× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 19cdb7a8c2f238317e04ec65f08a96dedc754723d622b33bc24804f856a761c4
File name: 19CDB7A8C2F238317E04EC65F08A96DEDC754723D622B33BC24804F856A761C4
Detection ratio: 16 / 67
Analysis date: 2019-03-25 11:05:55 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190322
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.8d05dc 20190324
DrWeb Trojan.Siggen8.20095 20190325
Endgame malicious (high confidence) 20190322
ESET-NOD32 a variant of Win32/Kryptik.GRGK 20190325
FireEye Generic.mg.e06d56bae08e8d19 20190325
Sophos ML heuristic 20190313
Kaspersky UDS:DangerousObject.Multi.Generic 20190325
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20190325
Microsoft Program:Win32/Unwaders.C!ml 20190325
Palo Alto Networks (Known Signatures) generic.ml 20190325
Rising Trojan.Kryptik!8.8/N3#92% (RDM+:cmRtazo2MYckECUtSEKqra04yKf1) 20190325
SentinelOne (Static ML) DFI - Malicious PE 20190317
Trapmine malicious.high.ml.score 20190301
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190325
Ad-Aware 20190325
AegisLab 20190325
AhnLab-V3 20190325
Alibaba 20190306
ALYac 20190325
Antiy-AVL 20190325
Arcabit 20190325
Avast 20190325
Avast-Mobile 20190324
AVG 20190325
Avira (no cloud) 20190325
Babable 20180918
Baidu 20190318
BitDefender 20190325
Bkav 20190320
CAT-QuickHeal 20190324
ClamAV 20190325
CMC 20190321
Comodo 20190325
Cyren 20190325
eGambit 20190325
Emsisoft 20190325
F-Secure 20190325
Fortinet 20190325
GData 20190325
Ikarus 20190325
Jiangmin 20190325
K7AntiVirus 20190325
K7GW 20190325
Kingsoft 20190325
Malwarebytes 20190325
MAX 20190325
McAfee 20190325
eScan 20190325
NANO-Antivirus 20190325
Panda 20190324
Qihoo-360 20190325
Sophos AV 20190322
SUPERAntiSpyware 20190321
Symantec Mobile Insight 20190220
TACHYON 20190325
Tencent 20190325
TheHacker 20190324
TotalDefense 20190325
TrendMicro-HouseCall 20190325
Trustlook 20190325
VBA32 20190325
VIPRE 20190324
ViRobot 20190325
Yandex 20190324
Zillya 20190324
Zoner 20190325
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-24 22:15:34
Entry Point 0x00032DB4
Number of sections 5
PE sections
PE imports
SetTextAlign
GetTextMetricsW
TextOutW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
RtlUnwind
lstrlenW
GetStdHandle
HeapSetInformation
GetCurrentProcess
DecodePointer
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetProcAddress
HeapSize
ExitProcess
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
EndPaint
UpdateWindow
GetScrollInfo
BeginPaint
DefWindowProcW
GetMessageW
PostQuitMessage
ShowWindow
GetSystemMetrics
RegisterClassExW
TranslateMessage
GetDC
ReleaseDC
SetScrollInfo
SendMessageW
wsprintfW
LoadStringW
DispatchMessageW
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
ScrollWindow
TranslateAcceleratorW
DestroyWindow
Number of PE resources by type
RT_ICON 10
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:03:24 23:15:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
222208

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x32db4

InitializedDataSize
93696

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 e06d56bae08e8d198ebd3ff3529ab11c
SHA1 fb7b5d48d05dc1f29612f5fd7b725329b97ca2a5
SHA256 19cdb7a8c2f238317e04ec65f08a96dedc754723d622b33bc24804f856a761c4
ssdeep
6144:wW2G4f+qpC8fdaqw/2rQxESFPuE0abQsLiaAqOl3oKb:b2n+qjfdaqG2GPRMs5AqOS

authentihash 22ed56e26bbac3e7b51571d10b517147f30b04c5e3ec7e3c659b96429b1d760d
imphash 4d9bb3f6149dcdf4ca21af9048b5fb67
File size 309.5 KB ( 316928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-25 11:05:45 UTC ( 2 months ago )
Last submission 2019-03-27 17:22:06 UTC ( 2 months ago )
File names blz.exe
output.120092283.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!