× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2127a2f7c3214224f299f31674e720c56df65e7670dd09f7d27730845bd83279
File name: output.113438381.txt
Detection ratio: 15 / 67
Analysis date: 2018-06-14 15:09:29 UTC ( 8 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180614
AVG FileRepMalware 20180614
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180614
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.0d6209 20180225
Cylance Unsafe 20180614
Endgame malicious (high confidence) 20180612
Sophos ML heuristic 20180601
McAfee Emotet-FHK!084E83EEAB83 20180614
Microsoft Trojan:Win32/Azden.B!cl 20180614
Palo Alto Networks (Known Signatures) generic.ml 20180614
Qihoo-360 HEUR/QVM20.1.D717.Malware.Gen 20180614
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180614
Symantec ML.Attribute.HighConfidence 20180614
Ad-Aware 20180614
AegisLab 20180614
AhnLab-V3 20180614
Alibaba 20180614
ALYac 20180614
Antiy-AVL 20180614
Arcabit 20180614
Avast-Mobile 20180613
Avira (no cloud) 20180614
AVware 20180614
Babable 20180406
BitDefender 20180614
Bkav 20180614
CAT-QuickHeal 20180614
ClamAV 20180614
CMC 20180614
Comodo 20180613
Cyren 20180614
DrWeb 20180614
eGambit 20180614
Emsisoft 20180614
ESET-NOD32 20180614
F-Prot 20180614
F-Secure 20180614
Fortinet 20180614
GData 20180614
Ikarus 20180614
Jiangmin 20180614
K7AntiVirus 20180614
K7GW 20180614
Kaspersky 20180614
Kingsoft 20180614
MAX 20180614
McAfee-GW-Edition 20180613
eScan 20180614
NANO-Antivirus 20180614
Panda 20180614
Rising 20180614
SUPERAntiSpyware 20180614
Symantec Mobile Insight 20180614
TACHYON 20180614
Tencent 20180614
TheHacker 20180613
TotalDefense 20180614
TrendMicro 20180614
TrendMicro-HouseCall 20180614
Trustlook 20180614
VBA32 20180614
VIPRE 20180614
ViRobot 20180614
Webroot 20180614
Yandex 20180614
Zillya 20180614
ZoneAlarm by Check Point 20180614
Zoner 20180613
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-14 21:41:03
Entry Point 0x00001A79
Number of sections 6
PE sections
PE imports
GetOldestEventLogRecord
EnumServicesStatusW
GetDeviceCaps
PlayMetaFileRecord
GetArcDirection
CreateHalftonePalette
CopyEnhMetaFileW
GetTextExtentExPointI
GetBkMode
GetCurrentObject
GlobalSize
GetTickCount64
GlobalGetAtomNameW
SetThreadUILanguage
GetPriorityClass
lstrcmpiA
GetCurrentConsoleFontEx
GetDynamicTimeZoneInformation
GetCommandLineA
LocalUnlock
GetLocaleInfoEx
VarR8FromR4
SafeArrayCopy
I_RpcServerRegisterForwardFunction
RpcServerUseProtseqA
RpcServerRegisterIf
RpcAsyncInitializeHandle
SetupOpenLog
GetMenuContextHelpId
GetDCEx
GetParent
GetQueueStatus
SetMenu
AnyPopup
GetCapture
PeekMessageA
ChildWindowFromPoint
GetAncestor
CloseWindowStation
CallNextHookEx
AddPrinterConnectionW
SCardSetCardTypeProviderNameW
OleCreateEmbeddingHelper
CoInternetCreateZoneManager
Number of PE resources by type
RT_MENU 1
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:06:14 23:41:03+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
16896

LinkerVersion
14.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1a79

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 084e83eeab8396dc1a828e50d3648c79
SHA1 d444a190d62098859a623b2a81e7b245f73a4d85
SHA256 2127a2f7c3214224f299f31674e720c56df65e7670dd09f7d27730845bd83279
ssdeep
3072:XJN9hG9nOWMFr4b3LHw5QT4t4MEzQmcqoZhviIwfmuaRzv4M+tmelnT2TuW:ZNvxWM2b3Tw5KM9jbbvAaRzv4Me

authentihash b5deca564fef8365f651ae870da2a33f87345779245c2ebc4ee2c0a04ac9328b
imphash 4d67c3492675100323aba063f6acf92c
File size 188.0 KB ( 192512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-14 15:04:14 UTC ( 8 months, 1 week ago )
Last submission 2018-06-14 15:09:29 UTC ( 8 months, 1 week ago )
File names 2773619415.exe
output.113438381.txt
0248153885.exe
542144542.exe
58863442933.exe
686013665178.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!