× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 27a36aaa4a6a1325b299e74a6f8656f99fb280b776de0236a722d39871270a11
File name: fsrtat.exe
Detection ratio: 48 / 63
Analysis date: 2017-07-13 14:50:45 UTC ( 1 year, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5566990 20170713
AegisLab Ml.Attribute.Gen!c 20170713
AhnLab-V3 Trojan/Win32.Crypt.R203861 20170713
ALYac Backdoor.Agent.Trickbot 20170713
Antiy-AVL Trojan/Win32.Trickster 20170713
Arcabit Trojan.Generic.D54F20E 20170713
Avast Win32:Malware-gen 20170713
AVG Win32:Malware-gen 20170713
Avira (no cloud) TR/Crypt.Xpack.ouvrg 20170713
AVware Trojan.Win32.Generic!BT 20170713
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170713
BitDefender Trojan.GenericKD.5566990 20170713
CAT-QuickHeal Trojan.Trickster 20170713
Comodo UnclassifiedMalware 20170713
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170710
Cyren W32/Trojan.KWNK-5578 20170713
DrWeb Trojan.Siggen7.23701 20170713
Emsisoft Trojan.GenericKD.5566990 (B) 20170713
Endgame malicious (high confidence) 20170706
ESET-NOD32 Win32/TrickBot.O 20170713
F-Secure Trojan.GenericKD.5566990 20170713
GData Trojan.GenericKD.5566990 20170713
Ikarus Trojan-Banker.TrickBot 20170713
Sophos ML heuristic 20170607
K7AntiVirus Trojan ( 0050e59b1 ) 20170713
K7GW Trojan ( 0050e59b1 ) 20170713
Kaspersky Trojan.Win32.Trickster.mv 20170713
Malwarebytes Spyware.TrickBot 20170713
MAX malware (ai score=82) 20170713
McAfee Artemis!5C6E5F53EC91 20170713
McAfee-GW-Edition BehavesLike.Win32.Upatre.fc 20170713
Microsoft Trojan:Win32/Totbrick!rfn 20170713
eScan Trojan.GenericKD.5566990 20170713
NANO-Antivirus Trojan.Win32.GenKryptik.eqqspt 20170713
nProtect Trojan/W32.Trickster.408064 20170713
Panda Trj/GdSda.A 20170713
Qihoo-360 Win32/Trojan.de7 20170713
Rising Trojan.GenKryptik!8.AA55 (cloud:StM3sm779QE) 20170713
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Troj/Trickbot-K 20170713
Symantec Trojan.Gen.2 20170713
Tencent Win32.Trojan.Trickster.Sxow 20170713
VIPRE Trojan.Win32.Generic!BT 20170713
ViRobot Trojan.Win32.Agent.408064.K 20170713
Webroot W32.Trojan.Gen 20170713
Yandex Trojan.Trickster! 20170712
Zillya Trojan.Trickster.Win32.148 20170713
ZoneAlarm by Check Point Trojan.Win32.Trickster.mv 20170713
Alibaba 20170713
Bkav 20170713
ClamAV 20170713
CMC 20170713
Cylance 20170713
F-Prot 20170713
Fortinet 20170629
Jiangmin 20170713
Kingsoft 20170713
Palo Alto Networks (Known Signatures) 20170713
SUPERAntiSpyware 20170713
Symantec Mobile Insight 20170713
TheHacker 20170712
TotalDefense 20170713
TrendMicro-HouseCall 20170713
Trustlook 20170713
VBA32 20170713
WhiteArmor 20170713
Zoner 20170713
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-03-09 16:41:43
Entry Point 0x00001590
Number of sections 3
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitCommonControlsEx
GetLastError
lstrlenA
lstrcmpA
GetModuleHandleA
lstrcatA
GetCommandLineW
GetCurrentDirectoryA
ExitProcess
GetStartupInfoA
HeapAlloc
CreateFileA
GetCommandLineA
lstrcmpW
lstrlenW
GetProcessHeap
CommandLineToArgvW
GetMessageA
GetScrollRange
LoadBitmapW
MoveWindow
PostQuitMessage
DefWindowProcA
LoadMenuW
SetWindowPos
SetWindowLongW
DispatchMessageA
LoadCursorW
MessageBoxA
TranslateMessage
SetDlgItemTextW
RegisterClassExA
GetCursorPos
ReleaseDC
EndDeferWindowPos
ShowCaret
SendMessageW
wsprintfW
SendMessageA
LoadStringW
SetWindowTextW
GetScrollPos
GetClassNameW
LoadAcceleratorsA
CreateWindowExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
LockWindowUpdate
GetActiveWindow
DestroyWindow
Number of PE resources by type
RT_BITMAP 3
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
Number of PE resources by language
FINNISH DEFAULT 9
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:03:09 17:41:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
115200

LinkerVersion
6.0

EntryPoint
0x1590

InitializedDataSize
291840

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 5c6e5f53ec911b79bea3172c967442d5
SHA1 532abffdeb4332f6d46d12fce18111654a9c0775
SHA256 27a36aaa4a6a1325b299e74a6f8656f99fb280b776de0236a722d39871270a11
ssdeep
6144:/fzrBM+g2N8rlPMQ0bca5T8rhC7liIqyPLdUeqwnZlARPN:/fhMi2r2z18rktqOhUUAL

authentihash b3069bdba81f8b9ad0cd543b4c235d9545e151b396808227f38ca77c010bffb0
imphash 5ff0bb2ddab6d7b06b94f70a6d129129
File size 398.5 KB ( 408064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-07-05 10:57:00 UTC ( 1 year, 8 months ago )
Last submission 2017-07-05 14:12:41 UTC ( 1 year, 8 months ago )
File names fsrtat.exe
gtsubu.exe
fsrtat.exe
fsrtat.exe
gtsubu.exe
fsrtat.exe
fsrtat.exe
fsrtat.exe
trickbot
fsrtat.exe
gtsubu.exe
sergollinhols.png
gtsubu.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications