× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1dc05ca19c6372d42564f357220cd5afa77eca271eb592ad73e1e2abcabe6f70
File name: nwi7301851177590720855.bin
Detection ratio: 55 / 65
Analysis date: 2018-06-13 08:49:12 UTC ( 1 week, 2 days ago )
Antivirus Result Update
Ad-Aware Trojan.PWS.ZKD 20180613
AegisLab Troj.W32.naKocTb.tnB5 20180613
AhnLab-V3 Trojan/Win32.naKocTb.C1575888 20180612
ALYac Trojan.PWS.ZKD 20180613
Antiy-AVL Trojan/Win32.SGeneric 20180613
Arcabit Trojan.PWS.ZKD 20180613
Avast Win32:LokiBot-A [Trj] 20180613
AVG Win32:LokiBot-A [Trj] 20180613
Avira (no cloud) TR/Crypt.XPACK.Gen 20180613
AVware Trojan.Win32.Generic!BT 20180613
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9723 20180612
BitDefender Trojan.PWS.ZKD 20180613
Bkav W32.TasumisCAK.Trojan 20180612
CAT-QuickHeal Trojan.Mauvaise.SL1 20180613
ClamAV Win.Trojan.naKocTb-6331389-1 20180613
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180530
Cybereason malicious.da9b4c 20180225
Cylance Unsafe 20180613
Cyren W32/Trojan.LAPN-1109 20180613
DrWeb Trojan.PWS.Stealer.23680 20180613
Emsisoft Trojan-PSW.Fareit (A) 20180613
Endgame malicious (high confidence) 20180612
ESET-NOD32 Win32/PSW.Fareit.L 20180613
F-Prot W32/Trojan2.PBTA 20180613
F-Secure Trojan.PWS.ZKD 20180613
Fortinet W32/Generic.AP.BA928!tr 20180613
GData Trojan.PWS.ZKD 20180613
Ikarus Trojan-Spy.LokiBot 20180612
Sophos ML heuristic 20180601
Jiangmin Trojan.naKocTb.l 20180613
K7AntiVirus Password-Stealer ( 004d5a661 ) 20180613
K7GW Password-Stealer ( 004d5a661 ) 20180613
Kaspersky Trojan.Win32.Agentb.bvrg 20180613
Malwarebytes Spyware.LokiBot 20180613
MAX malware (ai score=100) 20180613
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20180613
Microsoft PWS:Win32/Dyzap.X 20180613
eScan Trojan.PWS.ZKD 20180613
NANO-Antivirus Trojan.Win32.Stealer.eshrhl 20180613
Palo Alto Networks (Known Signatures) generic.ml 20180613
Panda Trj/GdSda.A 20180612
Qihoo-360 Win32/Trojan.PWS.f41 20180613
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Troj/Fareit-CHG 20180613
Symantec Infostealer!im 20180613
TACHYON Trojan/W32.naKocTb.106496 20180613
TheHacker Trojan/Fareit.l 20180608
TrendMicro TSPY_LOKI.SMA 20180613
TrendMicro-HouseCall TSPY_LOKI.SMA 20180613
VBA32 Trojan.naKocTb 20180612
ViRobot Trojan.Win32.Agent.106496.HD 20180613
Webroot W32.Trojan.Gen 20180613
Yandex Trojan.Agentb!gLd8Y4QbAD8 20180613
ZoneAlarm by Check Point Trojan.Win32.Agentb.bvrg 20180613
Zoner Trojan.Nakoctb 20180612
Alibaba 20180613
Avast-Mobile 20180612
Babable 20180406
CMC 20180612
Comodo 20180613
eGambit 20180613
Kingsoft 20180613
Rising 20180613
SUPERAntiSpyware 20180613
Symantec Mobile Insight 20180605
Tencent 20180613
Trustlook 20180613
VIPRE 20180613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-06-23 16:04:21
Entry Point 0x000139DE
Number of sections 4
PE sections
PE imports
HeapAlloc
GetLastError
HeapFree
SetLastError
GetProcessHeap
SysFreeString
VariantInit
SysAllocString
getaddrinfo
socket
recv
send
WSAStartup
freeaddrinfo
connect
closesocket
CoUninitialize
CoCreateInstance
CoInitialize
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:06:23 17:04:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
79872

LinkerVersion
12.0

EntryPoint
0x139de

InitializedDataSize
565760

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 a4209c6da9b4c1471675e447f2b9c4d5
SHA1 231d4d5956e355d6110c79d8b5c95aa57580bd50
SHA256 1dc05ca19c6372d42564f357220cd5afa77eca271eb592ad73e1e2abcabe6f70
ssdeep
1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

authentihash 29bf7716fbf258767e7519c50533fb7791e28fd9c9424be2b9af25c26e068aa2
imphash 0239fd611af3d0e9b0c46c5837c80e09
File size 104.0 KB ( 106496 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-05 15:27:13 UTC ( 2 weeks, 2 days ago )
Last submission 2018-06-05 15:27:13 UTC ( 2 weeks, 2 days ago )
File names nwi7301851177590720855.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections