× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2b3bbb98c8afaadeb2357eb40bc347b80d39bff2e082d839760c16e9629b29ad
File name: zbetcheckin_tracker_p.exe
Detection ratio: 32 / 68
Analysis date: 2018-09-09 17:04:56 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab Packer.W32.Hrup.lzG3 20180909
AhnLab-V3 Malware/Win32.Generic.C2419917 20180909
Antiy-AVL Worm/Win32.AGeneric 20180906
Avast Win32:Malware-gen 20180909
AVG Win32:Malware-gen 20180909
Avira (no cloud) TR/ATRAPS.Gen 20180909
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180906
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.09f9d5 20180225
Cylance Unsafe 20180909
Cyren W32/Genome.I.gen!Eldorado 20180909
DrWeb Trojan.DownLoader26.64732 20180909
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Phorpiex.H 20180909
F-Prot W32/Genome.I.gen!Eldorado 20180909
Fortinet W32/Phorpiex.H!worm 20180909
Sophos ML heuristic 20180717
Jiangmin Worm.Generic.ela 20180909
K7AntiVirus Trojan ( 0052c0b31 ) 20180909
K7GW Trojan ( 0052c0b31 ) 20180909
Kaspersky HEUR:Worm.Win32.Generic 20180909
Microsoft Trojan:Win32/Cloxer.D!cl 20180909
NANO-Antivirus Trojan.Win32.Phorpiex.fhdepu 20180909
Panda Trj/GdSda.A 20180909
Qihoo-360 HEUR/QVM07.1.C105.Malware.Gen 20180909
Rising Worm.Phorpiex!8.48D (RDM+:cmRtazpkqK7Fo3XsNHiJBY+oZkbF) 20180909
Symantec ML.Attribute.HighConfidence 20180908
TrendMicro Mal_DLDER 20180909
TrendMicro-HouseCall Mal_DLDER 20180909
VBA32 BScope.Trojan.Zonidel 20180907
Webroot W32.Trojan.Gen 20180909
ZoneAlarm by Check Point HEUR:Worm.Win32.Generic 20180909
Ad-Aware 20180909
Alibaba 20180713
ALYac 20180909
Arcabit 20180909
Avast-Mobile 20180909
AVware 20180909
Babable 20180907
BitDefender 20180909
Bkav 20180906
CAT-QuickHeal 20180909
ClamAV 20180909
CMC 20180908
Comodo 20180909
eGambit 20180909
Emsisoft 20180909
F-Secure 20180909
GData 20180909
Ikarus 20180909
Kingsoft 20180909
Malwarebytes 20180909
MAX 20180909
McAfee 20180909
McAfee-GW-Edition 20180909
eScan 20180909
Palo Alto Networks (Known Signatures) 20180909
SentinelOne (Static ML) 20180830
Sophos AV 20180909
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180905
TACHYON 20180909
Tencent 20180909
TheHacker 20180907
TotalDefense 20180909
Trustlook 20180909
VIPRE 20180909
ViRobot 20180909
Yandex 20180908
Zillya 20180908
Zoner 20180908
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-09-09 16:17:21
Entry Point 0x000026F2
Number of sections 4
PE sections
Overlays
MD5 1074b6f3fea1bb0324f7da2bb580f657
File type ASCII text
Offset 14848
Size 113300
Entropy 3.31
PE imports
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
CreateMutexA
GetStartupInfoA
CopyFileW
Sleep
CreateThread
GetLocaleInfoA
CreateFileW
GetModuleHandleA
GetModuleFileNameW
GetLastError
WaitForSingleObject
CreateProcessW
WriteFile
ExitProcess
CloseHandle
SetFileAttributesW
DeleteFileW
CreateDirectoryW
GetTickCount
ExpandEnvironmentStringsW
ExitThread
strncmp
__p__fmode
malloc
rand
memset
strcat
_snwprintf
_controlfp
strlen
strncpy
_except_handler3
strtok
wcslen
wcscmp
exit
_XcptFilter
_snprintf
__setusermatherr
_adjust_fdiv
_acmdln
srand
__p__commode
__getmainargs
_initterm
strstr
memmove
strchr
wcsstr
_exit
strcmp
__set_app_type
SHGetFolderPathW
Ord(680)
PathFileExistsW
PathFindFileNameA
wsprintfA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlW
InternetOpenW
socket
recv
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
connect
htons
closesocket
select
URLDownloadToFileW
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:09:09 18:17:21+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
6656

LinkerVersion
9.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x26f2

InitializedDataSize
10240

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 26d6f6909f9d56e1bd3d3239d1dd81ac
SHA1 f5c4cacc5c7e805564985807219146b38c7987cc
SHA256 2b3bbb98c8afaadeb2357eb40bc347b80d39bff2e082d839760c16e9629b29ad
ssdeep
384:ohFTp741BLapXNX7s7wjmwh5v9C1rUH8u9E0DW:oh3741BLU47wDhUrUcu2

authentihash d685c7e5a90bad70ecf9ad3c624bb499a0cb287d5ec0216b0e0f2e688a9f1559
imphash 5ea9272a10231aed317d4c6e75f1d641
File size 125.1 KB ( 128148 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
suspicious-dns peexe nxdomain overlay

VirusTotal metadata
First submission 2018-09-09 17:04:56 UTC ( 7 months, 1 week ago )
Last submission 2018-09-09 17:04:56 UTC ( 7 months, 1 week ago )
File names zbetcheckin_tracker_p.exe
winupdmgr32.exe
p.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests