× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0c03b26478deec8800be159af8c0023f4a79c2dfebb515b50b4955820e8f4a00
File name: g9141.tmp.exe
Detection ratio: 46 / 64
Analysis date: 2017-09-27 17:30:02 UTC ( 2 weeks, 6 days ago )
Antivirus Result Update
Ad-Aware Trojan.Agent.CCXB 20170927
AegisLab Atros4.Bzwl.Gen!c 20170927
AhnLab-V3 Trojan/Win64.Generic.C1774090 20170927
Antiy-AVL Trojan/Win32.BTSGeneric 20170927
Arcabit Trojan.Agent.CCXB 20170927
Avast Win64:Malware-gen 20170927
AVG Win64:Malware-gen 20170927
Avira (no cloud) TR/Razy.uxzpr 20170927
AVware Trojan.Win32.Generic!BT 20170927
BitDefender Trojan.Agent.CCXB 20170927
CAT-QuickHeal Trojan.Wdfload 20170927
ClamAV Win.Malware.Wdfload-5855252-0 20170927
Comodo ApplicUnwnt 20170927
Cyren W64/Trojan.FTRV-2507 20170927
Emsisoft Trojan.Agent.CCXB (B) 20170927
Endgame malicious (moderate confidence) 20170821
ESET-NOD32 a variant of Win64/Wdfload.G 20170927
F-Secure Trojan.Agent.CCXB 20170927
GData Trojan.Agent.CCXB 20170927
Ikarus Trojan.Win64.Wdfload 20170927
Sophos ML heuristic 20170914
Jiangmin Trojan.Wdfload.c 20170927
K7AntiVirus Trojan ( 0050209f1 ) 20170927
K7GW Trojan ( 0050209f1 ) 20170927
Kaspersky Trojan.Win64.Wdfload.a 20170927
MAX malware (ai score=80) 20170927
McAfee RDN/Generic.com 20170927
McAfee-GW-Edition RDN/Generic.com 20170927
eScan Trojan.Agent.CCXB 20170927
NANO-Antivirus Trojan.Win64.Wdfload.eloblf 20170927
nProtect Trojan/W32.Agent.240640.JU 20170927
Palo Alto Networks (Known Signatures) generic.ml 20170927
Panda Trj/CI.A 20170927
Rising Trojan.Wdfload!8.E207 (CLOUD) 20170927
SentinelOne (Static ML) static engine - malicious 20170806
Symantec Trojan.Gen.2 20170927
Tencent Win64.Trojan.Wdfload.Eof 20170927
TheHacker Trojan/Wdfload.g 20170925
TrendMicro TROJ_GEN.R002C0OIM17 20170927
TrendMicro-HouseCall TROJ_GEN.R002C0OIM17 20170927
VBA32 Trojan.Win64.Wdfload 20170927
VIPRE Trojan.Win32.Generic!BT 20170927
ViRobot Trojan.Win32.Z.Wdfload.240640 20170927
Webroot W32.Adware.Gen 20170927
Yandex Trojan.Wdfload! 20170908
ZoneAlarm by Check Point Trojan.Win64.Wdfload.a 20170927
Alibaba 20170911
ALYac 20170927
Avast-Mobile 20170927
Baidu 20170927
CMC 20170927
CrowdStrike Falcon (ML) 20170804
Cylance 20170927
DrWeb 20170927
F-Prot 20170927
Fortinet 20170927
Kingsoft 20170927
Malwarebytes 20170927
Microsoft 20170927
Qihoo-360 20170927
Sophos AV 20170927
SUPERAntiSpyware 20170927
Symantec Mobile Insight 20170927
TotalDefense 20170927
Trustlook 20170927
Zillya 20170927
Zoner 20170927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2017-01-15 22:32:46
Entry Point 0x000014D0
Number of sections 10
PE sections
PE imports
RegRestoreKeyA
RegUnLoadKeyA
RegOpenKeyA
RegQueryValueA
BackupEventLogA
RegSetValueExA
RevertToSelf
RegQueryMultipleValuesA
RegCreateKeyExA
ObjectCloseAuditAlarmA
RegEnumKeyExA
IsValidSecurityDescriptor
GetLastError
EnterCriticalSection
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
IsBadWritePtr
VirtualProtect
GetModuleFileNameA
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
DeleteFileA
RtlVirtualUnwind
UnhandledExceptionFilter
GetProcAddress
RtlAddFunctionTable
RegisterWaitForSingleObject
WideCharToMultiByte
GetModuleHandleA
IsSystemResumeAutomatic
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
GetStartupInfoA
RtlCaptureContext
CloseHandle
GetSystemTimeAsFileTime
LocalFree
TerminateProcess
InitializeCriticalSection
VirtualQuery
CreateEventA
TlsGetValue
Sleep
IsBadReadPtr
IsBadCodePtr
GetCurrentThreadId
SetCurrentDirectoryA
LeaveCriticalSection
VarFormat
SafeArrayGetElement
SysAllocStringLen
SafeArraySetRecordInfo
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayAllocDescriptor
SafeArrayGetUBound
SysReAllocString
SafeArrayRedim
SafeArrayCopy
VariantChangeTypeEx
SHGetInstanceExplorer
SHGetSpecialFolderLocation
SHGetMalloc
CommandLineToArgvW
CharPrevA
GetMessageA
DestroyMenu
PostQuitMessage
DefWindowProcA
DispatchMessageA
CascadeWindows
TranslateMessage
DestroyCaret
ActivateKeyboardLayout
CreatePopupMenu
CheckMenuItem
SendMessageA
SetTimer
RegisterClassA
FindWindowExA
CreateWindowExA
LoadCursorA
LoadIconA
CreateIcon
DestroyAcceleratorTable
CreateIconFromResourceEx
CreateIconFromResource
CloseClipboard
PostThreadMessageA
WSAGetServiceClassNameByClassIdA
WSACreateEvent
WSAGetOverlappedResult
WSAEnumNetworkEvents
WSARecvDisconnect
WSANtohs
strncmp
__lconv_init
malloc
fread
fclose
__dllonexit
_cexit
abort
fprintf
fopen
_fmode
_amsg_exit
__C_specific_handler
fwrite
_lock
_onexit
__initenv
exit
tmpnam
__setusermatherr
_acmdln
_unlock
free
vfprintf
__getmainargs
calloc
strlen
memcpy
signal
__iob_func
remove
_initterm
__set_app_type
StgCreateDocfile
CoUnmarshalHresult
CreateItemMoniker
CoAddRefServerProcess
CoCreateGuid
CoMarshalHresult
CreateFileMoniker
CoCopyProxy
CreateDataAdviseHolder
CoTaskMemFree
Number of PE resources by type
RT_ICON 8
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2017:01:15 23:32:46+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
62464

