× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2156f58490ddcfec23b4195d5699d7c9874491f3405ea4bb8ca4fd483a634cc2
File name: urlref_httpdupuis-informatique.chkas14.png
Detection ratio: 12 / 65
Analysis date: 2017-09-07 11:14:46 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20170907
AVG FileRepMalware 20170907
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20170907
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170907
Endgame malicious (high confidence) 20170821
Sophos ML heuristic 20170822
McAfee-GW-Edition BehavesLike.Win32.Downloader.gh 20170907
Palo Alto Networks (Known Signatures) generic.ml 20170907
Rising Trojan.GenKryptik!8.AA55 (tfe:2:qJTMRZXgq7C) 20170901
SentinelOne (Static ML) static engine - malicious 20170806
Symantec ML.Attribute.HighConfidence 20170907
Ad-Aware 20170907
AegisLab 20170907
AhnLab-V3 20170907
Alibaba 20170907
ALYac 20170907
Antiy-AVL 20170907
Arcabit 20170907
Avira (no cloud) 20170907
AVware 20170906
BitDefender 20170907
Bkav 20170907
CAT-QuickHeal 20170907
ClamAV 20170907
CMC 20170902
Comodo 20170907
Cyren 20170907
DrWeb 20170907
Emsisoft 20170907
ESET-NOD32 20170907
F-Prot 20170907
F-Secure 20170907
Fortinet 20170907
GData 20170907
Ikarus 20170907
Jiangmin 20170907
K7AntiVirus 20170907
K7GW 20170907
Kaspersky 20170907
Kingsoft 20170907
Malwarebytes 20170907
MAX 20170907
McAfee 20170907
Microsoft 20170907
eScan 20170907
NANO-Antivirus 20170907
nProtect 20170907
Panda 20170906
Qihoo-360 20170907
Sophos AV 20170907
SUPERAntiSpyware 20170907
Symantec Mobile Insight 20170907
Tencent 20170907
TheHacker 20170904
TotalDefense 20170907
TrendMicro 20170907
TrendMicro-HouseCall 20170907
Trustlook 20170907
VBA32 20170907
VIPRE 20170907
ViRobot 20170907
Webroot 20170907
WhiteArmor 20170829
Yandex 20170906
Zillya 20170907
ZoneAlarm by Check Point 20170907
Zoner 20170907
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-08 12:57:01
Entry Point 0x00001110
Number of sections 3
PE sections
PE imports
GetLastError
GetStartupInfoA
lstrcmpA
GetSystemInfo
GetModuleHandleA
lstrcatA
GetCurrentDirectoryA
lstrlenA
CreateFileA
GetVersionExA
_except_handler3
_acmdln
__p__fmode
_adjust_fdiv
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
_exit
__setusermatherr
__set_app_type
SetFocus
GetMessageA
GetParent
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
DrawFocusRect
FlashWindowEx
SetWindowPos
SetWindowLongW
GetWindowRect
DispatchMessageA
EndPaint
MoveWindow
TranslateMessage
DialogBoxParamA
GetScrollInfo
RegisterClassExA
DrawTextA
LoadBitmapW
LoadStringA
GetWindowLongW
SendMessageA
InvalidateRect
wsprintfA
DrawFrameControl
CreateWindowExA
LoadIconA
DeferWindowPos
GetClassNameA
EnableWindow
GetKeyState
IsChild
DestroyWindow
Number of PE resources by type
RT_MENU 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:04:08 13:57:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
34304

LinkerVersion
5.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1110

InitializedDataSize
461824

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 967b60fcdb9b6333fcfa3e4bcfc1856f
SHA1 756799245bc3ec264c6b0b6f3711010d4925fb42
SHA256 2156f58490ddcfec23b4195d5699d7c9874491f3405ea4bb8ca4fd483a634cc2
ssdeep
12288:uXrrAA1AtA28z7s+QVJNlGFSZTpQmIxzjt:UAA1iALQVNVKFj

authentihash ae43e3ad0d96b80d6dee512421b7524eba3ae8e470ae0c853289cfda857b294d
imphash f6f3e62da61d31674c8f96b61177c25f
File size 485.5 KB ( 497152 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-07 11:14:46 UTC ( 1 year, 5 months ago )
Last submission 2018-05-22 16:58:44 UTC ( 8 months, 4 weeks ago )
File names 967b60fcdb9b6333fcfa3e4bcfc1856f.vir
kas14.png
kas14.png.exe
plkmssclx.exe
urlref_httpdupuis-informatique.chkas14.png
plrn.exE.11.dr
kas14.png.exe
967b60fcdb9b6333fcfa3e4bcfc1856f.vir
jar03.png.exe
VirusShare_967b60fcdb9b6333fcfa3e4bcfc1856f
jar03.png.exe
plkmssclx.exE
kas14.png.exe
kas14.png.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications