× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 14428acd0e4b53b49cda23fb52407512b1aa3586eb15a3ee1095cb45b99eb8d9
File name: O0Zj685NjhoUoYizFW8.exe
Detection ratio: 21 / 66
Analysis date: 2018-03-14 05:35:57 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.277269 20180314
AegisLab Filerepmalware.Gen!c 20180314
AhnLab-V3 Trojan/Win32.Emotet.R222527 20180314
Avast Win32:Malware-gen 20180314
AVG Win32:Malware-gen 20180314
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180314
BitDefender Gen:Variant.Razy.277269 20180314
Bkav HW32.Packed.1A32 20180313
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180314
Endgame malicious (high confidence) 20180308
ESET-NOD32 a variant of Win32/GenKryptik.BTKD 20180314
Fortinet W32/Kryptik.GDRZ!tr 20180314
Sophos ML heuristic 20180121
MAX malware (ai score=93) 20180314
McAfee Artemis!5FB59981925F 20180314
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20180314
Palo Alto Networks (Known Signatures) generic.ml 20180314
Rising Trojan.GenKryptik!8.AA55 (TFE:3:1SU5YtSnuWJ) 20180314
TrendMicro-HouseCall Suspicious_GEN.F47V0313 20180314
Webroot W32.Trojan.Emotet 20180314
Alibaba 20180314
ALYac 20180314
Antiy-AVL 20180314
Arcabit 20180314
Avast-Mobile 20180313
Avira (no cloud) 20180313
AVware 20180314
CAT-QuickHeal 20180313
ClamAV 20180314
CMC 20180314
Comodo 20180314
Cybereason None
Cyren 20180314
DrWeb 20180314
eGambit 20180314
Emsisoft 20180314
F-Prot 20180314
F-Secure 20180314
GData 20180314
Ikarus 20180314
Jiangmin 20180314
K7AntiVirus 20180313
K7GW 20180313
Kaspersky 20180314
Kingsoft 20180314
Malwarebytes 20180314
Microsoft 20180314
eScan 20180314
NANO-Antivirus 20180314
nProtect 20180314
Panda 20180313
Qihoo-360 20180314
SentinelOne (Static ML) 20180225
Sophos AV 20180314
SUPERAntiSpyware 20180314
Symantec 20180313
Symantec Mobile Insight 20180311
Tencent 20180314
TheHacker 20180311
TrendMicro 20180314
Trustlook 20180314
VBA32 20180313
VIPRE 20180314
ViRobot 20180314
WhiteArmor 20180223
Yandex 20180314
Zillya 20180313
ZoneAlarm by Check Point 20180314
Zoner 20180314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-13 23:43:11
Entry Point 0x00006000
Number of sections 5
PE sections
PE imports
AddAuditAccessAceEx
InitializeAcl
SetServiceStatus
AddFontResourceExW
GetNearestColor
OffsetClipRgn
GetDIBColorTable
SetCommConfig
GetCurrentProcess
GetConsoleOutputCP
CreateEventW
SetEvent
LocalHandle
ResetEvent
GetThreadUILanguage
GetCurrentThreadId
WaitForMultipleObjects
GetVersion
CloseHandle
SafeArrayAllocDescriptor
BSTR_UserFree
VarUI4FromUI8
SetupDiGetSelectedDevice
GetDCEx
CreatePopupMenu
DdeGetData
SetPropA
GetInputState
IsWindowEnabled
ToUnicode
GetShellWindow
GetWindowContextHelpId
GetClipboardSequenceNumber
DdeCmpStringHandles
InvalidateRect
waveInStop
SetPrinterDataExW
SCardGetStatusChangeW
ReadFmtUserTypeStg
Number of PE resources by type
RT_ICON 11
RT_STRING 3
RT_BITMAP 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:14 00:43:11+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1

LinkerVersion
13.5

EntryPoint
0x6000

InitializedDataSize
121344

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
4096

File identification
MD5 5fb59981925f03ee52dbdc82b00580bb
SHA1 8bf7c88abffc44ac3234e46a23a3c630ac2d8358
SHA256 14428acd0e4b53b49cda23fb52407512b1aa3586eb15a3ee1095cb45b99eb8d9
ssdeep
3072:fO0zZdCFKRWWyk4zKOVihFRm2XWABhU/:fO0zbwKRWxk4zKO03AahU

authentihash f28a463cf80632a7aff945f97afb8be69b28acf61845e21563898a7f29e4a930
imphash 30645ca6b0d85eeef8c85c6413e590c6
File size 133.0 KB ( 136192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-13 23:53:46 UTC ( 3 months, 1 week ago )
Last submission 2018-05-31 11:02:41 UTC ( 3 weeks, 4 days ago )
File names C$~Users~test~AppData~Local~Microsoft~Windows~MonetKeydef.exe
87032.exe
45524.exe
61056.exe
O0Zj685NjhoUoYizFW8.exe
88708.exe
VirusShare_5fb59981925f03ee52dbdc82b00580bb
VirusShare_5fb59981925f03ee52dbdc82b00580bb
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!