× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 10d1d2f8978f66f3bc3cd31361fc290e0a22c68b01dc47468576fecec33f491c
File name: 18517327
Detection ratio: 34 / 66
Analysis date: 2018-10-29 11:06:21 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware AIT:Trojan.GenericTKA.16 20181029
AhnLab-V3 Malware/Win32.Generic.C780821 20181029
ALYac AIT:Trojan.GenericTKA.16 20181029
Antiy-AVL Trojan/Generic.ASVCS3S.1E5 20181029
Arcabit AIT:Trojan.GenericTKA.16 20181029
Avira (no cloud) DR/AutoIt.Gen 20181029
BitDefender AIT:Trojan.GenericTKA.16 20181029
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.462e33 20180225
Cylance Unsafe 20181029
Cyren W32/AutoIt.GQ.gen!Eldorado 20181029
DrWeb Trojan.AutoIt.276 20181029
Emsisoft AIT:Trojan.GenericTKA.16 (B) 20181029
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 a variant of Win32/Spy.Autoit.DW 20181029
F-Prot W32/AutoIt.GQ.gen!Eldorado 20181029
F-Secure AIT:Trojan.GenericTKA.16 20181029
Fortinet W32/Autoit.BY!tr.spy 20181029
GData AIT:Trojan.AutoIT.Agent.MR (2x) 20181029
Ikarus Dropper.AutoIt 20181029
Sophos ML heuristic 20180717
Kaspersky Trojan-Spy.Win32.AutoIt.cv 20181029
MAX malware (ai score=87) 20181029
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20181029
Microsoft Trojan:Win32/Fuery.B!cl 20181029
eScan AIT:Trojan.GenericTKA.16 20181029
Panda Trj/Genetic.gen 20181028
Qihoo-360 HEUR/QVM11.1.D915.Malware.Gen 20181029
SentinelOne (Static ML) static engine - malicious 20181011
Symantec ML.Attribute.HighConfidence 20181029
VBA32 Trojan-Downloader.Autoit.gen 20181029
Webroot W32.Malware.Gen 20181029
Zillya Trojan.Autoit.Win32.40235 20181028
ZoneAlarm by Check Point Trojan-Spy.Win32.AutoIt.cv 20181029
AegisLab 20181029
Alibaba 20180921
Avast 20181029
Avast-Mobile 20181029
AVG 20181029
Babable 20180918
Baidu 20181029
Bkav 20181029
CAT-QuickHeal 20181028
ClamAV 20181029
CMC 20181029
eGambit 20181029
Jiangmin 20181029
K7AntiVirus 20181029
K7GW 20181029
Kingsoft 20181029
Malwarebytes 20181029
McAfee 20181029
NANO-Antivirus 20181029
Palo Alto Networks (Known Signatures) 20181029
Rising 20181029
Sophos AV 20181029
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181026
TACHYON 20181029
Tencent 20181029
TheHacker 20181025
TotalDefense 20181029
TrendMicro 20181029
TrendMicro-HouseCall 20181029
Trustlook 20181029
ViRobot 20181029
Yandex 20181026
Zoner 20181029
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved

File version 1.2.0.1
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-28 23:26:26
Entry Point 0x0014BFB0
Number of sections 3
PE sections
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
IcmpSendEcho
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
VariantInit
GetProcessMemoryInfo
DragFinish
LoadUserProfileW
IsThemeActive
VerQueryValueW
FtpOpenFileW
timeGetTime
CoGetObject
Number of PE resources by type
RT_ICON 9
RT_STRING 7
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 20
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
1011712

LinkerVersion
11.0

ImageVersion
0.0

FileVersionNumber
1.2.0.1

LanguageCode
English (British)

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
475136

EntryPoint
0x14bfb0

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.2.0.1

TimeStamp
2018:10:29 00:26:26+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved

MachineType
Intel 386 or later, and compatibles

CodeSize
348160

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bf1a189462e33957f78084a419b0af23
SHA1 fa1f95e401cf49bb1153050a9f111dd49c1c6ada
SHA256 10d1d2f8978f66f3bc3cd31361fc290e0a22c68b01dc47468576fecec33f491c
ssdeep
12288:uOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPi8KrKWQspHRLGaaWEQIEHgJYyuty0K:uq5TfcdHj4fmbkrQsRdHYY9ohWuH6y

authentihash 53f2a8f6ff58edd1af7c5c0aa11969f6eca5cabda452783dfce55c871c5a63d2
imphash ef471c0edf1877cd5a881a6a8bf647b9
File size 800.5 KB ( 819712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.1%)
Win32 EXE Yoda's Crypter (41.4%)
Win32 Executable (generic) (7.0%)
OS/2 Executable (generic) (3.1%)
Generic Win/DOS Executable (3.1%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-10-29 11:06:21 UTC ( 5 months, 3 weeks ago )
Last submission 2018-11-28 03:12:13 UTC ( 4 months, 3 weeks ago )
File names bf1a189462e33957f78084a419b0af23
18517327
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
HTTP requests
TCP connections