× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 19865bb16f4609b4703eaba1d773d60a85009b715274ad862ca4cbb5772c621a
File name: pGDIWEKDHD2.exe
Detection ratio: 17 / 65
Analysis date: 2017-08-31 19:23:41 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20170831
AVG FileRepMalware 20170831
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170831
Bkav HW32.Packed.7AEE 20170831
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170831
Endgame malicious (high confidence) 20170821
Fortinet W32/Kryptik.FVZV!tr 20170831
Sophos ML heuristic 20170822
Malwarebytes Trojan.MalPack 20170831
McAfee Ransomware-GDH!1974EDCB8326 20170831
McAfee-GW-Edition BehavesLike.Win32.Backdoor.jc 20170831
Qihoo-360 HEUR/QVM19.1.8913.Malware.Gen 20170831
Rising Malware.Heuristic!ET#95% (rdm+) 20170831
Symantec ML.Attribute.HighConfidence 20170831
TrendMicro Ransom_CERBER.SMALY0 20170831
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20170831
Ad-Aware 20170831
AegisLab 20170831
AhnLab-V3 20170831
Alibaba 20170831
ALYac 20170831
Antiy-AVL 20170831
Arcabit 20170831
Avira (no cloud) 20170831
AVware 20170831
BitDefender 20170831
CAT-QuickHeal 20170831
ClamAV 20170831
CMC 20170828
Comodo 20170831
Cyren 20170831
DrWeb 20170831
Emsisoft 20170831
ESET-NOD32 20170831
F-Prot 20170831
F-Secure 20170831
GData 20170831
Ikarus 20170831
Jiangmin 20170831
K7AntiVirus 20170831
K7GW 20170831
Kaspersky 20170831
Kingsoft 20170831
MAX 20170831
Microsoft 20170831
eScan 20170831
NANO-Antivirus 20170831
nProtect 20170831
Palo Alto Networks (Known Signatures) 20170831
Panda 20170831
SentinelOne (Static ML) 20170806
Sophos AV 20170831
SUPERAntiSpyware 20170831
Symantec Mobile Insight 20170831
Tencent 20170831
TheHacker 20170828
TotalDefense 20170831
Trustlook 20170831
VBA32 20170831
VIPRE 20170831
ViRobot 20170831
Webroot 20170831
WhiteArmor 20170829
Yandex 20170830
Zillya 20170831
ZoneAlarm by Check Point 20170831
Zoner 20170831
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-09-12 05:23:19
Entry Point 0x0000C0CF
Number of sections 4
PE sections
PE imports
CMP_Report_LogOn
CM_Add_Range
CM_Add_Empty_Log_Conf
CM_Add_IDA
DowngradeAPL
SetSetupSave
ConnectionWrite
ConnectionClose
WaitForSingleObject
FindNextFileA
LoadLibraryA
GetShortPathNameA
GetPriorityClass
OpenProcess
GetConsoleTitleW
CreateDirectoryW
GetCommandLineA
GetProcAddress
GetPrivateProfileStringW
CreateFileMappingW
CreateMutexA
FindResourceExA
InterlockedExchangeAdd
GetModuleHandleA
GlobalAddAtomA
CreateSemaphoreW
FindFirstFileW
SetLocalTime
SetEnvironmentVariableA
CreateProcessA
GetLogicalDriveStringsA
FindClose
TlsGetValue
FormatMessageA
GetEnvironmentVariableW
SHGetFolderPathW
StrChrW
DllGetClassObject
SHBrowseForFolderW
DragQueryFileW
Shell_NotifyIconW
DllUnregisterServer
SHCreateDirectoryExA
SHEmptyRecycleBinA
ExtractIconW
SE_IsShimDll
SE_InstallBeforeInit
PathCompactPathW
UrlGetPartW
UrlCombineA
UrlIsA
UrlIsNoHistoryW
UrlCompareA
UrlUnescapeW
PathCombineA
UrlHashA
UrlCreateFromPathW
PathCommonPrefixW
UrlEscapeA
UrlGetLocationA
PathIsRootW
wsprintfA
MessageBoxW
LoadIconA
IsCharLowerA
PostMessageA
GetClassLongA
PeekMessageA
IsDialogMessageA
InsertMenuW
DrawStateA
DialogBoxParamA
LoadBitmapA
DispatchMessageW
CharToOemA
Number of PE resources by type
IKQ 5
OPS 1
Number of PE resources by language
NEUTRAL 6
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2013:09:12 06:23:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
55296

LinkerVersion
12.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xc0cf

InitializedDataSize
24576

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 1974edcb8326835d1ad1ca94d70a914a
SHA1 a7b42163d1d160e1f40e9578bba81bd933571b1e
SHA256 19865bb16f4609b4703eaba1d773d60a85009b715274ad862ca4cbb5772c621a
ssdeep
12288:66vrLEshlml1beZXpvurUUUOx76rlq6ja6h7eaPVZbSu:6CrvlaoZmrUHOdCNbdeazS

authentihash fc94278aca91373ad29c0bd538a49b613148a70235db0d5db0d7b4d76f1f07fd
imphash fcaa27a6289540b1ef0c9d461a81c7ec
File size 602.5 KB ( 616960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-08-31 19:23:41 UTC ( 1 year, 5 months ago )
Last submission 2018-05-26 11:48:13 UTC ( 8 months, 4 weeks ago )
File names 657erikftgvb
malware sample 01_09_2017 (53)
19865bb16f4609b4703eaba1d773d60a85009b715274ad862ca4cbb5772c621a
19865bb16f4609b4703eaba1d773d60a85009b715274ad862ca4cbb5772c621a.exe
pGDIWEKDHD2.exe
19865bb16f4609b4703eaba1d773d60a85009b715274ad862ca4cbb5772c621a.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
TCP connections