× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 24cdcb687b24bb43e278d5a226e1aecf3b12940f51d08acfdbc618cac15c762f
File name: IKCust07_SP4.exe
Detection ratio: 20 / 68
Analysis date: 2018-10-03 00:59:23 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40403335 20181003
AegisLab Troj.Generickd!c 20181003
ALYac Trojan.GenericKD.40403335 20181003
Arcabit Trojan.Generic.D2688187 20181003
Avira (no cloud) HEUR/AGEN.1022562 20181003
BitDefender Trojan.GenericKD.40403335 20181003
CAT-QuickHeal Trojan.Fuerboos 20181001
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cylance Unsafe 20181003
Cyren W32/Trojan.VRJZ-3675 20181003
Emsisoft Trojan.GenericKD.40403335 (B) 20181003
F-Secure Trojan.GenericKD.40403335 20181002
GData Trojan.GenericKD.40403335 20181003
Sophos ML heuristic 20180717
MAX malware (ai score=97) 20181003
McAfee Artemis!6FCD497E4B29 20181003
McAfee-GW-Edition BehavesLike.Win32.Generic.tc 20181002
Microsoft Trojan:Win32/Zpevdo.A 20181002
eScan Trojan.GenericKD.40403335 20181003
TrendMicro-HouseCall TROJ_GEN.R002H09HG18 20181003
AhnLab-V3 20181002
Alibaba 20180921
Antiy-AVL 20181003
Avast 20181003
Avast-Mobile 20181002
AVG 20181003
AVware 20180925
Babable 20180918
Baidu 20180930
Bkav 20181002
ClamAV 20181002
CMC 20181002
Comodo 20181003
Cybereason 20180225
DrWeb 20181003
eGambit 20181003
Endgame 20180730
ESET-NOD32 20181002
F-Prot 20181003
Fortinet 20181003
Ikarus 20181002
Jiangmin 20181003
K7AntiVirus 20181002
K7GW 20181001
Kaspersky 20181003
Kingsoft 20181003
Malwarebytes 20181003
NANO-Antivirus 20181003
Palo Alto Networks (Known Signatures) 20181003
Panda 20181002
Qihoo-360 20181003
Rising 20181002
SentinelOne (Static ML) 20180926
Sophos AV 20181003
SUPERAntiSpyware 20180907
Symantec 20181002
Symantec Mobile Insight 20181001
TACHYON 20181003
Tencent 20181003
TheHacker 20181001
TotalDefense 20181002
TrendMicro 20181002
Trustlook 20181003
VBA32 20181002
VIPRE 20181003
ViRobot 20181002
Webroot 20181003
Zillya 20181002
ZoneAlarm by Check Point 20180925
Zoner 20181002
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
FUJIFILM UK LTD

File version 1.0.0.30
Description IKCust03 Service Pack 1
Comments IKCust03 Service Pack 1
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-14 13:42:03
Entry Point 0x005C91D0
Number of sections 3
PE sections
PE imports
ImageList_Remove
GetOpenFileNameW
LineTo
IcmpSendEcho
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetUseConnectionW
VariantInit
GetProcessMemoryInfo
DragFinish
LoadUserProfileW
IsThemeActive
VerQueryValueW
FtpOpenFileW
timeGetTime
connect
CoGetObject
Number of PE resources by type
RT_STRING 7
RT_ICON 4
RT_GROUP_ICON 4
RT_MANIFEST 1
RT_MENU 1
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 18
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
5709824

Comments
IKCust03 Service Pack 1

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.0.0.30

LanguageCode
English (British)

FileFlagsMask
0x0000

FileDescription
IKCust03 Service Pack 1

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
5189632

EntryPoint
0x5c91d0

MIMEType
application/octet-stream

LegalCopyright
FUJIFILM UK LTD

FileVersion
1.0.0.30

TimeStamp
2017:09:14 15:42:03+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
3.3.14.2

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
356352

FileSubtype
0

ProductVersionNumber
3.3.14.2

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 6fcd497e4b296f2ac259bfcf9b3ab59c
SHA1 7325dbf855de6bc2c41021495cf8fd00318c085a
SHA256 24cdcb687b24bb43e278d5a226e1aecf3b12940f51d08acfdbc618cac15c762f
ssdeep
98304:6b+FeYDYQapNpeRZCBVvLwD1isEaDpdZIdU4sldGUFNYkxlhR92XI:6b+FtxIpeRZCBBLaP1jmSldVFNYOD

authentihash 2da30a3d2a5331a65e1ac814c8ae2a14df2795fed2750687bac51386a91c12d4
imphash fc6683d30d9f25244a50fd5357825e79
File size 5.3 MB ( 5540352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (28.0%)
UPX compressed Win32 Executable (27.5%)
Win32 EXE Yoda's Crypter (27.0%)
Win32 Dynamic Link Library (generic) (6.6%)
Win32 Executable (generic) (4.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-05-01 04:25:23 UTC ( 1 year ago )
Last submission 2019-01-22 08:22:48 UTC ( 4 months ago )
File names IKCust07_SP4.exe
8d1ed0d9b5800ce084073b3384379bad25c10fb6
6fcd497e4b296f2ac259bfcf9b3ab59c
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Searched windows
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.