× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a72f4eaabf38e3cf1ed0c482c9c78e19b38489c1267ff3a0048e34fcb06178e
File name: 1ykedgiomcosymidecoul_2017-11-02_17-20.exe
Detection ratio: 16 / 68
Analysis date: 2017-11-03 00:01:49 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20171102
Avast Win32:Malware-gen 20171103
AVG Win32:Malware-gen 20171102
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9950 20171101
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20171016
Cylance Unsafe 20171103
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.FYMY 20171102
Sophos ML heuristic 20170914
McAfee Artemis!DF2A3D95CFD8 20171031
McAfee-GW-Edition Artemis!Trojan 20171102
Palo Alto Networks (Known Signatures) generic.ml 20171103
Rising Malware.Obscure/Heur!1.9E03 (CLASSIC) 20171102
Sophos AV Mal/Emotet-E 20171102
Webroot W32.Trojan.Emotet 20171103
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171103
Ad-Aware 20171102
AhnLab-V3 20171102
Alibaba 20170911
ALYac 20171102
Antiy-AVL 20171103
Arcabit 20171102
Avast-Mobile 20171102
Avira (no cloud) 20171102
AVware 20171102
BitDefender 20171102
Bkav 20171102
CAT-QuickHeal 20171102
ClamAV 20171102
CMC 20171102
Comodo 20171103
Cybereason 20171030
Cyren 20171102
DrWeb 20171102
eGambit 20171103
Emsisoft 20171102
F-Prot 20171102
F-Secure 20171102
Fortinet 20171102
GData 20171102
Ikarus 20171102
Jiangmin 20171102
K7AntiVirus 20171102
K7GW 20171102
Kaspersky 20171102
Kingsoft 20171103
Malwarebytes 20171102
MAX 20171102
Microsoft 20171102
eScan 20171102
NANO-Antivirus 20171103
nProtect 20171102
Panda 20171102
Qihoo-360 20171103
SentinelOne (Static ML) 20171019
SUPERAntiSpyware 20171102
Symantec 20171102
Symantec Mobile Insight 20171101
Tencent 20171103
TheHacker 20171102
TotalDefense 20171102
TrendMicro 20171102
TrendMicro-HouseCall 20171102
Trustlook 20171103
VBA32 20171102
VIPRE 20171102
ViRobot 20171102
WhiteArmor 20171024
Yandex 20171102
Zillya 20171102
Zoner 20171102
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017, dfghfgjhgj

File version 1.0.0.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-02 05:28:25
Entry Point 0x00009D2E
Number of sections 6
PE sections
PE imports
OpenEventLogA
GetStdHandle
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetThreadPriority
InterlockedPushEntrySList
OutputDebugStringW
FatalExit
FindClose
TlsGetValue
OutputDebugStringA
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
RaiseException
SetProcessWorkingSetSize
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateThread
SetEnvironmentVariableW
InterlockedFlushSList
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimes
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetProcessShutdownParameters
GetModuleHandleExW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetProcessIoCounters
GetDateFormatW
GetStartupInfoW
GetProcAddress
GetProcessHeap
GetTimeFormatW
FindFirstFileExA
FindNextFileW
GetProcessWorkingSetSize
FindNextFileA
IsValidLocale
FindFirstFileExW
GetUserDefaultLCID
GetProcessAffinityMask
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
CompareStringW
GetProcessTimes
GetEnvironmentStringsW
WaitForSingleObjectEx
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
ReadConsoleW
TlsFree
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
TransparentBlt
GetScrollRange
ShowScrollBar
SetScrollRange
GetPropW
WinHttpSetOption
WinHttpConnect
WinHttpReadData
WinHttpCloseHandle
WinHttpCreateUrl
WinHttpQueryDataAvailable
WinHttpWriteData
Number of PE resources by type
RT_ICON 8
RT_STRING 4
XGAPXOUJ 1
RT_BITMAP 1
VITA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH UK 5
GAELIC SCOTTISH 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
206848

EntryPoint
0x9d2e

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1

TimeStamp
2017:11:02 06:28:25+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.1

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2017, dfghfgjhgj

MachineType
Intel 386 or later, and compatibles

CodeSize
241664

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 df2a3d95cfd8358cf23eea9617e47aed
SHA1 7f979f706ba8f1af8750c82b184ff29dab438fc7
SHA256 2a72f4eaabf38e3cf1ed0c482c9c78e19b38489c1267ff3a0048e34fcb06178e
ssdeep
6144:UlHOvpKCMP81WL+R6hhagjusRsrIkRrwW8xxP1AaYrRAnZGg1ILx:UlHOvPMP81q+gfAUsrIqKFYGnZGg

authentihash 5aa4f3bb5f55f4cac80e1984f8cacea0625298056c02dac500bff69f9b363495
imphash 1511bc169536298b9c1e2ec172c57824
File size 404.0 KB ( 413696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-02 21:17:09 UTC ( 1 year, 3 months ago )
Last submission 2018-05-15 05:55:02 UTC ( 9 months, 1 week ago )
File names 1ykedgiomcosymidecoul_2017-11-02_17-20.exe
output.112408796.txt
DF2A3D95CFD8358CF23EEA9617E47AED.exe
test (57).exe
output.112408719.txt
1ykedgiomcosymidecoul_2017-11-02_17-20.exe
1ykedgiomcosymidecoul_2017-11-02_17-20.jpg
df2a3d95cfd8358cf23eea9617e47aed.exe
1ykedgiomcosymidecoul_2017-11-02_17-20.exe
VirusShare_df2a3d95cfd8358cf23eea9617e47aed
df2a3d95cfd8358cf23eea9617e47aed.exe
test (1470).exe
1ykedgiomcosymidecoul_2017-11-02_17-20.exe
1ykedgiomcosymidecoul_2017-11-02_17-20.exe
1ykedgiomcosymidecoul_2017-11-02_17-20.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications