× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 20e983e90144c385996eeb2edb584d654d898c34725e149682170f870ee12870
File name: output.115171427.txt
Detection ratio: 45 / 70
Analysis date: 2019-02-08 02:34:00 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40428589 20190208
AhnLab-V3 Trojan/Win32.Agent.C2592153 20190208
ALYac Trojan.GenericKD.40428589 20190208
Arcabit Trojan.Generic.D268E42D 20190208
Avast Win32:Malware-gen 20190208
AVG Win32:Malware-gen 20190208
Avira (no cloud) TR/Agent.qmasq 20190207
BitDefender Trojan.GenericKD.40428589 20190208
Comodo Malware@#3lk1cktvbr06n 20190208
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20181023
Cybereason malicious.6e3646 20190109
Cylance Unsafe 20190208
Cyren W32/Zbot.GH.gen!Eldorado 20190208
Emsisoft Trojan.GenericKD.40428589 (B) 20190208
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 Win32/Agent.ZRD 20190207
F-Prot W32/Zbot.GH.gen!Eldorado 20190208
F-Secure Trojan.TR/Agent.qmasq 20190208
Fortinet W32/PossibleThreat 20190207
GData Trojan.GenericKD.40428589 20190208
Ikarus Trojan.Win32.Agent 20190207
K7AntiVirus Trojan ( 0053385b1 ) 20190208
K7GW Trojan ( 0053385b1 ) 20190207
Kaspersky UDS:DangerousObject.Multi.Generic 20190208
Malwarebytes Trojan.MalPack.UPX 20190208
McAfee Artemis!E5C9A456E364 20190208
McAfee-GW-Edition BehavesLike.Win32.Downloader.vc 20190207
Microsoft Trojan:Win32/Occamy.C 20190208
eScan Trojan.GenericKD.40428589 20190208
NANO-Antivirus Trojan.Win32.Generic.fidvcz 20190207
Palo Alto Networks (Known Signatures) generic.ml 20190208
Panda Trj/RnkBend.A 20190207
Qihoo-360 HEUR/QVM11.1.78AF.Malware.Gen 20190208
Rising Trojan.Tilken!8.F605 (CLOUD) 20190208
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Generic-S 20190208
Symantec ML.Attribute.HighConfidence 20190207
Tencent Win32.Trojan.Generic.Alsj 20190208
Trapmine malicious.high.ml.score 20190123
TrendMicro Trojan.Win32.MALREP.THBOAAI 20190207
TrendMicro-HouseCall Trojan.Win32.MALREP.THBOAAI 20190208
ViRobot Trojan.Win32.Z.Agent.2206720.G 20190207
Webroot W32.Malware.Gen 20190208
Zillya Trojan.Agent.Win32.971999 20190207
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190208
Acronis 20190130
AegisLab 20190208
Alibaba 20180921
Antiy-AVL 20190208
Avast-Mobile 20190207
Babable 20180918
Baidu 20190202
Bkav 20190201
CAT-QuickHeal 20190206
ClamAV 20190207
CMC 20190207
DrWeb 20190208
eGambit 20190208
Sophos ML 20181128
Jiangmin 20190207
Kingsoft 20190208
MAX 20190208
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190207
TACHYON 20190208
TheHacker 20190203
TotalDefense 20190206
Trustlook 20190208
VBA32 20190207
Yandex 20190206
Zoner 20190208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-25 14:16:56
Entry Point 0x00530540
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
timeEndPeriod
WSAGetOverlappedResult
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:06:25 16:16:56+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2207744

LinkerVersion
2.28

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x530540

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
3231744

Execution parents
Compressed bundles
File identification
MD5 e5c9a456e3646af493e694d7640a93b6
SHA1 ef5d785570e2dbd6d4a22a41e6a93b300fd9f73e
SHA256 20e983e90144c385996eeb2edb584d654d898c34725e149682170f870ee12870
ssdeep
49152:5YiBzvaeow0KdypPkaBxpNFpG37IT3WpEG:xzaw0OypdBHLe7ITkl

authentihash e0397a8a5db50aaf1019f42d576883b8795ecc2f4d652c226c859ec0bebe2e05
imphash 02c1de0d2fa1f59a1ea0088678b855f1
File size 2.1 MB ( 2206720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (31.0%)
Win32 EXE Yoda's Crypter (30.4%)
Microsoft Visual C++ compiled executable (generic) (18.9%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.1%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-06-27 03:00:44 UTC ( 11 months ago )
Last submission 2019-04-18 18:40:10 UTC ( 1 month ago )
File names output.114787575.txt
output.114136673.txt
output.114308489.txt
20e983e90144c385996eeb2edb584d654d898c34725e149682170f870ee12870.bin
output.124323979.txt
vc.exe
output.114941359.txt
output.115171427.txt
output.115236345.txt
vc.exe
vc.exe
output.113927720.txt
vc.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs