× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2670973b57345f57551dd09902e901e8a2a0c049b44db2528580e91669665b2b
File name: output.114737005.txt
Detection ratio: 48 / 69
Analysis date: 2019-01-31 19:58:46 UTC ( 3 months, 3 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190130
Ad-Aware Trojan.GenericKD.31403945 20190131
AhnLab-V3 Trojan/Win32.Agent.R248960 20190131
Antiy-AVL Trojan/Win32.Propagate 20190131
Arcabit Trojan.Generic.D1DF2FA9 20190131
Avast Win32:Trojan-gen 20190131
AVG Win32:Trojan-gen 20190131
Avira (no cloud) TR/Crypt.ZPACK.267097 20190131
BitDefender Trojan.GenericKD.31403945 20190131
CAT-QuickHeal Trojan.Sonbokli 20190131
Comodo Malware@#175qjd1adt9h7 20190131
Cybereason malicious.de5083 20190109
Cylance Unsafe 20190131
Cyren W32/Trojan.IIEI-0682 20190131
DrWeb Trojan.PWS.Spy.21017 20190131
Emsisoft Trojan.GenericKD.31403945 (B) 20190131
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Generik.JKQNQKR 20190131
F-Secure Trojan.GenericKD.31403945 20190131
Fortinet W32/Kryptik.GOVE!tr 20190131
GData Trojan.GenericKD.31403945 20190131
Ikarus Trojan-Downloader.Win32.SmokeLoader 20190131
Sophos ML heuristic 20181128
Jiangmin TrojanSpy.Noon.ebc 20190131
K7AntiVirus Riskware ( 0040eff71 ) 20190131
K7GW Riskware ( 0040eff71 ) 20190131
Kaspersky Trojan.Win32.Propagate.cge 20190131
Malwarebytes Trojan.Dropper 20190131
McAfee GenericRXGQ-YQ!97496A8DE508 20190131
McAfee-GW-Edition GenericRXGQ-YQ!97496A8DE508 20190131
Microsoft Trojan:Win32/Occamy.C 20190131
eScan Trojan.GenericKD.31403945 20190131
NANO-Antivirus Trojan.Win32.Propagate.flbbtk 20190131
Palo Alto Networks (Known Signatures) generic.ml 20190131
Panda Trj/GdSda.A 20190131
Qihoo-360 Win32/Trojan.3fe 20190131
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20190131
Sophos AV Troj/Fondu-GH 20190131
SUPERAntiSpyware Trojan.Agent/Gen-Downloader 20190130
Symantec Trojan.Gen.2 20190131
Tencent Win32.Trojan.Propagate.Hssf 20190131
Trapmine malicious.moderate.ml.score 20190123
TrendMicro TROJ_GEN.F0C2C00LB18 20190131
TrendMicro-HouseCall TROJ_GEN.F0C2C00LB18 20190131
VBA32 Trojan.Sonbokli 20190131
Webroot W32.Trojan.Gen 20190131
Zillya Trojan.Propagate.Win32.1090 20190131
ZoneAlarm by Check Point Trojan.Win32.Propagate.cge 20190131
AegisLab 20190131
Alibaba 20180921
Avast-Mobile 20190131
Babable 20180918
Baidu 20190131
Bkav 20190130
ClamAV 20190131
CMC 20190131
CrowdStrike Falcon (ML) 20181023
eGambit 20190131
F-Prot 20190131
Kingsoft 20190131
MAX 20190131
SentinelOne (Static ML) 20190124
TACHYON 20190131
TheHacker 20190131
TotalDefense 20190131
Trustlook 20190131
ViRobot 20190131
Yandex 20190129
Zoner 20190131
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 0.1.0.19
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 11:33:47
Entry Point 0x0000ED20
Number of sections 6
PE sections
PE imports
RegQueryValueA
RegOpenKeyExA
RegCloseKey
GetObjectA
CreateFontIndirectA
GetTextExtentPoint32A
GetStockObject
FreeLibrary
DeleteCriticalSection
GetStartupInfoA
CreateProcessA
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleA
lstrcatA
WaitForSingleObject
SetEvent
GetWindowsDirectoryA
lstrcpyA
Sleep
ResetEvent
GetLogicalDrives
VirtualProtect
GetProcAddress
LoadLibraryA
LeaveCriticalSection
Ord(6197)
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(2299)
Ord(6883)
Ord(2124)
Ord(2023)
Ord(3626)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3721)
Ord(3610)
Ord(5290)
Ord(2446)
Ord(2370)
Ord(2864)
Ord(5875)
Ord(4441)
Ord(2915)
Ord(5628)
Ord(809)
Ord(795)
Ord(616)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(909)
Ord(4425)
Ord(5199)
Ord(567)
Ord(941)
Ord(4465)
Ord(609)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(3797)
Ord(1105)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(348)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(4218)
Ord(5307)
Ord(801)
Ord(3574)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(556)
Ord(6376)
Ord(3584)
Ord(1727)
Ord(2365)
Ord(543)
Ord(2642)
Ord(696)
Ord(2379)
Ord(2725)
Ord(3874)
Ord(4998)
Ord(823)
Ord(5572)
Ord(656)
Ord(3749)
Ord(2512)
Ord(470)
Ord(541)
Ord(2578)
Ord(4274)
Ord(394)
Ord(6143)
Ord(2859)
Ord(3259)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2860)
Ord(6375)
Ord(324)
Ord(2621)
Ord(4398)
Ord(1088)
Ord(3262)
Ord(1576)
Ord(2614)
Ord(4353)
Ord(2575)
Ord(803)
Ord(5065)
Ord(4407)
Ord(4275)
Ord(3663)
Ord(3346)
Ord(858)
Ord(2396)
Ord(6358)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(926)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(2818)
Ord(4160)
Ord(4376)
Ord(3402)
Ord(3582)
Ord(800)
Ord(535)
Ord(2411)
Ord(3830)
Ord(2122)
Ord(2385)
Ord(3619)
Ord(663)
Ord(3079)
Ord(4396)
Ord(6334)
Ord(6880)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(1776)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4185)
Ord(4622)
Ord(561)
Ord(5261)
Ord(2302)
Ord(924)
Ord(4486)
Ord(4698)
Ord(2976)
Ord(5163)
Ord(6055)
Ord(6199)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
??0Init@ios_base@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1_Winit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0_Winit@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1Init@ios_base@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
_except_handler3
_acmdln
_XcptFilter
__CxxFrameHandler
_setmbcp
_exit
_adjust_fdiv
memset
__p__commode
__dllonexit
_onexit
_controlfp
strcpy
__p__fmode
_mbsstr
__getmainargs
exit
_initterm
strlen
__setusermatherr
__set_app_type
ShellExecuteA
RedrawWindow
GetParent
PostMessageA
EnumWindows
ReleaseCapture
CopyIcon
KillTimer
MessageBeep
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
InflateRect
EnableWindow
SetCapture
DrawIcon
SetWindowLongA
GetSysColor
GetDC
DestroyCursor
ReleaseDC
SendMessageA
GetClientRect
IsIconic
InvalidateRect
SetTimer
LoadCursorA
LoadIconA
FlashWindow
GetSystemMenu
SetCursor
PtInRect
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
0.1.0.19

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Taiwan (Big5)

InitializedDataSize
122880

EntryPoint
0xed20

MIMEType
application/octet-stream

FileVersion
0.1.0.19

TimeStamp
2016:12:06 12:33:47+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ASUSTeK Computer Inc.

CodeSize
61440

FileSubtype
0

ProductVersionNumber
0.1.0.19

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 97496a8de5083dff1a3d39e10e64de29
SHA1 2482c92a4d8ac1ccb2af4e7722d8ff3342f55e95
SHA256 2670973b57345f57551dd09902e901e8a2a0c049b44db2528580e91669665b2b
ssdeep
3072:34vhjxMapBECJj+iqM8dTxoze71zPj/Pd4ySKeXLLrrMu1IbOz/To:34vhjxMapBHjvl2Txoze71zPj/Pd4y1S

authentihash 716de8defe1da841a415a24840e49435348ef16691494a0518ca9d9ec2b89e6c
imphash 9510ff1fadb140d5ef11ef34d3a1d018
File size 184.0 KB ( 188416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-10 00:05:19 UTC ( 5 months, 2 weeks ago )
Last submission 2019-01-15 01:06:36 UTC ( 4 months, 1 week ago )
File names output.114737005.txt
flashplayer31_xa_install.exe
vtahtbgc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs