× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2873febf7dc7dccbb51fd4153c24c6e0139b0350a503d0da903ef583cc61f80f
File name: .
Detection ratio: 43 / 63
Analysis date: 2019-03-03 18:23:41 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.Agent.DFAY 20190303
AhnLab-V3 Trojan/Win32.Agent.R238376 20190303
ALYac Trojan.Agent.DFAY 20190303
Antiy-AVL Trojan[Dropper]/Win32.Dapato 20190303
Arcabit Trojan.Agent.DFAY 20190303
Avast Win32:Malware-gen 20190303
AVG Win32:Malware-gen 20190303
Avira (no cloud) HEUR/AGEN.1023945 20190303
BitDefender Trojan.Agent.DFAY 20190303
CAT-QuickHeal Trojan.MauvaiseRI.S5262759 20190303
ClamAV Win.Malware.Dfay-6722806-0 20190303
Comodo TrojWare.MSIL.Aenjaris.ROC@7yvxyc 20190303
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.2d8eb3 20190109
Cyren W32/S-28f290af!Eldorado 20190303
DrWeb Trojan.MulDrop7.21252 20190303
Emsisoft Trojan.Agent.DFAY (B) 20190303
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of MSIL/Agent.ROC 20190303
F-Secure Heuristic.HEUR/AGEN.1023945 20190303
Fortinet MSIL/Agent.DFAY!tr 20190303
GData Trojan.Agent.DFAY 20190303
Ikarus Trojan.Agent 20190303
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005003531 ) 20190303
K7GW Trojan ( 005003531 ) 20190303
Kaspersky HEUR:Trojan.Win32.Generic 20190303
MAX malware (ai score=81) 20190303
McAfee GenericRXBD-AO!72E348B2D8EB 20190303
McAfee-GW-Edition BehavesLike.Win32.Generic.dh 20190303
Microsoft Trojan:MSIL/Aenjaris!rfn 20190303
eScan Trojan.Agent.DFAY 20190303
NANO-Antivirus Trojan.Win32.Mlw.fkkzve 20190303
Qihoo-360 HEUR/QVM41.1.99DD.Malware.Gen 20190303
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Troj/Agent-AZXX 20190303
Symantec W32.Styes 20190302
TheHacker Trojan/Agent.roc 20190225
VBA32 TrojanDropper.Dapato 20190301
ViRobot Trojan.Win32.Agent.265216.V 20190303
Yandex Trojan.Agent!SQR/KBn4798 20190301
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190303
AegisLab 20190303
Alibaba 20180921
Avast-Mobile 20190303
Babable 20180918
Baidu 20190215
CMC 20190303
eGambit 20190303
Jiangmin 20190303
Kingsoft 20190303
Malwarebytes 20190303
Palo Alto Networks (Known Signatures) 20190303
Panda 20190303
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TACHYON 20190303
Tencent 20190303
TotalDefense 20190303
Trapmine 20190301
Trustlook 20190303
Webroot 20190303
Zoner 20190303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-15 23:32:14
Entry Point 0x0000C150
Number of sections 5
PE sections
Overlays
MD5 f7776c347fd13b6c1c237d742b9c878b
File type data
Offset 265216
Size 1964
Entropy 3.84
PE imports
CreateToolhelp32Snapshot
GetLastError
HeapFree
GetDriveTypeW
GetFileAttributesA
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
Process32NextW
GetCurrentProcess
GetCurrentProcessId
OpenProcess
UnhandledExceptionFilter
MultiByteToWideChar
CreateDirectoryW
InterlockedCompareExchange
Process32FirstW
GetProcessHeap
CreateMutexA
WideCharToMultiByte
GetModuleFileNameW
FindNextFileW
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
FindFirstFileW
TerminateProcess
FindClose
InterlockedDecrement
Sleep
GetCurrentThreadId
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?rdbuf@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_filebuf@DU?$char_traits@D@std@@@2@XZ
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?flags@ios_base@std@@QBEHXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0@Z
?good@ios_base@std@@QBE_NXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$allocator@D@std@@QAE@XZ
?max_size@?$allocator@_W@std@@QBEIXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$allocator@_W@std@@QAE@XZ
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$_String_val@_WV?$allocator@_W@std@@@std@@IAE@V?$allocator@_W@1@@Z
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?uncaught_exception@std@@YA_NXZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?width@ios_base@std@@QBEHXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??0?$allocator@_W@std@@QAE@ABV01@@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?width@ios_base@std@@QAEHH@Z
__p__fmode
mbstowcs
__CxxRegisterExceptionObject
?what@exception@std@@UBEPBDXZ
rand
srand
_time64
__dllonexit
isdigit
_controlfp_s
remove
_invalid_parameter_noinfo
_invoke_watson
_cexit
?terminate@@YAXXZ
__CxxDetectRethrow
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??2@YAPAXI@Z
_lock
__p__commode
_onexit
_amsg_exit
_encode_pointer
_XcptFilter
exit
__setusermatherr
_decode_pointer
__CxxUnregisterExceptionObject
sprintf
_adjust_fdiv
_acmdln
__CxxQueryExceptionSize
_CxxThrowException
_ismbblead
memmove_s
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
getenv
__CxxFrameHandler3
_except_handler4_common
__FrameUnwindFilter
__getmainargs
_exit
??0exception@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
??1exception@std@@UAE@XZ
_initterm_e
wcstombs_s
??0exception@std@@QAE@ABQBD@Z
isspace
__CxxExceptionFilter
atoi
_encoded_null
_configthreadlocale
??0exception@std@@QAE@XZ
_initterm
__set_app_type
SysFreeString
VariantClear
SysAllocString
ShellExecuteW
ShellExecuteA
WSAStartup
gethostbyname
gethostname
inet_addr
_CorExeMain
URLDownloadToFileA
URLDownloadToFileW
Number of PE resources by type
RT_ICON 16
RT_GROUP_ICON 2
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 19
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:03:16 00:32:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
46080

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
218112

SubsystemVersion
5.0

EntryPoint
0xc150

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 72e348b2d8eb3c37ca76b9dee61a76ea
SHA1 a2a8f6b9533f43a57e7a10891fdc03449b775ba8
SHA256 2873febf7dc7dccbb51fd4153c24c6e0139b0350a503d0da903ef583cc61f80f
ssdeep
6144:AgJ4ZAAkqnANv494D83pJKfUyPOw7EMHHEMHc:rJ4ZAAkkANv494D83p6cMEM8

authentihash 914e4b9d47d8f66026688f16362f0802f8e792d53b63cd707d0d3e93d3c18876
imphash 5d16a5ca064737e12ecc6b154994231f
File size 260.9 KB ( 267180 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win64 Executable (generic) (50.5%)
Microsoft Visual C++ compiled executable (generic) (30.2%)
Win32 Executable (generic) (8.2%)
OS/2 Executable (generic) (3.7%)
Generic Win/DOS Executable (3.6%)
Tags
peexe assembly overlay

VirusTotal metadata
First submission 2019-03-03 18:23:41 UTC ( 1 month, 2 weeks ago )
Last submission 2019-03-03 18:23:41 UTC ( 1 month, 2 weeks ago )
File names .
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!