× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1b39d9f79ef2bcbf55d3cbe8217c73077f2a8bf4b326263231bce96100fe3c19
File name: 1B39D9F79EF2BCBF55D3CBE8217C73077F2A8BF4B326263231BCE96100FE3C19
Detection ratio: 12 / 66
Analysis date: 2018-03-30 02:54:08 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9569 20180329
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20170201
Cylance Unsafe 20180330
Endgame malicious (moderate confidence) 20180316
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180330
McAfee Packed-FAW!12CF26A43578 20180330
McAfee-GW-Edition BehavesLike.Win32.Generic.tc 20180330
Rising Malware.Undefined!8.C (TFE:5:azUCEWJuWbT) 20180330
TrendMicro TSPY_HPLOKI.SM1 20180330
TrendMicro-HouseCall TSPY_HPLOKI.SM1 20180330
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180330
Ad-Aware 20180330
AegisLab 20180330
AhnLab-V3 20180329
Alibaba 20180329
ALYac 20180330
Antiy-AVL 20180330
Arcabit 20180330
Avast 20180330
Avast-Mobile 20180329
AVG 20180330
Avira (no cloud) 20180329
AVware 20180330
BitDefender 20180330
Bkav 20180330
CAT-QuickHeal 20180329
ClamAV 20180329
CMC 20180329
Comodo 20180329
Cybereason None
Cyren 20180330
DrWeb 20180330
eGambit 20180330
Emsisoft 20180330
ESET-NOD32 20180330
F-Prot 20180330
F-Secure 20180330
Fortinet 20180330
GData 20180330
Ikarus 20180329
Jiangmin 20180330
K7AntiVirus 20180329
K7GW 20180330
Kingsoft 20180330
Malwarebytes 20180330
MAX 20180330
Microsoft 20180330
eScan 20180330
NANO-Antivirus 20180330
nProtect 20180330
Palo Alto Networks (Known Signatures) 20180330
Panda 20180329
Qihoo-360 20180330
SentinelOne (Static ML) 20180225
Sophos AV 20180329
SUPERAntiSpyware 20180330
Symantec 20180329
Symantec Mobile Insight 20180311
Tencent 20180330
TheHacker 20180327
TotalDefense 20180329
Trustlook 20180330
VBA32 20180329
VIPRE 20180330
ViRobot 20180329
WhiteArmor 20180324
Yandex 20180329
Zillya 20180329
Zoner 20180329
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x002827D0
Number of sections 3
PE sections
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
VariantCopy
ShellExecuteA
SHGetFolderPathA
VerQueryValueA
Number of PE resources by type
RT_STRING 18
RT_RCDATA 8
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_DIALOG 1
Number of PE resources by language
NEUTRAL 41
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 15:22:17-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1286144

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x2827d0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
1343488

File identification
MD5 7149fcdc20d384756293587ff74d20be
SHA1 51c7c85d99449c7c991f6d86778b65e383891d64
SHA256 1b39d9f79ef2bcbf55d3cbe8217c73077f2a8bf4b326263231bce96100fe3c19
ssdeep
24576:yFS9VhOLNsqjrVuE6R9cWQd3nMNiAhQGz3Bcya/f3s8lQ6JcE:0QVhOpsqjcEnVVdAuUa/lx+E

authentihash 4cbe11c750e6682a912339f897b22334f6f535c661f87b83645fb6ef010257ea
imphash 1245b06d257260c54bf0d6f2cb4d6ac5
File size 1.2 MB ( 1288704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-03-30 02:54:08 UTC ( 10 months, 3 weeks ago )
Last submission 2018-05-25 06:34:38 UTC ( 8 months, 3 weeks ago )
File names output.113053448.txt
43fea5a0af030a409cb010b4a9afc282d3574fd6
1B39D9F79EF2BCBF55D3CBE8217C73077F2A8BF4B326263231BCE96100FE3C19
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs