× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1b4ecf36d89efba9a3d87c1fa5e1ae76f4edb27ade84bc68ca902e0a92ca74ee
File name: a8aba44956bf7d0e2a6f6b2e8271f84af5450502
Detection ratio: 58 / 66
Analysis date: 2018-05-06 00:29:51 UTC ( 11 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.11684 20180506
AegisLab Troj.W32.Gen.lIb0 20180506
AhnLab-V3 Trojan/Win32.Tepfer.R77902 20180505
ALYac Spyware.PWS.Tepfer.Gen 20180506
Antiy-AVL Trojan[PSW]/Win32.Tepfer 20180505
Arcabit Trojan.Razy.D2DA4 20180506
Avast Win32:Evo-gen [Susp] 20180506
AVG Win32:Evo-gen [Susp] 20180506
Avira (no cloud) TR/PSW.Fareit.iloen 20180505
AVware Trojan.Win32.Fareit.gi (v) 20180428
Babable Malware.HighConfidence 20180406
Baidu Win32.Trojan-PSW.Fareit.a 20180503
BitDefender Gen:Variant.Razy.11684 20180506
CAT-QuickHeal PWS.Fareit.E3 20180505
ClamAV Win.Trojan.Fareit-403 20180505
Comodo TrojWare.Win32.PWS.Fareit.GS 20180505
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180506
Cyren W32/Tepfer.R.gen!Eldorado 20180506
DrWeb Trojan.PWS.Stealer.1932 20180506
eGambit Unsafe.AI_Score_99% 20180506
Emsisoft Gen:Variant.Razy.11684 (B) 20180505
Endgame malicious (moderate confidence) 20180504
ESET-NOD32 a variant of Win32/PSW.Fareit.A 20180505
F-Prot W32/Tepfer.R.gen!Eldorado 20180505
F-Secure Gen:Variant.Razy.11684 20180505
Fortinet W32/Agent.NTM!tr 20180505
GData Win32.Trojan-Stealer.Fareit.XVA904 20180505
Sophos ML heuristic 20180503
Jiangmin Trojan/PSW.Tepfer.cbjg 20180505
K7AntiVirus Password-Stealer ( 0040f4f51 ) 20180505
K7GW Password-Stealer ( 0040f4f51 ) 20180505
Kaspersky Trojan-PSW.Win32.Tepfer.gen 20180505
Kingsoft Win32.Troj.Undef.(kcloud) 20180506
Malwarebytes Spyware.Pony 20180505
MAX malware (ai score=100) 20180506
McAfee Artemis!2840BC63BB38 20180505
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.nc 20180505
Microsoft PWS:Win32/Fareit 20180505
eScan Gen:Variant.Razy.11684 20180505
NANO-Antivirus Trojan.Win32.Siggen.evgeyh 20180505
Palo Alto Networks (Known Signatures) generic.ml 20180506
Panda Trj/Genetic.gen 20180505
Qihoo-360 Win32/Trojan.558 20180506
Rising Stealer.Fareit!8.170 (TFE:5:diBoeyONYnE) 20180505
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Pony-A 20180506
Symantec Infostealer!im 20180505
Tencent Win32.Trojan-qqpass.Qqrob.Hqlk 20180506
TheHacker Posible_Worm32 20180504
TrendMicro BKDR_PONY.SM 20180505
TrendMicro-HouseCall BKDR_PONY.SM 20180505
VBA32 BScope.Malware-Cryptor.Ponik 20180504
VIPRE Trojan.Win32.Fareit.gi (v) 20180505
ViRobot Backdoor.Win32.Pony.Gen.A 20180505
Webroot System.Monitor.Pony.Stealer 20180506
Yandex Trojan.PonyPass.Gen.LH 20180504
ZoneAlarm by Check Point Trojan-PSW.Win32.Tepfer.gen 20180506
Alibaba 20180503
Avast-Mobile 20180505
Bkav 20180504
CMC 20180505
Cybereason None
nProtect 20180506
SUPERAntiSpyware 20180505
Symantec Mobile Insight 20180505
TotalDefense 20180505
Trustlook 20180506
Zillya 20180504
Zoner 20180505
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-24 10:10:21
Entry Point 0x0001A050
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
CoCreateGuid
StrStrA
wsprintfA
LoadUserProfileA
InternetCrackUrlA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:04:24 12:10:21+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
2.5

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1a050

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
69632

File identification
MD5 2840bc63bb3809933aee17eb01913c2d
SHA1 61ac93dfe5e9e808239025e7f78d9c264034d3b0
SHA256 1b4ecf36d89efba9a3d87c1fa5e1ae76f4edb27ade84bc68ca902e0a92ca74ee
ssdeep
768:3+l0aEDZgEg6ho4rs2ppi9BC3tB/C8TrQY+iz/:u9Ea2HABI1sY+i

authentihash 1dc0d2a5962661272f10ff26986c9c1cc64e97ac7c33de638077815de53ce620
imphash fd3adc5077b3a19a8142a087013e6a1b
File size 34.0 KB ( 34816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-05-03 07:20:54 UTC ( 11 months, 3 weeks ago )
Last submission 2018-05-10 17:01:40 UTC ( 11 months, 2 weeks ago )
File names output.113287957.txt
a8aba44956bf7d0e2a6f6b2e8271f84af5450502
ugooo.exe
ugooo.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened service managers
Opened services
Runtime DLLs
DNS requests