× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f1d5ee1a59e811a00925fa6a5c0612095e20d617d0510118d8ac0fbca585fe0
File name: 2001.exe
Detection ratio: 35 / 71
Analysis date: 2019-03-08 16:22:23 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Gen:Trojan.Heur2.LPTymHfbaEEIhgib 20190308
AhnLab-V3 Trojan/Win32.Trojanspy.R258190 20190308
Arcabit Trojan.Heur2.LPTymHfbaEEIhgib 20190308
Avast Win32:Malware-gen 20190308
AVG Win32:Malware-gen 20190308
Avira (no cloud) HEUR/AGEN.1032796 20190308
BitDefender Gen:Trojan.Heur2.LPTymHfbaEEIhgib 20190308
ClamAV Win.Malware.Score-6881383-0 20190308
CrowdStrike Falcon (ML) win/malicious_confidence_90% (D) 20190212
Cybereason malicious.717af9 20190109
Cylance Unsafe 20190308
eGambit Unsafe.AI_Score_53% 20190308
Emsisoft Gen:Trojan.Heur2.LPTymHfbaEEIhgib (B) 20190308
Endgame malicious (moderate confidence) 20190215
ESET-NOD32 a variant of Win32/Injector.EEBZ 20190308
F-Secure Heuristic.HEUR/AGEN.1032796 20190308
Fortinet W32/Agent.726E!tr 20190308
GData Gen:Trojan.Heur2.LPTymHfbaEEIhgib 20190308
Ikarus Trojan-Spy.HawkEye 20190308
K7AntiVirus Riskware ( 0040eff71 ) 20190308
K7GW Riskware ( 0040eff71 ) 20190308
Kaspersky HEUR:Trojan.Win32.Kryptik.gen 20190308
MAX malware (ai score=89) 20190308
McAfee Fareit-FKV!62E26CCF41C4 20190308
McAfee-GW-Edition Fareit-FKV!62E26CCF41C4 20190308
eScan Gen:Trojan.Heur2.LPTymHfbaEEIhgib 20190308
NANO-Antivirus Trojan.Win32.GenKryptik.fntpqn 20190308
Rising Downloader.Wauchos!8.D9/N3#97% (RDM+:cmRtazpDr5yliHhNnP3Si+Ib2exr) 20190308
SentinelOne (Static ML) static engine - malicious 20190203
Symantec ML.Attribute.HighConfidence 20190308
Trapmine malicious.high.ml.score 20190301
TrendMicro TrojanSpy.Win32.LOKI.SMD1.hp 20190308
TrendMicro-HouseCall TrojanSpy.Win32.LOKI.SMD1.hp 20190308
ZoneAlarm by Check Point HEUR:Trojan.Win32.Kryptik.gen 20190308
AegisLab 20190308
Alibaba 20190306
ALYac 20190308
Antiy-AVL 20190308
Avast-Mobile 20190308
Babable 20180918
Baidu 20190306
Bkav 20190308
CAT-QuickHeal 20190308
CMC 20190308
Comodo 20190308
Cyren 20190308
DrWeb 20190308
F-Prot 20190308
Sophos ML 20181128
Jiangmin 20190308
Kingsoft 20190308
Malwarebytes 20190308
Microsoft 20190307
Palo Alto Networks (Known Signatures) 20190308
Panda 20190308
Qihoo-360 20190308
Sophos AV 20190308
SUPERAntiSpyware 20190307
Symantec Mobile Insight 20190220
TACHYON 20190308
Tencent 20190308
TheHacker 20190304
TotalDefense 20190308
Trustlook 20190308
VBA32 20190307
VIPRE 20190308
ViRobot 20190308
Webroot 20190308
Yandex 20190306
Zillya 20190307
Zoner 20190308
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-04-26 00:27:40
Entry Point 0x000D2F80
Number of sections 3
PE sections
Overlays
MD5 bf619eac0cdf3f68d496ea9344137e8b
File type ASCII text
Offset 403968
Size 512
Entropy 0.00
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
OleDraw
VariantCopy
VerQueryValueA
Number of PE resources by type
RT_RCDATA 38
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_DIALOG 1
RT_ICON 1
RT_MESSAGETABLE 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 38
NEUTRAL 18
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:04:25 17:27:40-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
401408

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

FileTypeExtension
exe

InitializedDataSize
8192

SubsystemVersion
4.0

EntryPoint
0xd2f80

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
462848

File identification
MD5 2e90fcb717af94cdf60fbf834c0ec637
SHA1 38fda8d03ea5608d3a5ea8f2415c7ead4feb9ae2
SHA256 2f1d5ee1a59e811a00925fa6a5c0612095e20d617d0510118d8ac0fbca585fe0
ssdeep
6144:K1ro3QM+hpA3rj7mZEXa1achET7RfZ412i+xQHjdJPfBUobisZN5iWoBAQ:K0WMPm+qAIGRf212ibHRlfBd1iPAQ

authentihash 0d982593635a8a244751902f0cbcad35e740cc1b45c8c481bcbca3f72357e600
imphash 5ab46afeddc553bcd2265d97f7c7260f
File size 395.0 KB ( 404480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe via-tor upx overlay

VirusTotal metadata
First submission 2019-03-08 16:22:23 UTC ( 2 months, 1 week ago )
Last submission 2019-03-11 12:47:26 UTC ( 2 months, 1 week ago )
File names 2001.exe
output.117327221.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs