× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 12cb98d81a34cebca839eb91875b0d9d6cdc3401c16161f49eac1accea1fc6ec
File name: ywbltmn.exe
Detection ratio: 16 / 63
Analysis date: 2017-08-01 16:28:02 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20170801
AVware Trojan-Downloader.Win32.Upatre.tfl (v) 20170801
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9816 20170728
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170710
Cylance Unsafe 20170801
Endgame malicious (high confidence) 20170721
Sophos ML heuristic 20170607
Kaspersky UDS:DangerousObject.Multi.Generic 20170801
Palo Alto Networks (Known Signatures) generic.ml 20170801
Rising Malware.Heuristic!ET#98% (rdm+) 20170801
SentinelOne (Static ML) static engine - malicious 20170718
Symantec ML.Attribute.HighConfidence 20170801
VIPRE Trojan-Downloader.Win32.Upatre.tfl (v) 20170801
Webroot W32.Trojan.Gen 20170801
WhiteArmor Malware.HighConfidence 20170731
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170801
Ad-Aware 20170801
AhnLab-V3 20170801
Alibaba 20170801
ALYac 20170801
Antiy-AVL 20170801
Arcabit 20170801
Avast 20170801
AVG 20170801
Avira (no cloud) 20170801
BitDefender 20170801
Bkav 20170801
CAT-QuickHeal 20170801
ClamAV 20170801
CMC 20170801
Comodo 20170801
Cyren 20170801
DrWeb 20170801
Emsisoft 20170801
ESET-NOD32 20170801
F-Prot 20170801
F-Secure 20170801
Fortinet 20170801
GData 20170801
Ikarus 20170801
Jiangmin 20170801
K7AntiVirus 20170801
K7GW 20170801
Kingsoft 20170801
Malwarebytes 20170801
MAX 20170801
McAfee 20170801
McAfee-GW-Edition 20170801
Microsoft 20170801
eScan 20170801
NANO-Antivirus 20170801
nProtect 20170801
Panda 20170801
Qihoo-360 20170801
Sophos AV 20170801
SUPERAntiSpyware 20170801
Symantec Mobile Insight 20170801
Tencent 20170801
TheHacker 20170730
TrendMicro-HouseCall 20170801
Trustlook 20170801
VBA32 20170801
ViRobot 20170801
Yandex 20170801
Zillya 20170801
Zoner 20170801
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-02-29 09:59:20
Entry Point 0x0000EF45
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitCommonControlsEx
DeleteDC
SelectObject
GetStockObject
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
HeapAlloc
lstrlenA
lstrcmpA
GetModuleHandleA
lstrcatA
GetLastError
GetCurrentDirectoryA
GetStartupInfoA
ExitProcess
CreateFileA
GetCommandLineA
GetProcessHeap
SetFocus
GetMessageA
BeginPaint
SetCaretPos
PostQuitMessage
DefWindowProcA
SetClipboardViewer
RemoveMenu
SendDlgItemMessageA
SetScrollRange
DispatchMessageA
EnableWindow
RegisterClipboardFormatA
SetCapture
MessageBoxA
TranslateMessage
SetScrollInfo
RegisterClassExA
RemovePropA
LoadStringA
ScrollWindow
SendMessageA
GetClientRect
ScreenToClient
LoadAcceleratorsA
CreateWindowExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
GetDesktopWindow
EndPaint
DestroyWindow
SetCursor
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:02:29 10:59:20+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
155136

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
372736

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0xef45

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 a9288a970e1eac8125e0d3d420a39c76
SHA1 7447112259064cfa746d7914f397201ccc56dce4
SHA256 12cb98d81a34cebca839eb91875b0d9d6cdc3401c16161f49eac1accea1fc6ec
ssdeep
12288:9CTwpOoxDHj83SrcjUmdLzr5JsKRWVL5Dfa8+ts:9CIVrcjU4FJ3gVLBaNs

authentihash c88818457c89693e20c3b7d040056f3243530705cf9db5351eabe2cec9efe8ba
imphash 860449a153d1457fbc6a753f92296a60
File size 515.5 KB ( 527872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-01 12:20:38 UTC ( 1 year, 7 months ago )
Last submission 2018-05-22 10:53:06 UTC ( 10 months ago )
File names a9288a970e1eac8125e0d3d420a39c76.vir
xvakslm.exe
ywbltmn.exe
a9288a970e1eac8125e0d3d420a39c76
nologo.png
VirusShare_a9288a970e1eac8125e0d3d420a39c76
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications