× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0e9796091de45cae9c1e1f5c76b240c401b6a8beb9aba7b1934eac2c951c3c13
File name: f0274964.exe
Detection ratio: 16 / 70
Analysis date: 2019-02-12 19:09:10 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Avast Win64:Malware-gen 20190212
AVG Win64:Malware-gen 20190212
Avira (no cloud) TR/Spy.Stealer.aqire 20190212
ESET-NOD32 Python/PSW.Stealer.AD 20190212
F-Secure Trojan.TR/Spy.Stealer.aqire 20190212
Fortinet W32/Stealer.IOE!tr 20190212
Jiangmin Trojan.Generic.cqozq 20190212
K7AntiVirus Riskware ( 0040eff71 ) 20190212
K7GW Riskware ( 0040eff71 ) 20190212
Kaspersky Trojan-Spy.Win32.Stealer.ioe 20190212
Palo Alto Networks (Known Signatures) generic.ml 20190212
Qihoo-360 Win32/Trojan.ae7 20190212
Symantec Trojan.Gen.2 20190212
Tencent Win32.Trojan-spy.Stealer.Liqj 20190212
TrendMicro-HouseCall TROJ_GEN.R002H0CB919 20190212
ZoneAlarm by Check Point Trojan-Spy.Win32.Stealer.ioe 20190212
Acronis 20190208
Ad-Aware 20190212
AegisLab 20190212
AhnLab-V3 20190212
Alibaba 20180921
ALYac 20190212
Antiy-AVL 20190212
Arcabit 20190212
Avast-Mobile 20190212
Babable 20180918
Baidu 20190202
BitDefender 20190212
Bkav 20190201
CAT-QuickHeal 20190212
ClamAV 20190212
CMC 20190212
Comodo 20190212
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190212
Cyren 20190212
DrWeb 20190212
eGambit 20190212
Emsisoft 20190212
Endgame 20181108
F-Prot 20190212
GData 20190212
Ikarus 20190212
Sophos ML 20181128
Kingsoft 20190212
Malwarebytes 20190212
MAX 20190218
McAfee 20190212
McAfee-GW-Edition 20190212
Microsoft 20190212
eScan 20190212
NANO-Antivirus 20190212
Panda 20190212
Rising 20190212
SentinelOne (Static ML) 20190203
Sophos AV 20190212
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190207
TACHYON 20190212
TheHacker 20190212
TotalDefense 20190212
Trapmine 20190123
TrendMicro 20190212
Trustlook 20190212
VBA32 20190212
ViRobot 20190212
Webroot 20190212
Yandex 20190212
Zillya 20190212
Zoner 20190212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
PE header basic information
Target machine x64
Compilation timestamp 2018-09-04 14:40:31
Entry Point 0x00008CA8
Number of sections 7
PE sections
Overlays
MD5 dc31a168b94a3d7bdde34f52aee257ba
File type data
Offset 336896
Size 26880583
Entropy 8.00
PE imports
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
SetEndOfFile
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
FormatMessageW
FindClose
TlsGetValue
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
SetConsoleCtrlHandler
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetEnvironmentVariableW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
ReadConsoleW
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetExitCodeProcess
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
LoadLibraryA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
RtlLookupFunctionEntry
FindFirstFileExW
RtlUnwindEx
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetShortPathNameW
GetConsoleCP
GetEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
ReadFile
RtlCaptureContext
CloseHandle
SetDllDirectoryW
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
GetTempPathW
CreateProcessW
Sleep
GetOEMCP
MessageBoxA
MessageBoxW
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 2
Number of PE resources by language
NEUTRAL 9
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2018:09:04 16:40:31+02:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
134144

LinkerVersion
14.0

ImageFileCharacteristics
Executable, Large address aware

EntryPoint
0x8ca8

InitializedDataSize
201728

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

File identification
MD5 3551da862caddbe849c5cd305d4afe4c
SHA1 5afac170602e5c10c101d8f62c8ae4b24b2c03a6
SHA256 0e9796091de45cae9c1e1f5c76b240c401b6a8beb9aba7b1934eac2c951c3c13
ssdeep
786432:4ASWDpuHgvJuFdSVoIFBW1Q29XlqDgJ9E3/wThweS:4ouaSeVFY1QQqDgjd

authentihash 0359258481b2cc40a1e9727cf2c891454e10b7e0f29fbc078feb6c710f080cb4
imphash 94984869e1c4b93c0069850d9e3b564b
File size 26.0 MB ( 27217479 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits peexe assembly overlay

VirusTotal metadata
First submission 2019-02-07 17:25:19 UTC ( 1 month, 1 week ago )
Last submission 2019-02-12 19:09:10 UTC ( 1 month, 1 week ago )
File names f0274964.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!