× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2c34888b579bfe9598f5ab006346ce318ece71375b4deed4a5baf46aa867f274
File name: xOiBkxTncJ2.exe
Detection ratio: 10 / 67
Analysis date: 2017-12-20 12:06:05 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171219
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20171016
Cylance Unsafe 20171220
Endgame malicious (high confidence) 20171130
Sophos ML heuristic 20170914
Kaspersky HEUR:Trojan.Win32.Generic 20171220
McAfee-GW-Edition BehavesLike.Win32.Generic.dh 20171220
Qihoo-360 HEUR/QVM10.1.F8BA.Malware.Gen 20171220
Rising Malware.Obscure/Heur!1.A89E (CLASSIC) 20171220
Tencent Suspicious.Heuristic.Gen.b.0 20171220
Ad-Aware 20171220
AegisLab 20171220
AhnLab-V3 20171220
Alibaba 20171220
ALYac 20171220
Antiy-AVL 20171220
Arcabit 20171220
Avast 20171220
Avast-Mobile 20171220
AVG 20171220
Avira (no cloud) 20171220
AVware 20171220
BitDefender 20171220
Bkav 20171220
CAT-QuickHeal 20171219
ClamAV 20171220
CMC 20171218
Comodo 20171220
Cybereason 20171103
Cyren 20171220
DrWeb 20171220
eGambit 20171220
Emsisoft 20171220
ESET-NOD32 20171220
F-Prot 20171220
F-Secure 20171220
Fortinet 20171220
GData 20171220
Ikarus 20171220
Jiangmin 20171220
K7AntiVirus 20171220
K7GW 20171220
Kingsoft 20171220
Malwarebytes 20171220
MAX 20171220
McAfee 20171220
Microsoft 20171220
eScan 20171220
NANO-Antivirus 20171220
nProtect 20171220
Palo Alto Networks (Known Signatures) 20171220
Panda 20171219
SentinelOne (Static ML) 20171207
Sophos AV 20171220
SUPERAntiSpyware 20171220
Symantec 20171220
Symantec Mobile Insight 20171220
TheHacker 20171219
TotalDefense 20171220
TrendMicro 20171220
TrendMicro-HouseCall 20171220
Trustlook 20171220
VBA32 20171219
VIPRE 20171220
ViRobot 20171220
WhiteArmor 20171204
Yandex 20171219
Zillya 20171219
ZoneAlarm by Check Point 20171220
Zoner 20171220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-20 03:56:06
Entry Point 0x00002B14
Number of sections 5
PE sections
PE imports
SetSecurityDescriptorControl
OpenEventLogW
InitiateSystemShutdownA
GetUserNameA
LookupPrivilegeNameW
StretchBlt
FillPath
AreFileApisANSI
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetProcessAffinityMask
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
SetProcessShutdownParameters
TlsAlloc
VirtualProtect
FlushFileBuffers
GetModuleFileNameA
HeapSize
RtlUnwind
GetProcessId
DeleteCriticalSection
SetProcessWorkingSetSize
GetStartupInfoW
GetWindowsDirectoryW
GetConsoleMode
DecodePointer
GetCurrentProcessId
LCMapStringW
UnhandledExceptionFilter
GetCPInfo
GetCommProperties
LoadLibraryExW
MultiByteToWideChar
GetAtomNameW
SetFilePointerEx
GetFileInformationByHandle
GetCommandLineA
GetProcAddress
AddAtomW
EncodePointer
GetProcessHeap
SetStdHandle
RaiseException
GetFileSizeEx
WideCharToMultiByte
TlsFree
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
ReadFile
SetUnhandledExceptionFilter
GetTempPathW
GetCurrentProcess
CloseHandle
IsProcessorFeaturePresent
GetProcessWorkingSetSize
GetThreadTimes
GetSystemTimes
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetThreadPriority
ReadConsoleW
GetSystemTimeAdjustment
GetFileType
TerminateProcess
GetLongPathNameW
GetProcessHandleCount
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
WriteFile
CreateFileW
GlobalAlloc
GetEnvironmentStringsW
TlsGetValue
Sleep
SetLastError
SetEndOfFile
TlsSetValue
HeapAlloc
GetCurrentThreadId
WriteConsoleW
LeaveCriticalSection
GradientFill
GetPropA
EnableScrollBar
SetScrollRange
SetPropW
Number of PE resources by type
RT_ICON 14
RT_STRING 4
RT_BITMAP 2
RT_GROUP_ICON 2
RT_DIALOG 1
RT_GROUP_CURSOR 1
VYCINCEBV 1
RT_CURSOR 1
Number of PE resources by language
NEUTRAL 26
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:12:20 04:56:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
68608

LinkerVersion
12.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x2b14

InitializedDataSize
1188352

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 7b65b6bdd6866345d6f9d0e18a0dcbc9
SHA1 fe3fdda918a3db1b17fc48716b574356700d5fc0
SHA256 2c34888b579bfe9598f5ab006346ce318ece71375b4deed4a5baf46aa867f274
ssdeep
3072:93VrTNNer1tXqjkJ+G0vskV+Rr/wtBMHD4C6S7FSrK3xn9j0J:tV/MvJaL+lItqISxMGxh0

authentihash d1e64bbcb4705ab3e8a65fa0499fc5ee2ea994f41d3a09002c28b14eb07d1c98
imphash c8ee3bb1b2f301fb2e1e3d672b92a662
File size 220.0 KB ( 225280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-20 12:06:05 UTC ( 1 year, 4 months ago )
Last submission 2018-08-27 21:03:35 UTC ( 7 months, 4 weeks ago )
File names js payload
FILE_17.3
C__Users_User_AppData_Local_Temp_rmoweCj2.exe
KJedg376t2.exe
xOiBkxTncJ2.exe
KJedg376t2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Runtime DLLs
UDP communications