× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 22a2b110e561bb5155cc85793d232ba9750aea25a4a9480a835e1fdd840d251d
File name: file677480536.exe
Detection ratio: 62 / 71
Analysis date: 2018-12-25 16:20:15 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20181224
Ad-Aware Win32.Sality.3 20181225
AegisLab Trojan.Win32.Xtreme.letd 20181225
AhnLab-V3 Win32/Kashu.E 20181224
ALYac Win32.Sality.3 20181225
Antiy-AVL Virus/Win32.Sality.gen 20181225
Arcabit Win32.Sality.3 20181225
Avast Win32:SaliCode 20181225
AVG Win32:SaliCode 20181225
Avira (no cloud) W32/Sality.AT 20181225
Baidu Win32.Virus.Sality.gen 20181207
BitDefender Win32.Sality.3 20181225
Bkav W32.Sality.PE 20181224
CAT-QuickHeal W32.Sality.U 20181225
ClamAV Win.Trojan.Agent-36788 20181225
Comodo Virus.Win32.Sality.gen@1egj5j 20181225
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.f5349e 20180225
Cylance Unsafe 20181225
Cyren W32/Sality.gen2 20181225
DrWeb Win32.Sector.30 20181225
eGambit Trojan.Generic 20181225
Emsisoft Win32.Sality.3 (B) 20181225
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 Win32/Sality.NBA 20181225
F-Prot W32/Sality.gen2 20181225
F-Secure Win32.Sality.3 20181225
Fortinet W32/Generic.AC.3EB7!tr 20181225
GData Win32.Virus.Sality.A 20181225
Ikarus Trojan-Spy.Win32.Zbot 20181225
Sophos ML heuristic 20181128
Jiangmin Win32/HLLP.Kuku.poly2 20181225
K7AntiVirus Trojan ( 004bcce41 ) 20181225
K7GW Trojan ( 004bcce41 ) 20181225
Kaspersky Virus.Win32.Sality.gen 20181225
Malwarebytes Backdoor.XTRat.Gen 20181225
MAX malware (ai score=83) 20181225
McAfee W32/Sality.gen.z 20181225
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20181225
Microsoft Virus:Win32/Sality.AT 20181225
eScan Win32.Sality.3 20181225
NANO-Antivirus Virus.Win32.Sality.beygb 20181225
Panda W32/Sality.AA 20181225
Qihoo-360 Virus.Win32.Sality.I 20181225
Rising Malware.Heuristic!ET#94% (RDM+:cmRtazpbZ6ha+IawXWlvgwGGfbXx) 20181225
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Sality-D 20181225
Symantec W32.Sality.AE 20181224
TACHYON Virus/W32.Sality.D 20181224
Tencent Virus.Win32.TuTu.Gen.200004 20181225
TheHacker W32/Sality.gen 20181225
TotalDefense Win32/Sality.AA 20181223
Trapmine malicious.high.ml.score 20181205
TrendMicro PE_SALITY.RL 20181225
TrendMicro-HouseCall PE_SALITY.RL 20181225
VBA32 Virus.Win32.Sality.bakc 20181222
VIPRE Virus.Win32.Sality.at (v) 20181222
ViRobot Win32.Sality.Gen.A 20181225
Yandex Win32.Sality.BL 20181223
Zillya Virus.Sality.Win32.25 20181222
ZoneAlarm by Check Point Virus.Win32.Sality.gen 20181225
Zoner Win32.Sality 20181225
Alibaba 20180921
Avast-Mobile 20181225
Babable 20180918
CMC 20181224
Kingsoft 20181225
Palo Alto Networks (Known Signatures) 20181225
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
Trustlook 20181225
Webroot 20181225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0004B870
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
URLDownloadToCacheFileW
RegCloseKey
NtUnmapViewOfSection
SysFreeString
SHGetMalloc
SHDeleteKeyW
CharNextW
FtpPutFileW
Number of PE resources by type
RT_RCDATA 3
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
4096

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x4b870

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
274432

File identification
MD5 019d195f5349e3824a4cfae7443da9d9
SHA1 3e3839f4b03dc7e1b1eaa7709bd586b967906471
SHA256 22a2b110e561bb5155cc85793d232ba9750aea25a4a9480a835e1fdd840d251d
ssdeep
3072:xNW7dEvosEuDrdAYyCfeAk2pm4iVPIGi0gB7vzfUJeZE/Fs:xNW7mv+u6jum4ipI50gZfCs

authentihash a2fc3bbbf5d04511961dfc4d8cbea4829aa8785f6d09697778141c44dff98509
imphash e0f7991d50ceee521d7190effa3c494e
File size 112.0 KB ( 114688 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe suspicious-udp

VirusTotal metadata
First submission 2018-12-25 16:20:15 UTC ( 2 months, 3 weeks ago )
Last submission 2018-12-25 16:20:15 UTC ( 2 months, 3 weeks ago )
File names file677480536.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications