× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1b230b53c272950487622c82ac824db3c2de874fc3f4ffa299cd9663c4519949
File name: aa18e00be4f45185e7c05fbba32427c9.exe.@
Detection ratio: 30 / 71
Analysis date: 2019-03-08 04:27:38 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKD.31757155 20190308
AhnLab-V3 Malware/Win32.Generic.C2950469 20190308
Arcabit Trojan.Generic.D1E49363 20190308
Avast Win32:Adware-gen [Adw] 20190308
AVG Win32:Adware-gen [Adw] 20190308
Avira (no cloud) ADWARE/OxyPumper.qahko 20190307
BitDefender Trojan.GenericKD.31757155 20190308
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.be4f45 20190109
Cylance Unsafe 20190308
Emsisoft Trojan.GenericKD.31757155 (B) 20190308
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Adware.OxyPumper.BP 20190308
F-Secure Adware.ADWARE/OxyPumper.qahko 20190308
GData Trojan.GenericKD.31757155 20190308
Ikarus PUA.OxyPumper 20190307
Jiangmin RiskTool.BitCoinMiner.jrn 20190308
Kaspersky HEUR:Trojan-Downloader.Win32.Generic 20190308
MAX malware (ai score=81) 20190308
McAfee-GW-Edition BehavesLike.Win32.Injector.dh 20190307
Microsoft Trojan:Win32/Fuerboos.E!cl 20190307
eScan Trojan.GenericKD.31757155 20190308
Palo Alto Networks (Known Signatures) generic.ml 20190308
Qihoo-360 HEUR/QVM20.1.B2D5.Malware.Gen 20190308
Rising Trojan.Fuery!8.EAFB/N3#98% (RDM+:cmRtazpvwl4RHD03TOhiN7zcl99M) 20190308
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190308
VBA32 suspected of Trojan.Downloader.gen.h 20190307
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Win32.Generic 20190308
AegisLab 20190308
Alibaba 20190306
ALYac 20190308
Antiy-AVL 20190308
Avast-Mobile 20190307
Babable 20180918
Baidu 20190306
Bkav 20190307
CAT-QuickHeal 20190306
ClamAV 20190307
CMC 20190307
Comodo 20190308
Cyren 20190308
DrWeb 20190308
eGambit 20190308
F-Prot 20190308
Fortinet 20190308
Sophos ML 20181128
K7AntiVirus 20190307
K7GW 20190308
Kingsoft 20190308
Malwarebytes 20190308
McAfee 20190308
NANO-Antivirus 20190308
Panda 20190307
Sophos AV 20190308
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TACHYON 20190308
Tencent 20190308
TheHacker 20190304
TotalDefense 20190307
Trapmine 20190301
TrendMicro 20190308
TrendMicro-HouseCall 20190308
Trustlook 20190308
VIPRE 20190307
ViRobot 20190307
Webroot 20190308
Yandex 20190306
Zillya 20190307
Zoner 20190308
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-07 13:50:52
Entry Point 0x00017857
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
LoadLibraryExW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
OutputDebugStringW
FindClose
TlsGetValue
SetLastError
GetSystemTime
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
FreeLibrary
OpenProcess
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
FindNextFileW
IsValidLocale
FindFirstFileExW
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
lstrlenW
Process32NextW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
TlsFree
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
WriteFile
CreateProcessW
Sleep
SysAllocStringLen
VariantClear
SysAllocString
GetErrorInfo
SysFreeString
VariantInit
UuidCreate
UuidToStringW
SHGetFolderPathW
wvsprintfW
GetWindowThreadProcessId
GetDlgCtrlID
SendMessageW
EnumWindows
EnumChildWindows
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
CoUninitialize
CoCreateInstance
CoInitialize
CoSetProxyBlanket
URLDownloadToFileW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2019:03:07 14:50:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
192512

LinkerVersion
14.16

FileTypeExtension
exe

InitializedDataSize
107008

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x17857

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 aa18e00be4f45185e7c05fbba32427c9
SHA1 3c850cbd91134afe1e4e74d12211d53f44d08829
SHA256 1b230b53c272950487622c82ac824db3c2de874fc3f4ffa299cd9663c4519949
ssdeep
6144:9Eh3AeNvFShRoNKvMLskC9poxt2NbsJGxxt78p0btiaAOUnu152UPZ6:oAeNdShGNKvMLskC9pjIJEwQtiaGnuCb

authentihash 64c981b869a956d24b244b0f2f7c2ecc0ea5cccd489e1b38c4d8b5e48faefe5b
imphash e047db4ef03a55257901bf43ac748417
File size 290.0 KB ( 296960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-08 04:27:38 UTC ( 1 month, 2 weeks ago )
Last submission 2019-03-08 04:27:38 UTC ( 1 month, 2 weeks ago )
File names aa18e00be4f45185e7c05fbba32427c9.exe.@
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications