× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2fa9f890e32cc4d19663be8abe54fdbff91f93a9a8c7f96d736a700c165cc746
File name: zlib1.exe
Detection ratio: 44 / 65
Analysis date: 2018-05-15 00:04:45 UTC ( 1 week, 6 days ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Johnnie.18406 20180515
AegisLab Troj.W32.Gofot!c 20180514
AhnLab-V3 HackTool/Win32.Gameinjector.C1956971 20180514
ALYac Gen:Variant.Johnnie.18406 20180514
Antiy-AVL Trojan/Win32.Gofot 20180515
Arcabit Trojan.Johnnie.D47E6 20180514
Avast Win32:Malware-gen 20180514
AVG Win32:Malware-gen 20180514
Avira (no cloud) TR/Gofot.pndpq 20180515
BitDefender Gen:Variant.Johnnie.18406 20180515
CAT-QuickHeal Trojan.Mauvaise.SL1 20180514
Comodo UnclassifiedMalware 20180515
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180418
Cylance Unsafe 20180515
Cyren W32/Heuristic-KPP!Eldorado 20180514
Emsisoft Gen:Variant.Johnnie.18406 (B) 20180515
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/RiskWare.GameHack.BL 20180515
F-Prot W32/Heuristic-KPP!Eldorado 20180514
F-Secure Gen:Variant.Johnnie.18406 20180514
Fortinet W32/Gofot.HEF!tr 20180514
GData Gen:Variant.Johnnie.18406 20180515
Jiangmin Trojan.Gofot.th 20180514
K7AntiVirus Riskware ( 0040eff71 ) 20180514
K7GW Riskware ( 0040eff71 ) 20180515
Kaspersky Trojan.Win32.Gofot.hef 20180515
MAX malware (ai score=100) 20180515
McAfee Generic.ceo 20180514
McAfee-GW-Edition BehavesLike.Win32.Backdoor.lm 20180514
Microsoft Trojan:Win32/Kuaibpy!rfn 20180515
eScan Gen:Variant.Johnnie.18406 20180515
NANO-Antivirus Trojan.Win32.Gofot.eqratb 20180515
Palo Alto Networks (Known Signatures) generic.ml 20180515
Panda Trj/GdSda.A 20180514
Qihoo-360 Win32/Trojan.ca8 20180515
Sophos AV Mal/Behav-010 20180515
Symantec ML.Attribute.HighConfidence 20180514
Tencent Win32.Trojan.Gofot.Pgws 20180515
TrendMicro TROJ_GEN.R002C0DDU18 20180515
TrendMicro-HouseCall TROJ_GEN.R002C0DDU18 20180515
VBA32 suspected of Trojan.Downloader.gen.h 20180514
VIPRE RiskTool.Win32.ProcessPatcher.Sml!cobra (v) (not malicious) 20180514
Yandex Trojan.Gofot! 20180513
ZoneAlarm by Check Point Trojan.Win32.Gofot.hef 20180514
Alibaba 20180514
Avast-Mobile 20180514
AVware 20180428
Babable 20180406
Baidu 20180511
Bkav 20180514
ClamAV 20180514
CMC 20180514
Cybereason None
eGambit 20180515
Sophos ML 20180503
Kingsoft 20180515
Malwarebytes 20180515
nProtect 20180515
Rising 20180514
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180515
Symantec Mobile Insight 20180511
TheHacker 20180509
TotalDefense 20180514
Trustlook 20180515
ViRobot 20180514
Webroot 20180515
Zillya 20180514
Zoner 20180514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-29 11:56:49
Entry Point 0x00001842
Number of sections 5
PE sections
PE imports
CreateToolhelp32Snapshot
WriteProcessMemory
Process32First
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
LoadLibraryA
Process32Next
CreateRemoteThread
HeapSetInformation
GetCurrentProcess
GetCurrentProcessId
OpenProcess
UnhandledExceptionFilter
GetStartupInfoW
VirtualAllocEx
GetProcAddress
InterlockedCompareExchange
EncodePointer
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
DecodePointer
TerminateProcess
AllocConsole
Sleep
ExitProcess
GetCurrentThreadId
_cprintf
_acmdln
memset
__dllonexit
_controlfp_s
_invoke_watson
_fmode
_amsg_exit
?terminate@@YAXXZ
_lock
system
_onexit
exit
_XcptFilter
_commode
__setusermatherr
_initterm_e
_cexit
_ismbblead
_unlock
_crt_debugger_hook
_except_handler4_common
__getmainargs
_initterm
_configthreadlocale
_exit
__set_app_type
GetMessageA
UpdateWindow
DispatchMessageA
TranslateMessage
MessageBoxA
CreateDialogParamA
PostQuitMessage
ShowWindow
DestroyWindow
DeleteUrlCacheEntry
URLDownloadToFileA
Number of PE resources by type
RT_MANIFEST 1
RT_DIALOG 1
Number of PE resources by language
THAI DEFAULT 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:06:29 12:56:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3584

LinkerVersion
10.0

EntryPoint
0x1842

InitializedDataSize
5632

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 bd4e7cef17fd4e7e48c3076d93012449
SHA1 d4b2cbcd62a55d914b3a3053c0999b172258cb43
SHA256 2fa9f890e32cc4d19663be8abe54fdbff91f93a9a8c7f96d736a700c165cc746
ssdeep
192:U51ZHvzxoVHLeQekXytH4B4zruGW6ptSw:U5DHvlUHLeYXytH4B4HuGf

authentihash 894aacce94e136f43ed7b2d7de18bc8c3d934f6a3e9d2dba118ce891c3c5ef2c
imphash ec8ee6dab86cae837768de2de4a1dcae
File size 10.0 KB ( 10240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-06-29 15:22:11 UTC ( 11 months ago )
Last submission 2018-05-15 00:04:45 UTC ( 1 week, 6 days ago )
File names VirusShare_bd4e7cef17fd4e7e48c3076d93012449
zlib1.exe
output.111733438.txt
LJRiwXpk.js
bd4e7cef17fd4e7e48c3076d93012449
bd4e7cef17fd4e7e48c3076d93012449
bd4e7cef17fd4e7e48c3076d93012449.exe.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!