× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 17b284c20aa2bcbce2ad04a9dd72850e37ebc0bfa1510b20ca9e9895bf9c7cdd
File name: 445s.exe
Detection ratio: 18 / 67
Analysis date: 2018-11-02 15:28:49 UTC ( 4 months, 2 weeks ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20181102
Bkav W32.eHeur.Malware08 20181102
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20181022
Cybereason malicious.2790bb 20180225
Cylance Unsafe 20181102
Endgame malicious (high confidence) 20180730
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 00516fdf1 ) 20181102
K7GW Trojan ( 00516fdf1 ) 20181102
Kaspersky UDS:DangerousObject.Multi.Generic 20181102
McAfee Trojan-FPST!B4133FD2790B 20181102
Microsoft Trojan:Win32/Vigorf.A 20181102
Qihoo-360 HEUR/QVM10.1.F09D.Malware.Gen 20181102
Rising Malware.Obscure/Heur!1.9E03 (CLASSIC) 20181102
Symantec ML.Attribute.HighConfidence 20181102
VBA32 Trojan.MTA.01158 20181102
Webroot W32.Adware.Installcore 20181102
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181102
Ad-Aware 20181102
AegisLab 20181102
AhnLab-V3 20181102
Alibaba 20180921
ALYac 20181102
Antiy-AVL 20181102
Arcabit 20181102
Avast 20181102
Avast-Mobile 20181102
Avira (no cloud) 20181102
Babable 20180918
Baidu 20181102
BitDefender 20181102
CAT-QuickHeal 20181102
ClamAV 20181102
CMC 20181102
Cyren 20181102
DrWeb 20181102
eGambit 20181102
Emsisoft 20181102
ESET-NOD32 20181102
F-Prot 20181102
F-Secure 20181102
Fortinet 20181102
GData 20181102
Ikarus 20181102
Jiangmin 20181102
Kingsoft 20181102
Malwarebytes 20181102
MAX 20181102
McAfee-GW-Edition 20181102
eScan 20181102
NANO-Antivirus 20181102
Palo Alto Networks (Known Signatures) 20181102
Panda 20181102
SentinelOne (Static ML) 20181011
Sophos AV 20181102
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181030
TACHYON 20181102
Tencent 20181102
TheHacker 20181031
TotalDefense 20181102
TrendMicro 20181102
TrendMicro-HouseCall 20181102
Trustlook 20181102
ViRobot 20181102
Yandex 20181101
Zillya 20181102
Zoner 20181102
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-07 09:25:41
Entry Point 0x000017BE
Number of sections 5
PE sections
PE imports
CreateCompatibleDC
CreateCompatibleBitmap
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
ReadFile
FindFirstChangeNotificationA
LoadLibraryW
GetConsoleCP
GetOEMCP
LCMapStringA
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
EnumTimeFormatsW
GetEnvironmentStrings
GetCurrentDirectoryW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetConsoleOutputCP
SetHandleCount
WriteConsoleW
GetCurrentProcess
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
SetStdHandle
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
AddAtomW
GetProcessHeap
ExitProcess
GetCPInfo
GetStringTypeA
SetFilePointer
GetExitCodeThread
GetCurrentThreadId
SetUnhandledExceptionFilter
lstrcpyA
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
FindAtomW
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TlsFree
GetThreadSelectorEntry
TerminateProcess
FindCloseChangeNotification
WriteConsoleOutputCharacterW
WideCharToMultiByte
IsValidCodePage
HeapCreate
WriteFile
FatalExit
VirtualFree
WriteConsoleA
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
HeapAlloc
SetMailslotInfo
InterlockedIncrement
VirtualAlloc
GetCurrentProcessId
SetLastError
LeaveCriticalSection
GetDlgCtrlID
UpdateWindow
SetParent
LookupIconIdFromDirectory
LookupIconIdFromDirectoryEx
LoadCursorFromFileA
LoadStringW
LoadImageA
PeekMessageA
GetMonitorInfoA
ScrollWindow
GetUpdateRect
SetThreadDesktop
Number of PE resources by type
RT_BITMAP 3
RT_STRING 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
KAZAK DEFAULT 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
5234688

EntryPoint
0x17be

MIMEType
application/octet-stream

FileVersion
1.0.5.2

TimeStamp
2018:03:07 10:25:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
zogse.exe

ProductVersion
1.0.0.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
48128

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 b4133fd2790bbb612c2986e662814c26
SHA1 9657eb2470705910f1c96ebd1d0a81b7f0d9969a
SHA256 17b284c20aa2bcbce2ad04a9dd72850e37ebc0bfa1510b20ca9e9895bf9c7cdd
ssdeep
1536:d8Qvk7od77ICa4c4mRQfkPo2q5NmNTZjVRMfqxndz:d8gk2UCtAq5gNTZRMqxJ

authentihash a8af0965a336f2148ccb4335f7a212c44bb5fa44af36ea74883b5aaaf6a35baf
imphash 073499a6bd07ed523be7d9c39b6f4735
File size 153.0 KB ( 156672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-02 15:28:49 UTC ( 4 months, 2 weeks ago )
Last submission 2018-11-14 02:36:14 UTC ( 4 months, 1 week ago )
File names b4133fd2790bbb612c2986e662814c26
445s.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs