× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 14d65314a08424f24cb09ce03e9c46ff3cdca27bf5a50f0f4c83659f21290ddd
File name: windrvmgr32(10).gxe
Detection ratio: 45 / 65
Analysis date: 2019-02-19 00:39:01 UTC ( 3 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31678535 20190219
AhnLab-V3 Trojan/Win32.Gandcrab.R254962 20190218
ALYac Trojan.GenericKD.31678535 20190218
Antiy-AVL RiskWare[RiskTool]/Win32.BitCoinMiner 20190218
Avast Win32:Trojan-gen 20190219
AVG Win32:Trojan-gen 20190219
Avira (no cloud) TR/Crypt.ZPACK.yhxqs 20190218
BitDefender Trojan.GenericKD.31678535 20190218
CAT-QuickHeal Trojan.Multi 20190218
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181023
Cylance Unsafe 20190219
Cyren W32/Trojan.ZUJJ-7135 20190218
DrWeb Trojan.BtcMine.3217 20190219
eGambit Unsafe.AI_Score_95% 20190219
Emsisoft Trojan.GenericKD.31678535 (B) 20190218
Endgame malicious (moderate confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GPOX 20190218
F-Secure Trojan.TR/Crypt.ZPACK.yhxqs 20190219
Fortinet Malicious_Behavior.SB 20190218
GData Trojan.GenericKD.31678535 20190218
Ikarus Trojan.Inject 20190218
Jiangmin TrojanDownloader.Dofoil.bng 20190219
K7AntiVirus Trojan ( 00516fdf1 ) 20190218
K7GW Trojan ( 00516fdf1 ) 20190218
Kaspersky Trojan.Win32.Inject.alfbe 20190218
Malwarebytes Trojan.MalPack.GS 20190218
MAX malware (ai score=100) 20190219
McAfee Artemis!D98D65D8FA45 20190219
McAfee-GW-Edition BehavesLike.Win32.Swisyn.tc 20190218
Microsoft Trojan:Win32/Occamy.C 20190219
eScan Trojan.GenericKD.31678535 20190218
NANO-Antivirus Trojan.Win32.Inject.fmxahd 20190218
Palo Alto Networks (Known Signatures) generic.ml 20190219
Panda Trj/GdSda.A 20190218
Qihoo-360 HEUR/QVM11.1.2A25.Malware.Gen 20190219
Rising Malware.Obscure/Heur!1.9E03 (TFE:5:RVdjKapk0VS) 20190219
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Generic-S 20190219
Symantec Trojan Horse 20190218
Tencent Win32.Trojan.Inject.Wstx 20190219
Trapmine malicious.moderate.ml.score 20190123
VBA32 BScope.Trojan.Diple 20190218
ViRobot Trojan.Win32.Z.Malpack.1122304 20190218
Yandex Riskware.BitCoinMiner! 20190215
ZoneAlarm by Check Point Trojan.Win32.Inject.alfbe 20190219
Acronis 20190213
AegisLab 20190218
Alibaba 20180921
Arcabit 20190219
Avast-Mobile 20190218
Babable 20180918
Baidu 20190215
ClamAV 20190218
CMC 20190218
Comodo 20190218
Cybereason 20190109
Sophos ML 20181128
Kingsoft 20190219
SUPERAntiSpyware 20190213
Symantec Mobile Insight 20190207
TACHYON 20190218
TheHacker 20190217
TotalDefense 20190218
Trustlook 20190219
Webroot 20190219
Zoner 20190219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-15 08:26:12
Entry Point 0x00140600
Number of sections 3
PE sections
PE imports
StretchBlt
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
GetFocus
Number of PE resources by type
RT_ICON 7
RT_STRING 4
RT_BITMAP 3
CUHISISOYODOXANEHU 1
NEHIKIVU 1
JIDIGUJERAXACUYITIYOFOSEVITO 1
ZUWOCUPOKIKEGOPIKA 1
RT_ACCELERATOR 1
ROPUSOFOWUKUKUMOLAVIHUHIRE 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
GAELIC 22
PE resources
ExifTool file metadata
UninitializedDataSize
212992

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Unknown (557D)

FileFlagsMask
0x004f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unknown (F56C)

InitializedDataSize
28672

EntryPoint
0x140600

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2018, sewidiro

FileVersion
8.8.4.81

TimeStamp
2018:07:15 10:26:12+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
rahidaxo.exe

ProductVersion
8.8.4.81

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
1097728

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d98d65d8fa452c0f3791f2f27878e9c5
SHA1 3199e18d30549f29f146477affab74c39fbb75c1
SHA256 14d65314a08424f24cb09ce03e9c46ff3cdca27bf5a50f0f4c83659f21290ddd
ssdeep
24576:NoZOAcr4Yh8AJ3Lu8FmT/jeg5VrGqxdq5SrVp9FQrN/2d:N8OAfY6AbmTygPGqDvV+rx2

authentihash 2401a3b030c9a97dafc3322b0abaa1a45f7a1ede82429e11b90fb456f61d7c64
imphash 4972b0e064f5cc7d3cc41853d19b4d2e
File size 1.1 MB ( 1122304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (61.2%)
Win32 Dynamic Link Library (generic) (14.8%)
Win32 Executable (generic) (10.2%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2019-02-10 14:06:50 UTC ( 3 months, 1 week ago )
Last submission 2019-02-11 11:52:11 UTC ( 3 months, 1 week ago )
File names windrvmgr32(10).gxe
92.63.197.153-2.exe
2.exe
2.bin
14d65314a08424f24cb09ce03e9c46ff3cdca27bf5a50f0f4c83659f21290ddd.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections