× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1d9f862e6c940668f163faf96ecf36dead6a4d6836772ab517e650ea7ad13419
File name: A195F2DEF0926E03476A66194739BC85.mlw
Detection ratio: 30 / 68
Analysis date: 2018-08-19 06:14:37 UTC ( 9 months, 1 week ago ) View latest
Antivirus Result Update
AhnLab-V3 Malware/Win32.Hpgen.C2670534 20180818
Antiy-AVL Trojan[Banker]/Win32.Trickster 20180819
Avast Win32:Malware-gen 20180819
AVG Win32:Malware-gen 20180819
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cylance Unsafe 20180819
DrWeb Trojan.MulDrop8.35154 20180819
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CILX 20180818
Fortinet W32/GenKryptik.CIJG!tr 20180819
Ikarus Win32.Outbreak 20180818
Sophos ML heuristic 20180717
Kaspersky Trojan-Banker.Win32.Trickster.gi 20180819
Malwarebytes Trojan.Injector 20180819
MAX malware (ai score=100) 20180819
McAfee Trojan-FPZP!A195F2DEF092 20180819
McAfee-GW-Edition BehavesLike.Win32.Trojan.hc 20180819
Microsoft Trojan:Win32/MereTam.A 20180819
Palo Alto Networks (Known Signatures) generic.ml 20180819
Panda Trj/TrickBot.A 20180818
Qihoo-360 Win32/Trojan.4fe 20180819
Rising Trojan.Kryptik!8.8 (CLOUD) 20180819
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Exploiter-A 20180819
Symantec ML.Attribute.HighConfidence 20180818
TrendMicro Mal_HPGen-37b 20180819
TrendMicro-HouseCall Mal_HPGen-37b 20180819
VBA32 BScope.Trojan.Yakes 20180817
Webroot W32.Trojan.Gen 20180819
ZoneAlarm by Check Point Trojan-Banker.Win32.Trickster.gi 20180819
Ad-Aware 20180819
AegisLab 20180819
Alibaba 20180713
ALYac 20180819
Arcabit 20180819
Avast-Mobile 20180819
Avira (no cloud) 20180818
AVware 20180819
Babable 20180725
Baidu 20180818
BitDefender 20180819
Bkav 20180817
CAT-QuickHeal 20180818
ClamAV 20180819
CMC 20180817
Comodo 20180819
Cybereason 20180225
Cyren 20180819
eGambit 20180819
Emsisoft 20180819
F-Prot 20180819
F-Secure 20180819
GData 20180819
Jiangmin 20180819
K7AntiVirus 20180819
K7GW 20180819
Kingsoft 20180819
eScan 20180819
NANO-Antivirus 20180819
SUPERAntiSpyware 20180818
Symantec Mobile Insight 20180814
TACHYON 20180819
Tencent 20180819
TheHacker 20180818
TotalDefense 20180818
Trustlook 20180819
VIPRE 20180819
ViRobot 20180818
Yandex 20180818
Zillya 20180817
Zoner 20180818
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-17 14:35:48
Entry Point 0x00004EE2
Number of sections 4
PE sections
PE imports
CryptDestroyKey
CryptAcquireContextW
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptStringToBinaryA
GetLastError
IsValidCodePage
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetConsoleCP
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
EnumSystemLocalesA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetUserDefaultLCID
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
GetStringTypeA
GetLocaleInfoW
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
GetConsoleOutputCP
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
MessageBoxA
Number of PE resources by type
RT_ICON 9
NUIBVGFR 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL DEFAULT 10
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:08:17 15:35:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
78848

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x4ee2

InitializedDataSize
459264

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 a195f2def0926e03476a66194739bc85
SHA1 6230492c93c214992493e2059e2297280f11e720
SHA256 1d9f862e6c940668f163faf96ecf36dead6a4d6836772ab517e650ea7ad13419
ssdeep
6144:jdzuf5NFrUJ7FXJm/1+cITUJv5suNXlSsEnzF7qDaNi4XSucB/Icw/VECZsy+YM2:A5NCJS/07WZXXk5+m5dECZsy9f

authentihash 4f33af4627078549a399c82f9e330e4a66bdc255e359743293d106a9de855d45
imphash f2dfaa08fc563a1841a376f65d8c4f05
File size 526.5 KB ( 539136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-18 22:00:14 UTC ( 9 months, 1 week ago )
Last submission 2018-08-18 22:00:14 UTC ( 9 months, 1 week ago )
File names table.png
A195F2DEF0926E03476A66194739BC85.mlw
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections