× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ed42de1320134cfaafb1670aaf7814646214bc1155b9b33a1ebc561f1aec996
File name: output.90701528.txt
Detection ratio: 43 / 68
Analysis date: 2018-06-12 16:05:49 UTC ( 11 months, 2 weeks ago ) View latest
Antivirus Result Update
AegisLab Troj.PSW32.W.Delf.fpg!c 20180612
AhnLab-V3 Trojan/Win32.Downloader.C820 20180612
Antiy-AVL Trojan[PSW]/Win32.Delf 20180612
Avast Win32:Malware-gen 20180612
AVG Win32:Malware-gen 20180612
Avira (no cloud) TR/Obfuscated.C.59 20180612
AVware Packed.Win32.Upack (v) 20180612
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9828 20180612
CAT-QuickHeal W32.Viking.gen 20180612
ClamAV Win.Trojan.Sality-77168 20180612
Comodo Packed.Win32.Klone.~KMG 20180612
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.20255b 20180225
Cylance Unsafe 20180612
Cyren W32/Agent.I.gen!Eldorado 20180612
DrWeb Trojan.PWS.Siggen.17990 20180612
Endgame malicious (high confidence) 20180612
F-Prot W32/Heuristic-162!Eldorado 20180612
Ikarus Virus.Win32.Sality 20180612
Sophos ML heuristic 20180601
Jiangmin Trojan/PSW.Delf.epv 20180612
K7AntiVirus Trojan ( 003b1b581 ) 20180612
K7GW Trojan ( 003b1b581 ) 20180612
MAX malware (ai score=98) 20180612
McAfee RDN/Generic PWS.y 20180612
McAfee-GW-Edition RDN/Generic PWS.y 20180612
Microsoft Trojan:Win32/Dynamer!ac 20180612
NANO-Antivirus Trojan.Win32.Delf.kxluc 20180612
Panda Trj/CI.A 20180612
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-BW 20180612
Symantec Infostealer.Bancos 20180612
TACHYON Trojan/W32.Agent.223256.B 20180612
Tencent Win32.Trojan.Xed.Wskd 20180612
TheHacker W32/Behav-Heuristic-060 20180608
TrendMicro Cryp_Xed-12 20180612
TrendMicro-HouseCall Cryp_Xed-12 20180612
VBA32 TrojanPSW.Delf 20180612
VIPRE Packed.Win32.Upack (v) 20180612
ViRobot Trojan.Win32.S.Downloader.223256 20180612
Webroot Vir.Tool.Gen 20180612
Yandex Trojan.PWS.Agent!blREwwZwLJk 20180609
Zillya Trojan.Delf.Win32.29588 20180612
Ad-Aware 20180612
Alibaba 20180612
ALYac 20180612
Arcabit 20180612
Avast-Mobile 20180612
Babable 20180406
BitDefender 20180612
Bkav 20180612
CMC 20180612
eGambit 20180612
Emsisoft 20180612
ESET-NOD32 20180612
F-Secure 20180612
Fortinet 20180612
GData 20180612
Kaspersky 20180612
Kingsoft 20180612
Malwarebytes 20180612
eScan 20180612
Palo Alto Networks (Known Signatures) 20180612
Qihoo-360 20180612
Rising 20180612
SUPERAntiSpyware 20180612
Symantec Mobile Insight 20180605
TotalDefense 20180612
Trustlook 20180612
ZoneAlarm by Check Point 20180612
Zoner 20180611
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command UPack
F-PROT UPack
PEiD WinUpack v0.39 final (relocated image base) -> By Dwing (c)2005 (h2)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 01:08:16
Entry Point 0x000C7324
Number of sections 2
PE sections
PE imports
LoadLibraryA
GetProcAddress
Number of PE resources by type
RT_STRING 17
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_DIALOG 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 46
CHINESE SIMPLIFIED 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1970:01:01 02:08:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
431616

LinkerVersion
0.58

FileTypeExtension
exe

InitializedDataSize
115712

SubsystemVersion
4.0

EntryPoint
0xc7324

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 db5f26c7845ebb89cab78d51acbf9bd5
SHA1 44a44f320255baab88140f78b834f3a43456c2d9
SHA256 2ed42de1320134cfaafb1670aaf7814646214bc1155b9b33a1ebc561f1aec996
ssdeep
3072:N26HSU/TRR7fmEuP0EhZxOYrfRN3sjRc+6Pr+iai01tqYP/57zSA7GTJJwZ/5F:NNHvR7OpphsjRcXP6Ttqw/9Ogh1n

authentihash 6b2153f3f2a11f80e35d6815e4b5c783665d98b209f7bc7e053677a418e2a146
imphash 87bed5a7cba00c7e1f4015f1bdae2183
File size 218.0 KB ( 223256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID DOS Executable Generic (100.0%)
Tags
peexe upack

VirusTotal metadata
First submission 2008-10-02 11:13:22 UTC ( 10 years, 7 months ago )
Last submission 2018-06-12 16:05:49 UTC ( 11 months, 2 weeks ago )
File names HMM5_Editor.exe
terIvzYsgb.com
output.92432575.txt
aa
output.90701528.txt
output.95217701.txt
db5f26c7845ebb89cab78d51acbf9bd5.vir
yxwdwdxgq.exe
file-2162809_exe
db5f26c7845ebb89cab78d51acbf9bd5
yxwdwdxgq.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0502.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications