdVMun.exe
ND2P9lsY.exe
GqqPfDBMI.exe
53e9f2b5a7b01961f9f346581a5d7522
SnYWPI0uSb.exe
vRpf8slpO8v.exe
Vqh3OwzPRI6.exe
SKe5rgsvf.exe
yzXD5oBFW.exe
ymXmQIGUU.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!