× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f97bd13d2c343b1ba112e4efa153dfd4abc04fb6034434d7608f74fb750f587
File name: 5c185821a6a5f3e321ad3f4c406e3d4b
Detection ratio: 47 / 65
Analysis date: 2019-02-22 23:37:21 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Trojan.Krypt.DT 20190223
AhnLab-V3 Trojan/Win32.Krypt.C2774448 20190222
ALYac Spyware.Noon.gen 20190223
Antiy-AVL Trojan/Win32.Delf 20190223
Arcabit Trojan.Krypt.DT 20190223
Avast Win32:Trojan-gen 20190223
AVG Win32:Trojan-gen 20190223
Avira (no cloud) TR/Crypt.XPACK.Gen 20190223
BitDefender Trojan.Krypt.DT 20190223
CAT-QuickHeal Trojan.IGENERIC 20190222
Comodo Malware@#13u5v45b78xb 20190223
Cybereason malicious.1a6a5f 20190109
Cylance Unsafe 20190223
Cyren W32/Trojan.UXLV-1476 20190223
DrWeb Trojan.PWS.Stealer.18836 20190223
Emsisoft Trojan.Krypt.DT (B) 20190223
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Injector.EBFY 20190223
Fortinet W32/GenKryptik.AYEB!tr 20190223
GData Trojan.Krypt.DT 20190223
Ikarus Trojan-Spy.Win32.Noon 20190222
Jiangmin TrojanSpy.Noon.dkd 20190223
K7AntiVirus Trojan ( 004cd1ff1 ) 20190223
K7GW Trojan ( 004cd1ff1 ) 20190223
Kaspersky Trojan-Spy.Win32.Noon.uxg 20190223
Malwarebytes Spyware.PasswordStealer 20190223
MAX malware (ai score=100) 20190223
McAfee RDN/Generic PWS.y 20190223
McAfee-GW-Edition BehavesLike.Win32.Dropper.dh 20190223
Microsoft TrojanSpy:Win32/Swotter.A!bit 20190222
eScan Trojan.Krypt.DT 20190223
NANO-Antivirus Trojan.Win32.Delf.fjlpyg 20190223
Palo Alto Networks (Known Signatures) generic.ml 20190223
Panda Trj/CI.A 20190222
Qihoo-360 Win32/Trojan.10f 20190223
Rising Spyware.Noon!8.E7C9 (CLOUD) 20190223
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Generic-S 20190223
Symantec Trojan.Gen.2 20190222
TACHYON Trojan/W32.InfoStealer.1009664 20190223
Tencent Win32.Trojan-spy.Noon.Svrk 20190223
Trapmine suspicious.low.ml.score 20190123
VBA32 BScope.TrojanDropper.Injector 20190222
ViRobot Trojan.Win32.S.Agent.1009664.S 20190222
Webroot W32.Trojan.Gen 20190223
Yandex TrojanSpy.Noon! 20190222
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.uxg 20190223
Acronis 20190222
AegisLab 20190223
Alibaba 20180921
Avast-Mobile 20190222
Babable 20180918
Baidu 20190215
ClamAV 20190222
CMC 20190222
CrowdStrike Falcon (ML) 20181023
eGambit 20190223
F-Secure 20190223
Sophos ML 20181128
Kingsoft 20190223
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
TheHacker 20190217
TotalDefense 20190223
Trustlook 20190223
Zoner 20190223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00006645
Number of sections 8
PE sections
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
ImageList_BeginDrag
ImageList_SetBkColor
InitCommonControls
ImageList_SetDragCursorImage
ImageList_Read
ImageList_GetDragImage
ImageList_Create
ImageList_DragMove
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_GetImageCount
ImageList_Destroy
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
ImageList_SetImageCount
ImageList_DragShowNolock
ImageList_Remove
ImageList_EndDrag
GetOpenFileNameA
GetSaveFileNameA
GetBrushOrgEx
GetDIBColorTable
DeleteEnhMetaFile
GetWindowOrgEx
PatBlt
GetClipBox
GetCurrentPositionEx
SaveDC
GdiFlush
GetTextMetricsA
MaskBlt
CreateBrushIndirect
SetStretchBltMode
GetEnhMetaFilePaletteEntries
GetPixel
Rectangle
BitBlt
GetObjectA
ExcludeClipRect
LineTo
DeleteDC
RestoreDC
SetBkMode
GetSystemPaletteEntries
SetPixel
CreateSolidBrush
OffsetClipRgn
IntersectClipRect
CreateHalftonePalette
CreateDIBSection
ExtSelectClipRgn
RealizePalette
SetTextColor
CopyEnhMetaFileA
GetDeviceCaps
MoveToEx
SetEnhMetaFileBits
CreateEllipticRgn
CreateEllipticRgnIndirect
CreateBitmap
RectVisible
CreatePalette
GetStockObject
CreateDIBitmap
SetViewportOrgEx
SelectPalette
ExtTextOutA
UnrealizeObject
GetDIBits
GetEnhMetaFileBits
SetBrushOrgEx
GetDCOrgEx
PlayEnhMetaFile
StretchBlt
DeleteObject
GetBitmapBits
CreateCompatibleDC
SetROP2
CreateFontIndirectA
SelectObject
GetTextExtentPoint32A
GetWinMetaFileBits
SetDIBColorTable
GetEnhMetaFileHeader
GetPaletteEntries
SetWindowOrgEx
GetTextExtentPointA
SetBkColor
SetWinMetaFileBits
BeginPath
GetBkColor
CreateCompatibleBitmap
CreatePenIndirect
EndPath
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
WaitForSingleObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
SetErrorMode
GetTempPathA
GetCPInfo
InterlockedExchange
WriteFile
GetDiskFreeSpaceA
GetFullPathNameA
SetEvent
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
GetStringTypeExA
GlobalFindAtomA
ExitProcess
GetModuleFileNameA
EnumCalendarInfoA
GetVolumeInformationA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
GlobalAddAtomA
MulDiv
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
CreateDirectoryA
DeleteFileA
GetProcAddress
GlobalReAlloc
FindFirstFileA
lstrcpyA
ResetEvent
GlobalLock
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
GlobalDeleteAtom
GetSystemInfo
lstrlenA
GlobalFree
GetThreadLocale
GlobalUnlock
VirtualQuery
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
WideCharToMultiByte
GetCommandLineA
RaiseException
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetVersion
FreeResource
VirtualFree
Sleep
FindResourceA
VirtualAlloc
CompareStringA
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
ShellExecuteA
RedrawWindow
GetForegroundWindow
SetWindowRgn
EnableScrollBar
DestroyMenu
PostQuitMessage
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
SetMenuItemInfoA
CharUpperBuffA
WindowFromPoint
DrawIcon
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
CharLowerBuffA
SetScrollPos
CallNextHookEx
GetKeyboardState
ClientToScreen
GetTopWindow
ShowCursor
ScrollWindow
GetWindowTextA
GetKeyState
PtInRect
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
EnumWindows
DefMDIChildProcA
ShowWindow
SetClassLongA
GetPropA
GetDesktopWindow
TranslateMDISysAccel
EnableWindow
SetWindowPlacement
PeekMessageA
GetClipboardData
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
InsertMenuItemA
GetIconInfo
LoadStringA
SetParent
SetClipboardData
CharLowerA
IsZoomed
GetWindowPlacement
GetKeyboardLayoutList
DrawMenuBar
IsIconic
RegisterClassA
GetMenuItemCount
GetWindowLongA
SetTimer
OemToCharA
GetActiveWindow
ShowOwnedPopups
FillRect
EnumThreadWindows
CharNextA
GetSysColorBrush
CreateMenu
DestroyWindow
IsChild
IsDialogMessageA
SetFocus
MapVirtualKeyA
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
MapWindowPoints
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
GetScrollRange
SetWindowLongA
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
CreateWindowExA
GetDlgItem
ScreenToClient
InsertMenuA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
GetMenuStringA
GetMenuState
GetKeyboardLayout
GetSystemMenu
GetDC
SetForegroundWindow
OpenClipboard
EmptyClipboard
DrawTextA
IntersectRect
GetScrollInfo
GetCapture
WaitMessage
FindWindowA
MessageBeep
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
DrawFrameControl
UnhookWindowsHookEx
RegisterClipboardFormatA
CallWindowProcA
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
LoadKeyboardLayoutA
GetSysColor
SetScrollInfo
GetMenuItemInfoA
SystemParametersInfoA
DestroyIcon
GetKeyNameTextA
IsWindowVisible
CharToOemA
GetDCEx
WinHelpA
FrameRect
SetRect
DeleteMenu
InvalidateRect
AnimateWindow
DefFrameProcA
CreateIcon
IsRectEmpty
GetCursor
GetFocus
CloseClipboard
GetKeyboardType
SetMenu
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_STRING 17
RT_GROUP_CURSOR 9
RT_CURSOR 9
RT_RCDATA 8
RT_DIALOG 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 44
RUSSIAN 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
455168

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x6645

InitializedDataSize
553472

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 5c185821a6a5f3e321ad3f4c406e3d4b
SHA1 df77a2d3dc48400a8291e5f672ab00542bf44912
SHA256 2f97bd13d2c343b1ba112e4efa153dfd4abc04fb6034434d7608f74fb750f587
ssdeep
12288:BApkwPzNv1dVzpiWua5jJQcvQHVuy9KhU+w9ouPrn1yYu:BApJ1dVAhabOAG+EkYu

authentihash e2bd0d50857ef9eb3f3560a14f4d6745c1a3c57f4f63647a73c956b8de313271
imphash a763c0dc0663c0a48c581261f0d71007
File size 986.0 KB ( 1009664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (28.4%)
Windows screen saver (26.2%)
DOS Borland compiled Executable (generic) (20.0%)
Win32 Executable (generic) (9.0%)
Win16/32 Executable Delphi generic (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-22 00:11:33 UTC ( 5 months ago )
Last submission 2018-11-06 06:05:46 UTC ( 4 months, 2 weeks ago )
File names 5c185821.gxe
ewe.exe
5c185821a6a5f3e321ad3f4c406e3d4b
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs