× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1c8ded5f9342a59353a0d5ca2b8e1a025d6cb97454c4adfb99e3c50ecd80d5e0
File name: output.114230921.txt
Detection ratio: 22 / 68
Analysis date: 2018-10-08 14:01:03 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Agent.C2742583 20181008
Arcabit Trojan.Generic.D1DD279F 20181008
BitDefender Trojan.GenericKD.31270815 20181008
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180723
Cybereason malicious.1af9ac 20180225
Cylance Unsafe 20181008
Emsisoft Trojan.GenericKD.31270815 (B) 20181008
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CNJP 20181008
Fortinet W32/Hermes.L!tr.ransom 20181008
GData Win32.Packed.Kryptik.GTNHOL 20181008
Ikarus Trojan-Banker.Ramnit 20181008
Sophos ML heuristic 20180717
Kaspersky Backdoor.Win32.Androm.qkxa 20181008
Malwarebytes Spyware.LokiBot 20181008
McAfee Artemis!E6D98D51AF9A 20181008
McAfee-GW-Edition Artemis!Trojan 20181008
Microsoft Trojan:Win32/Azden.B!cl 20181008
eScan Trojan.GenericKD.31270815 20181008
Palo Alto Networks (Known Signatures) generic.ml 20181008
Webroot Trojan.Dropper.Gen 20181008
ZoneAlarm by Check Point Backdoor.Win32.Androm.qkxa 20181008
Ad-Aware 20181008
AegisLab 20181008
Alibaba 20180921
ALYac 20181008
Antiy-AVL 20181008
Avast 20181008
Avast-Mobile 20181008
AVG 20181008
Avira (no cloud) 20181008
AVware 20180925
Babable 20180918
Baidu 20181008
Bkav 20181008
CAT-QuickHeal 20181008
ClamAV 20181008
CMC 20181007
Comodo 20181008
Cyren 20181008
DrWeb 20181008
eGambit 20181008
F-Prot 20181008
F-Secure 20181008
Jiangmin 20181008
K7AntiVirus 20181008
K7GW 20181008
Kingsoft 20181008
MAX 20181008
NANO-Antivirus 20181008
Panda 20181008
Qihoo-360 20181008
Rising 20181008
SentinelOne (Static ML) 20180926
Sophos AV 20181008
SUPERAntiSpyware 20181006
Symantec 20181008
Symantec Mobile Insight 20181001
TACHYON 20181008
Tencent 20181008
TheHacker 20181008
TrendMicro 20181008
TrendMicro-HouseCall 20181008
Trustlook 20181008
VBA32 20181008
VIPRE 20181008
ViRobot 20181008
Yandex 20181005
Zillya 20181008
Zoner 20181008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
g10 Code GmbH (c). All rights reserved.

Product Ocs Troubling
Description Protector Imagined Jump Endured Guis
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-07 21:41:52
Entry Point 0x0003E0A0
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
OpenThreadToken
RegSetValueExA
RevertToSelf
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
SetThreadToken
RegEnumKeyExA
FlatSB_SetScrollInfo
SetMapMode
SetBkMode
SaveDC
TextOutA
CreateFontIndirectA
GetClipBox
GetObjectType
Rectangle
GetObjectA
OffsetViewportOrgEx
DeleteDC
RestoreDC
GetPixel
SetLayout
SelectObject
BitBlt
SetTextColor
CreatePatternBrush
GetDeviceCaps
SetAbortProc
CreateBitmap
RectVisible
GetStockObject
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
CreateCompatibleDC
ScaleViewportExtEx
DeleteObject
GetTextExtentPoint32A
Ellipse
SetWindowExtEx
CreateSolidBrush
CreateHatchBrush
Escape
SetBkColor
SetViewportExtEx
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
DebugBreak
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
OpenFileMappingA
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
EnumResourceLanguagesA
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
InitializeCriticalSection
OutputDebugStringW
GlobalHandle
FindClose
TlsGetValue
OutputDebugStringA
SetLastError
LoadResource
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
ConvertDefaultLocale
MulDiv
ExitThread
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
GlobalDeleteAtom
GlobalLock
lstrcpyW
GlobalReAlloc
GetFileInformationByHandle
lstrcmpA
FindNextFileW
HeapValidate
CompareStringA
CreateFileMappingA
FindFirstFileW
lstrcmpW
GetProcAddress
CreateEventA
GlobalFindAtomA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
GetAtomNameA
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
EnumSystemCodePagesW
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
GlobalFlags
CloseHandle
GetACP
GetModuleHandleW
FreeResource
OpenEventA
SizeofResource
IsValidCodePage
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
FindResourceA
VirtualAlloc
CreateStdAccessibleObject
LresultFromObject
VariantChangeType
UnRegisterTypeLib
VariantInit
VariantClear
RpcBindingFree
RpcStringFreeA
RpcStringBindingComposeA
RpcBindingSetAuthInfoA
RpcBindingFromStringBindingA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
DragFinish
DragQueryFileA
PathFindExtensionA
StrDupA
PathFindFileNameA
PathCommonPrefixA
PathCompactPathA
StrTrimA
MapWindowPoints
GetMessagePos
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetMenuItemID
GetCursorPos
DrawTextA
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
LoadAcceleratorsA
GetKeyboardState
ClientToScreen
GetTopWindow
LoadImageA
GetMenuItemCount
GetWindowTextA
RegisterClassExA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
GetClassInfoExA
ShowWindow
SetClassLongA
GetPropA
GetDesktopWindow
GetClipboardFormatNameA
EnableWindow
SetWindowPlacement
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
InsertMenuItemA
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetWindowLongA
CreateWindowExA
GetActiveWindow
ShowOwnedPopups
FillRect
CopyRect
DeferWindowPos
PtInRect
IsDialogMessageA
SetFocus
BeginPaint
OffsetRect
ReleaseCapture
RegisterWindowMessageA
DefWindowProcA
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
PostMessageA
DrawIcon
SetWindowLongA
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuItemInfoA
GetMenuState
GetKeyboardLayout
GetSystemMenu
ReuseDDElParam
GetDC
SetForegroundWindow
ReleaseDC
IntersectRect
EndDialog
LoadMenuA
CharNextA
GetCapture
FindWindowA
DrawTextExA
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
AppendMenuA
UnhookWindowsHookEx
SetRectEmpty
GetMenuStringA
MessageBoxA
GetClassNameA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
IsWindowVisible
UnpackDDElParam
WinHelpA
DeleteMenu
InvalidateRect
SetWindowTextA
TranslateAcceleratorA
ValidateRect
CallWindowProcA
IsMenu
GetFocus
ModifyMenuA
SetMenu
SetCursor
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeSysColor
mmioDescend
mmioClose
OpenPrinterA
DocumentPropertiesA
ClosePrinter
SCardEndTransaction
SCardDisconnect
SCardGetProviderIdW
StringFromCLSID
CoTaskMemFree
CoInitialize
Number of PE resources by type
RT_BITMAP 9
PNG 8
RT_ICON 6
RT_DIALOG 2
BINARY 1
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 30
PE resources
ExifTool file metadata
CodeSize
424960

SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.8.25.3

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Protector Imagined Jump Endured Guis

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
290816

EntryPoint
0x3e0a0

MIMEType
application/octet-stream

LegalCopyright
g10 Code GmbH (c). All rights reserved.

TimeStamp
2018:10:07 22:41:52+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.8.25.3

UninitializedDataSize
0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
g10 Code GmbH

LegalTrademarks
g10 Code GmbH (c). All rights reserved.

ProductName
Ocs Troubling

ProductVersionNumber
2.8.25.3

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 e6d98d51af9ac12d63fa2cc417442111
SHA1 d6bddf0a3da78fbf723a0a8a4b04e786d32c5bbc
SHA256 1c8ded5f9342a59353a0d5ca2b8e1a025d6cb97454c4adfb99e3c50ecd80d5e0
ssdeep
12288:pfaSC+cM6zRMtJmo1utwTF71+EF72d1gD16ju7mrwa2BTcGbpLkTge/u:BaSJmuAtwTF71+EBE1njuhZlLkTR2

authentihash 18e24e94ee7b5a85cee920217c4e37a6c6c415a8fc20099371c37c8bf5dce4c4
imphash 76e3bc4ad29005b059380e36dd76ed07
File size 700.0 KB ( 716800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-08 02:08:28 UTC ( 5 months, 2 weeks ago )
Last submission 2018-10-08 02:16:58 UTC ( 5 months, 2 weeks ago )
File names 04.exe
uzo.exe
output.114230921.txt
04.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs