× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 24b5a50177d2e76fd4c8041b97556b4635f7f1544eeeb58a07876484b90a6e99
File name: .
Detection ratio: 9 / 69
Analysis date: 2019-01-04 16:42:54 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20190104
AVG Win32:Malware-gen 20190104
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181022
Endgame malicious (high confidence) 20181108
Kaspersky UDS:DangerousObject.Multi.Generic 20190104
Microsoft Trojan:Win32/MereTam.A 20190104
Trapmine suspicious.low.ml.score 20190103
VBA32 BScope.TrojanBanker.Trickster 20190104
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190104
Acronis 20181227
Ad-Aware 20190104
AegisLab 20190104
AhnLab-V3 20190104
Alibaba 20180921
ALYac 20190104
Antiy-AVL 20190104
Arcabit 20190104
Avast-Mobile 20190104
Avira (no cloud) 20190104
Babable 20180918
Baidu 20190104
BitDefender 20190104
Bkav 20190104
CAT-QuickHeal 20190104
ClamAV 20190104
CMC 20190103
Comodo 20190104
Cybereason 20180225
Cyren 20190104
DrWeb 20190104
eGambit 20190104
Emsisoft 20190104
ESET-NOD32 20190104
F-Prot 20190104
F-Secure 20190104
Fortinet 20190104
GData 20190104
Ikarus 20190104
Sophos ML 20181128
Jiangmin 20190104
K7AntiVirus 20190104
K7GW 20190104
Kingsoft 20190104
Malwarebytes 20190104
MAX 20190104
McAfee 20190104
McAfee-GW-Edition 20190104
eScan 20190104
NANO-Antivirus 20190104
Palo Alto Networks (Known Signatures) 20190104
Panda 20190104
Qihoo-360 20190104
Rising 20190104
SentinelOne (Static ML) 20181223
Sophos AV 20190104
SUPERAntiSpyware 20190102
Symantec 20190104
TACHYON 20190104
Tencent 20190104
TheHacker 20190104
TotalDefense 20190104
TrendMicro 20190104
TrendMicro-HouseCall 20190104
Trustlook 20190104
ViRobot 20190104
Webroot 20190104
Yandex 20181229
Zillya 20190103
Zoner 20190104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-03 11:50:56
Entry Point 0x000012A0
Number of sections 8
PE sections
Overlays
MD5 1015485101d22b95edb3e58541ab8f8a
File type data
Offset 375296
Size 45937
Entropy 4.43
PE imports
GetLastError
EnterCriticalSection
WaitForSingleObject
ExitProcess
TlsAlloc
VirtualProtect
LoadLibraryA
DeleteCriticalSection
ReleaseSemaphore
InterlockedDecrement
GetProcAddress
CreateSemaphoreA
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
CloseHandle
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
TlsSetValue
CreateFileA
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
ShowWindow
__p__fmode
malloc
__p__environ
realloc
atexit
abort
_setmode
printf
strlen
_cexit
fputc
fwrite
_onexit
fputs
_strdup
sprintf
memcmp
strchr
free
vfprintf
__getmainargs
calloc
_write
memcpy
signal
__set_app_type
strcmp
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:01:03 11:50:56+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
167424

LinkerVersion
2.23

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit, No debug

EntryPoint
0x12a0

InitializedDataSize
374272

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
5632

File identification
MD5 f1f00292eab55b55b7a43be5348ebeaf
SHA1 45aa99610ead3805bad44b1c04705b0c57a22629
SHA256 24b5a50177d2e76fd4c8041b97556b4635f7f1544eeeb58a07876484b90a6e99
ssdeep
6144:tRNqnwwnFTIs3B0AIRCrCcJDa7/j3E/sUbNxCuvK5Th4pog3RRPEUnBqJQ/5867/:TgnwwtIwB0tRCPVEUbNKZh4Sg7LD

authentihash 26237939b50bfb811534f9e04ce7c822617c9491f221261205815add14389deb
imphash 64fbdd99e1d51de409c7a28cd06afd57
File size 411.4 KB ( 421233 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-01-04 16:42:54 UTC ( 1 month, 2 weeks ago )
Last submission 2019-01-04 16:42:54 UTC ( 1 month, 2 weeks ago )
File names .
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs