× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2aff09c0f82dea9c7e26d87492649b74938665b5efbdaafbd052076ddd66eb0a
File name: .
Detection ratio: 41 / 63
Analysis date: 2019-03-03 18:24:16 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Gen:Variant.Ulise.24908 20190303
AhnLab-V3 Trojan/Win32.Yakes.R251074 20190303
ALYac Gen:Variant.Ulise.24908 20190303
Antiy-AVL Trojan/Win32.TSGeneric 20190303
Arcabit Trojan.Ulise.D614C 20190303
Avast Win32:Malware-gen 20190303
AVG Win32:Malware-gen 20190303
BitDefender Gen:Variant.Ulise.24908 20190303
CAT-QuickHeal Trojan.Mauvaise.SL1 20190303
ClamAV Win.Malware.Zusy-6717397-0 20190303
Comodo Worm.Win32.Dropper.RA@1qraug 20190303
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.e5ec38 20190109
Cyren W32/S-507585db!Eldorado 20190303
DrWeb Trojan.Siggen8.10513 20190303
eGambit Unsafe.AI_Score_57% 20190303
Emsisoft Gen:Variant.Ulise.24908 (B) 20190303
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Packed.FlyStudio.AA potentially unwanted 20190303
Fortinet W32/Yakes.TCFL!tr 20190303
GData Win32.Trojan.FlyStudio.F 20190303
Sophos ML heuristic 20181128
Jiangmin Trojan/Gimemo.hbj 20190303
K7AntiVirus Trojan ( 005246d51 ) 20190303
K7GW Trojan ( 004b8c791 ) 20190303
Kaspersky Trojan.Win32.Yakes.tcfl 20190303
MAX malware (ai score=80) 20190303
McAfee-GW-Edition BehavesLike.Win32.Generic.th 20190303
Microsoft Trojan:Win32/Fuery.C!cl 20190303
eScan Gen:Variant.Ulise.24908 20190303
NANO-Antivirus Trojan.Win32.Rundas.ekdvti 20190303
Panda Trj/GdSda.A 20190303
Qihoo-360 HEUR/QVM07.1.99DD.Malware.Gen 20190303
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Troj/Agent-BAMT 20190303
Symantec SMG.Heur!gen 20190302
Trapmine malicious.moderate.ml.score 20190301
VBA32 BScope.Adware.Agent 20190301
Webroot W32.Yakes.tcfl 20190303
ZoneAlarm by Check Point Trojan.Win32.Yakes.tcfl 20190303
AegisLab 20190303
Alibaba 20180921
Avast-Mobile 20190303
Avira (no cloud) 20190303
Babable 20180918
Baidu 20190215
CMC 20190303
F-Secure 20190303
Ikarus 20190303
Kingsoft 20190303
Malwarebytes 20190303
McAfee 20190303
Palo Alto Networks (Known Signatures) 20190303
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TACHYON 20190303
Tencent 20190303
TheHacker 20190225
TotalDefense 20190303
Trustlook 20190303
ViRobot 20190303
Yandex 20190301
Zoner 20190303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-13 05:02:44
Entry Point 0x0007C0CA
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
SetSecurityDescriptorDacl
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
InitializeSecurityDescriptor
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
Ord(17)
ImageList_Destroy
CreatePolygonRgn
SetROP2
SetMapMode
GetSystemPaletteEntries
SetBkMode
PatBlt
GetClipBox
CreatePen
GetBkMode
SaveDC
TextOutA
LineTo
GetTextMetricsA
FillRgn
CreateRectRgnIndirect
LPtoDP
CombineRgn
SetStretchBltMode
GetROP2
GetWindowExtEx
PathToRegion
GetViewportOrgEx
SelectPalette
SelectObject
Rectangle
GetObjectA
GetDeviceCaps
ExcludeClipRect
CreateCompatibleDC
DeleteDC
RestoreDC
GetMapMode
GetWindowOrgEx
OffsetViewportOrgEx
SetViewportExtEx
EndDoc
CreateSolidBrush
StartPage
BitBlt
GetStretchBltMode
RealizePalette
SetTextColor
StartDocA
GetCurrentObject
MoveToEx
CreateEllipticRgn
CreateDCA
CreateBitmap
RectVisible
CreatePalette
GetStockObject
CreateDIBitmap
GetPolyFillMode
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
GetDIBits
ExtSelectClipRgn
CreateRoundRectRgn
SelectClipRgn
RoundRect
StretchBlt
GetBkColor
ScaleViewportExtEx
EndPage
CreateRectRgn
CreateFontIndirectA
GetClipRgn
GetTextExtentPoint32A
SetPolyFillMode
CreateCompatibleBitmap
SetWindowExtEx
GetTextColor
SetWindowOrgEx
DPtoLP
SetViewportOrgEx
Escape
GetViewportExtEx
BeginPath
DeleteObject
Ellipse
EndPath
GetStdHandle
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
IsBadCodePtr
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
OpenFileMappingA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
MoveFileA
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
GetEnvironmentVariableA
GlobalFindAtomA
ExitProcess
GetVersionExA
GetModuleFileNameA
FreeLibrary
GetVolumeInformationA
SetHandleCount
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
CreateSemaphoreA
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
CreateToolhelp32Snapshot
HeapFree
EnterCriticalSection
OpenProcess
lstrcmpiA
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
Process32Next
GlobalSize
GetStartupInfoA
UnlockFile
GetFileSize
LCMapStringW
Process32First
DeleteFileA
GetWindowsDirectoryA
WaitForMultipleObjects
GetProcessHeap
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
DuplicateHandle
ExpandEnvironmentStringsA
GetTimeZoneInformation
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LocalReAlloc
GlobalDeleteAtom
HeapCreate
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
WinExec
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetVersion
CreateProcessA
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
VariantChangeType
SafeArrayGetDim
VariantTimeToSystemTime
SysStringLen
UnRegisterTypeLib
SysAllocStringLen
RegisterTypeLib
SafeArrayUnaccessData
OleCreateFontIndirect
VariantClear
SysAllocString
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayCreate
VariantCopy
SafeArrayGetElemsize
SafeArrayGetLBound
LoadTypeLib
SysFreeString
SysAllocStringByteLen
ShellExecuteA
SHGetSpecialFolderPathA
Shell_NotifyIconA
RedrawWindow
GetMessagePos
SetWindowRgn
SetMenuItemBitmaps
DestroyWindow
MoveWindow
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
GetNextDlgTabItem
IsWindow
DispatchMessageA
ScreenToClient
ScrollWindowEx
GrayStringA
WindowFromPoint
GetMessageTime
CallNextHookEx
SetActiveWindow
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
SetWindowContextHelpId
SetScrollPos
LoadIconA
GetWindowTextLengthA
CopyAcceleratorTableA
GetTopWindow
LoadImageA
GetActiveWindow
GetWindowTextA
PtInRect
GetMessageA
GetParent
UpdateWindow
SetPropA
EqualRect
GetMenuState
ShowWindow
DrawFrameControl
GetNextDlgGroupItem
CreateIconFromResourceEx
EnableWindow
MapWindowPoints
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
SetParent
SetClipboardData
IsZoomed
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetWindowLongA
SetTimer
FillRect
CopyRect
WaitForInputIdle
GetSysColorBrush
ReleaseDC
EndPaint
CreateAcceleratorTableA
IsChild
IsDialogMessageA
SetFocus
CreateWindowExA
DrawEdge
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
IntersectRect
SetWindowLongA
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
CreateMenu
GetDlgItem
GetMenuCheckMarkDimensions
ClientToScreen
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
EnumDisplaySettingsA
SetWindowsHookExA
GetMenuItemCount
DestroyAcceleratorTable
ValidateRect
CreateIconFromResource
GetSystemMenu
GetMenuItemID
SetForegroundWindow
PostThreadMessageA
OpenClipboard
EmptyClipboard
ChildWindowFromPointEx
GetScrollRange
EndDialog
CharNextA
GetCapture
FindWindowA
MessageBeep
GetWindowThreadProcessId
AppendMenuA
GetPropA
SetMenu
RegisterClipboardFormatA
SetRectEmpty
CallWindowProcA
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
DestroyIcon
IsWindowVisible
GetDesktopWindow
SetCursorPos
WinHelpA
SetRect
DeleteMenu
InvalidateRect
wsprintfA
DrawTextA
SetWindowTextA
TranslateAcceleratorA
IsRectEmpty
GetClassNameA
GetFocus
CloseClipboard
ModifyMenuA
UnhookWindowsHookEx
SetCursor
waveOutReset
waveOutOpen
midiStreamProperty
waveOutClose
midiOutPrepareHeader
waveOutUnprepareHeader
waveOutPause
waveOutGetNumDevs
waveOutPrepareHeader
midiStreamOpen
midiStreamOut
midiStreamStop
waveOutWrite
midiStreamRestart
midiOutUnprepareHeader
midiOutReset
midiStreamClose
OpenPrinterA
DocumentPropertiesA
ClosePrinter
htonl
accept
ioctlsocket
WSAStartup
connect
getsockname
htons
getpeername
select
gethostname
closesocket
inet_addr
send
ntohs
listen
__WSAFDIsSet
WSAAsyncSelect
gethostbyname
inet_ntoa
WSACleanup
recv
socket
bind
recvfrom
sendto
GetOpenFileNameA
ChooseColorA
GetFileTitleA
GetSaveFileNameA
OleUninitialize
CLSIDFromString
StgCreateDocfileOnILockBytes
CoRevokeClassObject
OleFlushClipboard
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoFreeUnusedLibraries
CoGetClassObject
CoRegisterMessageFilter
OleIsCurrentClipboard
OleInitialize
CoTaskMemFree
CreateILockBytesOnHGlobal
CoTaskMemAlloc
Number of PE resources by type
RT_BITMAP 14
RT_STRING 11
RT_DIALOG 10
RT_CURSOR 4
RT_GROUP_CURSOR 3
RT_ICON 3
TEXTINCLUDE 3
RT_GROUP_ICON 3
RT_MENU 2
RT_HTML 1
RT_MANIFEST 1
Number of PE resources by language
CHINESE SIMPLIFIED 51
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:10:13 07:02:44+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
647168

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
585728

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x7c0ca

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 56ea2bfe5ec3859f28d7c89215ab84a6
SHA1 5cd8d22738777110276d611dca77b1a6873254bd
SHA256 2aff09c0f82dea9c7e26d87492649b74938665b5efbdaafbd052076ddd66eb0a
ssdeep
24576:BNH7c/Vo/e0zkSjPoGJdZheHDkzSjb7e62ucyFFEFt:BJ4/gkSZdiwSj+jEEFt

authentihash c947fe10dd8decbde19f2b2cf70e85b96469655c63bfd55507f84a0bbc6e6c15
imphash acad243a12d9f5e7ac7dfc0329860e82
File size 1.2 MB ( 1236992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (19.6%)
Win64 Executable (generic) (17.3%)
UPX compressed Win32 Executable (16.9%)
Win32 EXE Yoda's Crypter (16.6%)
Microsoft Visual C++ compiled executable (generic) (10.3%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-03 18:24:16 UTC ( 1 month, 2 weeks ago )
Last submission 2019-03-03 18:24:16 UTC ( 1 month, 2 weeks ago )
File names .
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs