× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0b51bd5edcb3013f9dcf715ee738e53b26e83d9fa489b65ea4b5c9975c049538
File name: BILONEBILO.EXE
Detection ratio: 38 / 65
Analysis date: 2017-09-19 15:07:29 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.410657 20170919
ALYac Gen:Variant.Graftor.410657 20170919
Antiy-AVL Trojan/Win32.AGeneric 20170919
Arcabit Trojan.Graftor.D64421 20170919
Avast FileRepMalware 20170919
AVG FileRepMalware 20170919
AVware Trojan.Win32.Generic!BT 20170919
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9993 20170919
BitDefender Gen:Variant.Graftor.410657 20170919
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170804
Cylance Unsafe 20170919
DrWeb Trojan.TinyNuke.9 20170919
Emsisoft Gen:Variant.Graftor.410657 (B) 20170919
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Injector.DRRH 20170919
F-Secure Gen:Variant.Graftor.410657 20170919
Fortinet W32/Injector.DRRH!tr 20170919
GData Gen:Variant.Graftor.410657 20170919
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 00500d011 ) 20170919
K7GW Trojan ( 00500d011 ) 20170919
Kaspersky Trojan.Win32.Zonidel.aad 20170919
Malwarebytes Ransom.Crysis 20170919
MAX malware (ai score=87) 20170919
McAfee Artemis!2C7FC81CBAF1 20170919
McAfee-GW-Edition BehavesLike.Win32.Virut.cc 20170919
eScan Gen:Variant.Graftor.410657 20170919
Panda Trj/GdSda.A 20170919
Qihoo-360 HEUR/QVM17.0.F297.Malware.Gen 20170919
Rising Malware.Heuristic!ET#97% (rdm+) 20170919
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Generic-S 20170919
Symantec SecurityRisk.gen1 20170919
TrendMicro-HouseCall TROJ_GEN.R039H0CIJ17 20170919
VIPRE Trojan.Win32.Generic!BT 20170919
Webroot W32.Trojan.Gen 20170919
WhiteArmor Malware.HighConfidence 20170829
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170919
AegisLab 20170919
AhnLab-V3 20170919
Alibaba 20170911
Avast-Mobile 20170829
Avira (no cloud) 20170919
CAT-QuickHeal 20170919
ClamAV 20170919
CMC 20170919
Comodo 20170918
Cyren 20170919
F-Prot 20170919
Ikarus 20170919
Jiangmin 20170919
Kingsoft 20170919
Microsoft 20170919
NANO-Antivirus 20170919
nProtect 20170919
Palo Alto Networks (Known Signatures) 20170919
SUPERAntiSpyware 20170919
Symantec Mobile Insight 20170917
Tencent 20170919
TheHacker 20170916
TotalDefense 20170919
TrendMicro 20170919
Trustlook 20170919
VBA32 20170919
ViRobot 20170919
Yandex 20170908
Zillya 20170919
Zoner 20170919
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017

Product TODO: <Product name>
Original name uizheifuhziufe.exe
Internal name uizheifuhziufe.exe
File version 1.0.0.1
Description TODO: <File description>
Packers identified
F-PROT PECompact, PecBundle
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-15 09:30:47
Entry Point 0x000104D8
Number of sections 2
PE sections
PE imports
VarUI4FromUI2
ShellExecuteA
CascadeWindows
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
AFX_DIALOG_LAYOUT 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
FRENCH 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
French

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
167936

EntryPoint
0x104d8

OriginalFileName
uizheifuhziufe.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017

FileVersion
1.0.0.1

TimeStamp
2017:09:15 10:30:47+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
uizheifuhziufe.exe

ProductVersion
1.0.0.1

FileDescription
TODO: <File description>

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
TODO: <Company name>

CodeSize
143872

ProductName
TODO: <Product name>

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2c7fc81cbaf1c14439e7b78edab143ae
SHA1 c657aebca2e391c784f7c6b25ad9a44089f3299d
SHA256 0b51bd5edcb3013f9dcf715ee738e53b26e83d9fa489b65ea4b5c9975c049538
ssdeep
6144:050Yut+iw+5TXQlWDtpuakgkjNog+S7DoQ:6i3TglaMakXm27DB

authentihash a0b3f80844dfe645d8b58a4a3b30fb25d56f08fbae1eea9fbc9521ccfb776d65
imphash 55b60c0a6fbc3fb1c13c2d7cdf3c8af4
File size 199.0 KB ( 203776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (50.1%)
Win32 EXE PECompact compressed (generic) (35.3%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
pecompact peexe

VirusTotal metadata
First submission 2017-09-19 15:07:29 UTC ( 1 year, 7 months ago )
Last submission 2018-05-21 08:11:34 UTC ( 11 months ago )
File names BILONEBILO.EXE
uizheifuhziufe.exe
2c7fc81cbaf1c14439e7b78edab143ae.vir
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Shell commands
Created mutexes
Runtime DLLs
UDP communications