LinkerVersion
2.27

EntryPoint
0x14d0

InitializedDataSize
239616

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
2560

Execution parents
Compressed bundles
File identification
MD5 01b1e0f46ca45319742f87d566fd7eeb
SHA1 ae4dd19ef9ce82c0d4611c2455902f913c780d5a
SHA256 0c03b26478deec8800be159af8c0023f4a79c2dfebb515b50b4955820e8f4a00
ssdeep
3072:LnQav3oUbh5WAOWaZFfgtbbLa7BTwXY2b3t7g:LnQy3oUbuHWCFotbKF72b35g

authentihash 8e61ee99908e6361240aa0e6532674c33b54b530aaa705cca92927e85988653f
imphash f24fb21fbaa64a58cef7f0c5409ce26b
File size 235.0 KB ( 240640 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (87.2%)
Generic Win/DOS Executable (6.3%)
DOS Executable Generic (6.3%)
VXD Driver (0.0%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2017-01-15 22:54:40 UTC ( 9 months ago )
Last submission 2017-08-28 19:45:19 UTC ( 1 month, 2 weeks ago )
File names g1003.tmp.exe
g7fad.tmp.exe
g7E45.tmp.exe
g9EFB.tmp.exe
gF8FD.tmp.exe
gDF91.tmp.exe
g3E90.tmp.exe
gC595.tmp.exe
g9141.tmp.exe
gAED1.tmp.exe
g9799.tmp.exe
g7C50.tmp.exe
g197.tmp.exe
g2CFD.tmp.exe
gC168.tmp.exe
gcdb3.tmp.exe
gEB3D.tmp.exe
g951F.tmp.exe
g92FA.tmp.exe
gC8F5.tmp.exe
gCF82.tmp.exe
gE950.tmp.exe
gCFCB.tmp.exe
g8A46.tmp.exe
gBD80.tmp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!