× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 12cd73560f40a063668dfd1a60937cf1d8686eb21df3d8357e26483ec7526cd8
File name: vivikjddnnsa.exe
Detection ratio: 14 / 67
Analysis date: 2018-04-16 08:55:49 UTC ( 1 year ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180416
AVG FileRepMalware 20180416
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170201
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Kryptik.GFQS 20180416
Fortinet W32/Injector.DWNR!tr 20180416
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180416
MAX malware (ai score=81) 20180416
Palo Alto Networks (Known Signatures) generic.ml 20180416
Qihoo-360 HEUR/QVM10.1.88FB.Malware.Gen 20180416
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Lethic-L 20180416
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180416
Ad-Aware 20180416
AegisLab 20180416
AhnLab-V3 20180416
Alibaba 20180416
ALYac 20180416
Antiy-AVL 20180416
Arcabit 20180416
Avast-Mobile 20180416
Avira (no cloud) 20180416
AVware 20180416
Baidu 20180416
BitDefender 20180416
Bkav 20180410
CAT-QuickHeal 20180416
ClamAV 20180416
CMC 20180415
Comodo 20180416
Cybereason None
Cylance 20180416
Cyren 20180416
DrWeb 20180416
eGambit 20180416
Emsisoft 20180416
F-Prot 20180416
F-Secure 20180416
GData 20180416
Ikarus 20180416
Jiangmin 20180416
K7AntiVirus 20180416
K7GW 20180416
Kingsoft 20180416
Malwarebytes 20180416
McAfee 20180416
McAfee-GW-Edition 20180416
Microsoft 20180416
eScan 20180416
NANO-Antivirus 20180416
nProtect 20180416
Panda 20180415
Rising 20180416
SUPERAntiSpyware 20180416
Symantec 20180416
Symantec Mobile Insight 20180412
Tencent 20180416
TheHacker 20180415
TotalDefense 20180416
TrendMicro 20180416
TrendMicro-HouseCall 20180416
Trustlook 20180416
VBA32 20180414
VIPRE 20180416
ViRobot 20180416
Webroot 20180416
WhiteArmor 20180408
Yandex 20180414
Zillya 20180413
Zoner 20180416
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-16 03:50:28
Entry Point 0x00007F40
Number of sections 4
PE sections
PE imports
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
GetDeviceCaps
GetObjectA
GetDIBColorTable
DeleteDC
GetSystemPaletteEntries
CreateHalftonePalette
SelectObject
SelectPalette
UnrealizeObject
BitBlt
CreatePalette
CreateCompatibleDC
RealizePalette
FreeEnvironmentStringsW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
CopyFileA
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetTempFileNameA
RemoveDirectoryA
RtlUnwind
GetModuleFileNameA
GetStdHandle
DeleteCriticalSection
GetStartupInfoA
GetStartupInfoW
DecodePointer
GetCurrentProcessId
AddAtomA
LockResource
WideCharToMultiByte
ExitProcess
InterlockedDecrement
MultiByteToWideChar
HeapSize
IsDebuggerPresent
GetCommandLineA
GetProcAddress
EncodePointer
FormatMessageA
FindResourceExA
GetTempPathA
UnhandledExceptionFilter
GetCPInfo
GetModuleFileNameW
TlsFree
GetModuleHandleA
HeapSetInformation
SetUnhandledExceptionFilter
lstrcpyA
GetCurrentProcess
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapDestroy
SetFileAttributesA
SetEvent
LocalFree
OpenEventA
TerminateProcess
IsValidCodePage
LoadResource
WriteFile
FindResourceA
TlsGetValue
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
HeapCreate
SetLastError
InterlockedIncrement
EndDialog
BeginPaint
CreateDialogIndirectParamA
CharLowerA
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
MoveWindow
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
CharUpperA
GetDC
ReleaseDC
wsprintfA
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
GetWindowLongA
CharNextA
GetDesktopWindow
LoadImageA
DialogBoxIndirectParamA
IsDialogMessageA
DestroyWindow
VerInstallFileA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoFreeAllLibraries
CoCreateInstance
CoInitialize
CoUninitialize
Number of PE resources by type
RT_DIALOG 26
RT_ICON 4
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 26
NEUTRAL 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:04:16 05:50:28+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45568

LinkerVersion
56.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x7f40

InitializedDataSize
340992

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 5112bb6fa8d3e9ab49356133deab1746
SHA1 698576f0256261924cbc803a2271f2f11945669c
SHA256 12cd73560f40a063668dfd1a60937cf1d8686eb21df3d8357e26483ec7526cd8
ssdeep
6144:aE2QqOFMe4EZFHK7YZsM3cU3a+PVVmhHtIGg1x:aE2Qqi4ig7YVs0hDmvBg1x

authentihash 3e1d69b4a3ea276f5911ea822b212cd875c95919edb82aa99c70223ffcb2d678
imphash da86c11b45aab889081c1666ac3a41b4
File size 287.0 KB ( 293888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-16 08:55:49 UTC ( 1 year ago )
Last submission 2018-05-28 09:45:04 UTC ( 10 months, 3 weeks ago )
File names 687b486cf98d356755923c20c0129e6d6abe5419
vivikjddnnsa.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.