× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 220fca2619f880c3f93288c59bcf2e4d04aac0a18c3e5591da53592f62703736
Detection ratio: 36 / 65
Analysis date: 2017-10-06 15:31:06 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12449556 20171006
AegisLab Uds.Dangerousobject.Multi!c 20171006
AhnLab-V3 Trojan/Win32.Trickbot.C2181247 20171006
Arcabit Trojan.Generic.DBDF714 20171006
Avast Win32:Malware-gen 20171006
AVG Win32:Malware-gen 20171006
Avira (no cloud) TR/Crypt.ZPACK.dbimj 20171006
AVware Trojan.Win32.Generic!BT 20171006
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9982 20170930
BitDefender Trojan.GenericKD.12449556 20171006
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20171006
Cyren W32/Trojan.KKMW-0444 20171006
DrWeb Trojan.Trick.45135 20171006
Emsisoft Trojan.GenericKD.12449556 (B) 20171006
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Kryptik.FXJG 20171006
F-Secure Trojan.GenericKD.12449556 20171006
Fortinet W32/Kryptik.FXJG!tr 20171006
GData Trojan.GenericKD.12449556 20171006
Ikarus Trojan.Win32.Crypt 20171006
K7GW Trojan ( 005189d81 ) 20171006
Kaspersky Trojan.Win32.Mansabo.qu 20171006
MAX malware (ai score=38) 20171006
McAfee RDN/Generic.grp 20171006
McAfee-GW-Edition Artemis!Trojan 20171006
eScan Trojan.GenericKD.12449556 20171006
Palo Alto Networks (Known Signatures) generic.ml 20171006
Rising Malware.Heuristic!ET#95% (RDM+:cmRtazpA1vsgEMVLJKkG89jOwXww) 20171006
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/Generic-S 20171006
Symantec Trojan.Gen.2 20171006
TrendMicro-HouseCall Suspicious_GEN.F47V1005 20171006
VIPRE Trojan.Win32.Generic!BT 20171006
Webroot W32.Smbexploit.Trickbot 20171006
ZoneAlarm by Check Point Trojan.Win32.Mansabo.qu 20171006
Alibaba 20170911
ALYac 20171006
Antiy-AVL 20171006
Avast-Mobile 20171006
Bkav 20171006
CAT-QuickHeal 20171006
ClamAV 20171006
CMC 20171006
Comodo 20171006
F-Prot 20171006
Sophos ML 20170914
Jiangmin 20171006
K7AntiVirus 20171006
Kingsoft 20171006
Malwarebytes 20171006
Microsoft 20171006
NANO-Antivirus 20171006
nProtect 20171006
Panda 20171006
Qihoo-360 20171006
SUPERAntiSpyware 20171006
Symantec Mobile Insight 20171006
Tencent 20171006
TheHacker 20171002
TrendMicro 20171006
Trustlook 20171006
VBA32 20171006
ViRobot 20171006
WhiteArmor 20170927
Yandex 20171005
Zillya 20171006
Zoner 20171006
The file being studied is a Portable Executable file! More specifically, it is a unknown file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-24 22:42:25
Entry Point 0x000013D0
Number of sections 4
PE sections
PE imports
CreateCompatibleDC
GetLastError
GetStartupInfoA
GetModuleHandleA
GetCommandLineW
GetCurrentDirectoryA
CreateFileMappingA
CreateFileA
_except_handler3
__p__fmode
_exit
_adjust_fdiv
memset
__p__commode
_controlfp
__p__acmdln
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
strlen
strcmp
__set_app_type
CommandLineToArgvW
GetMessageA
UpdateWindow
EndDialog
PostQuitMessage
DefWindowProcA
ShowWindow
GetWindowRect
DispatchMessageA
TranslateMessage
DialogBoxParamA
GetScrollInfo
RegisterClassExA
RemovePropA
LoadStringA
SendMessageA
CreateWindowExA
ScreenToClient
LoadAcceleratorsA
wsprintfA
SetTimer
LoadCursorA
TranslateAcceleratorA
GetClassNameA
GetWindowTextA
DestroyWindow
Number of PE resources by type
RT_STRING 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:04:24 15:42:25-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
112128

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
353280

SubsystemVersion
4.0

EntryPoint
0x13d0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 cdbbc857875e7488eb6ce02e96316f97
SHA1 530ad6a957e1e29eaf294dea0368f35e1b77fe79
SHA256 220fca2619f880c3f93288c59bcf2e4d04aac0a18c3e5591da53592f62703736
ssdeep

authentihash e8ba776c0bc1724cc680ecc50930665273d8bb7068178eb7154973bbd69b0156
imphash 4f299ddf0f348cd766d884cd5d70f45e
File size 453.5 KB ( 464384 bytes )
File type unknown
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
VirusTotal metadata
First submission 2017-10-05 15:28:07 UTC ( 1 year, 6 months ago )
Last submission 2018-05-09 17:44:17 UTC ( 11 months, 2 weeks ago )
File names tfdisvd.exe
toler.png
samples 06_10_2017 (83)
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications