× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1ccb6da271e398500f62d3723f39bed1932ce92811319d0325dd80b9ade219ed
File name: 1ccb6da271e398500f62d3723f39bed1932ce92811319d0325dd80b9ade219ed
Detection ratio: 42 / 72
Analysis date: 2019-03-25 20:49:31 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190325
Ad-Aware Trojan.GenericKD.31812250 20190325
AegisLab Trojan.Win32.Generic.4!c 20190325
AhnLab-V3 Malware/Win32.Generic.C3107826 20190325
Alibaba Trojan:Win32/GenKryptik.50574d99 20190306
ALYac Trojan.GenericKD.31812250 20190325
Arcabit Trojan.Generic.D1E56A9A 20190325
Avast Win32:Trojan-gen 20190325
AVG Win32:Trojan-gen 20190325
Avira (no cloud) TR/Kryptik.ytusl 20190325
BitDefender Trojan.GenericKD.31812250 20190325
CrowdStrike Falcon (ML) win/malicious_confidence_60% (D) 20190212
Cybereason malicious.e7168a 20190325
Cylance Unsafe 20190325
Cyren W32/Trojan.ZPAJ-5033 20190325
Emsisoft Trojan.GenericKD.31812250 (B) 20190325
Endgame malicious (high confidence) 20190322
ESET-NOD32 a variant of Win32/GenKryptik.DCPB 20190325
F-Secure Trojan.TR/Kryptik.ytusl 20190325
FireEye Generic.mg.96e0615e7168aa9c 20190325
Fortinet W32/GenKryptik.DCPB!tr 20190325
GData Trojan.GenericKD.31812250 20190325
Ikarus Trojan.Win32.Krypt 20190325
Sophos ML heuristic 20190313
K7AntiVirus Trojan ( 0054a5561 ) 20190325
K7GW Trojan ( 0054a5561 ) 20190325
Malwarebytes Trojan.Crypt 20190325
MAX malware (ai score=80) 20190325
McAfee GenericRXHG-CJ!96E0615E7168 20190325
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.cc 20190325
Microsoft Trojan:Win32/Occamy.C 20190325
eScan Trojan.GenericKD.31812250 20190325
Palo Alto Networks (Known Signatures) generic.ml 20190325
Panda Trj/GdSda.A 20190325
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20190325
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/Generic-S 20190325
Symantec Trojan.Gen.MBT 20190325
Tencent Win32.Trojan.Generic.Hwcm 20190325
TrendMicro TROJ_GEN.R03BC0OCO19 20190325
TrendMicro-HouseCall TROJ_GEN.R03BC0OCO19 20190325
Zillya Trojan.GenKryptik.Win32.27200 20190324
Antiy-AVL 20190325
Avast-Mobile 20190325
Babable 20180918
Baidu 20190318
Bkav 20190320
CAT-QuickHeal 20190325
ClamAV 20190325
CMC 20190321
Comodo 20190325
DrWeb 20190325
eGambit 20190325
F-Prot 20190325
Jiangmin 20190325
Kaspersky 20190325
Kingsoft 20190325
NANO-Antivirus 20190325
Qihoo-360 20190325
SUPERAntiSpyware 20190320
Symantec Mobile Insight 20190325
TACHYON 20190325
TheHacker 20190324
TotalDefense 20190325
Trapmine 20190325
Trustlook 20190325
VBA32 20190325
VIPRE 20190325
ViRobot 20190325
Webroot 20190325
Yandex 20190324
ZoneAlarm by Check Point 20190325
Zoner 20190324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-12 13:11:56
Entry Point 0x000B23A2
Number of sections 5
PE sections
PE imports
GetTextColor
SetTextColor
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
EncodePointer
GetFileAttributesW
DeleteCriticalSection
HeapReAlloc
FreeEnvironmentStringsW
GetTempPathA
GetCPInfo
GetDiskFreeSpaceW
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
InterlockedDecrement
FormatMessageA
GetFullPathNameW
OutputDebugStringA
SetLastError
GetSystemTime
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
FlushViewOfFile
HeapSetInformation
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
LockFileEx
CreateThread
SetUnhandledExceptionFilter
GetCurrentProcess
CreateMutexW
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
UnlockFile
GetFileSize
DeleteFileA
GetStartupInfoW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
CompareStringW
HeapValidate
CreateFileMappingA
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
GetEnvironmentStringsW
WaitForSingleObjectEx
lstrlenW
HeapCompact
LockFile
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
InterlockedCompareExchange
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
UnlockFileEx
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
UnmapViewOfFile
WriteFile
Sleep
RegisterClassExW
BeginPaint
InvalidateRect
UpdateWindow
EndPaint
EndDialog
DrawTextW
GetMessageW
TranslateMessage
DialogBoxParamW
DefWindowProcW
LoadStringW
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
PostQuitMessage
ShowWindow
DestroyWindow
DispatchMessageW
TranslateAcceleratorW
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
ENGLISH US 11
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2019:03:12 14:11:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
764416

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
85504

SubsystemVersion
5.1

EntryPoint
0xb23a2

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 96e0615e7168aa9c0a4f763ad8767c21
SHA1 22e175499bb4c43ab6be83c13c36c01224f1aed6
SHA256 1ccb6da271e398500f62d3723f39bed1932ce92811319d0325dd80b9ade219ed
ssdeep
24576:/5zcsev8HDPfmdBdTIQrlw8V9WoCLDcVzdubVPHy7ZE9+riRra8XJOpMnH/TNY66:/p2VV+9LolTyul5fJF

authentihash f20b3fbf2b6905c320c364af94ac5e2acf8ba1d092dd38a5f9bbaa0eeca5dc24
imphash 7ebf2b34a647756025cf0c97efa46be7
File size 831.0 KB ( 850944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-21 15:00:19 UTC ( 2 months ago )
Last submission 2019-04-07 06:54:47 UTC ( 1 month, 2 weeks ago )
File names xfile3.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!