× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2fa9f890e32cc4d19663be8abe54fdbff91f93a9a8c7f96d736a700c165cc746
File name: zlib1.exe
Detection ratio: 46 / 66
Analysis date: 2017-10-23 01:47:28 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Johnnie.18406 20171023
AegisLab Troj.W32.Gofot!c 20171023
AhnLab-V3 HackTool/Win32.Gameinjector.C1956971 20171022
ALYac Gen:Variant.Johnnie.18406 20171023
Antiy-AVL Trojan/Win32.Gofot 20171023
Avast Win32:Malware-gen 20171023
AVG Win32:Malware-gen 20171023
Avira (no cloud) TR/Gofot.pndpq 20171022
BitDefender Gen:Variant.Johnnie.18406 20171023
CAT-QuickHeal Trojan.Gofot 20171020
Comodo UnclassifiedMalware 20171022
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20171016
Cylance Unsafe 20171023
Cyren W32/Heuristic-KPP!Eldorado 20171023
Emsisoft Gen:Variant.Johnnie.18406 (B) 20171023
Endgame malicious (high confidence) 20171016
ESET-NOD32 a variant of Win32/RiskWare.GameHack.BL 20171023
F-Prot W32/Heuristic-KPP!Eldorado 20171023
F-Secure Gen:Variant.Johnnie.18406 20171023
Fortinet W32/Gofot.HEF!tr 20171023
GData Gen:Variant.Johnnie.18406 20171023
Ikarus Trojan.Win32.Gofot 20171022
Sophos ML heuristic 20170914
Jiangmin Trojan.Gofot.th 20171022
K7AntiVirus Riskware ( 0040eff71 ) 20171019
K7GW Riskware ( 0040eff71 ) 20171023
Kaspersky Trojan.Win32.Gofot.hef 20171022
MAX malware (ai score=100) 20171023
McAfee Generic.ceo 20171023
McAfee-GW-Edition Generic.ceo 20171023
Microsoft Trojan:Win32/Kuaibpy!rfn 20171022
eScan Gen:Variant.Johnnie.18406 20171022
NANO-Antivirus Trojan.Win32.Gofot.eqratb 20171022
Palo Alto Networks (Known Signatures) generic.ml 20171023
Panda Trj/GdSda.A 20171022
Qihoo-360 Win32/Trojan.ca8 20171023
Rising Malware.Heuristic!ET#99% (RDM+:cmRtazrL9jgsZKL7nxnaUP8Bnz1n) 20171023
Sophos AV Mal/Behav-010 20171023
Symantec Backdoor.Trojan 20171022
Tencent Win32.Trojan.Gofot.Pgws 20171023
TrendMicro TROJ_GEN.R00UC0RG317 20171022
TrendMicro-HouseCall TROJ_GEN.R00UC0RG317 20171022
VBA32 suspected of Trojan.Downloader.gen.h 20171020
VIPRE RiskTool.Win32.ProcessPatcher.Sml!cobra (v) (not malicious) 20171022
Yandex Trojan.Gofot! 20171021
ZoneAlarm by Check Point Trojan.Win32.Gofot.hef 20171023
Alibaba 20170911
Arcabit 20171023
Avast-Mobile 20171022
AVware 20171023
Baidu 20171020
Bkav 20171020
ClamAV 20171022
CMC 20171022
DrWeb 20171023
eGambit 20171023
Kingsoft 20171023
Malwarebytes 20171022
nProtect 20171023
SentinelOne (Static ML) 20171019
SUPERAntiSpyware 20171022
Symantec Mobile Insight 20171011
TheHacker 20171017
TotalDefense 20171022
Trustlook 20171023
ViRobot 20171022
WhiteArmor 20171016
Zillya 20171021
Zoner 20171023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-29 11:56:49
Entry Point 0x00001842
Number of sections 5
PE sections
PE imports
CreateToolhelp32Snapshot
WriteProcessMemory
Process32First
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
LoadLibraryA
Process32Next
CreateRemoteThread
HeapSetInformation
GetCurrentProcess
GetCurrentProcessId
OpenProcess
UnhandledExceptionFilter
GetStartupInfoW
VirtualAllocEx
GetProcAddress
InterlockedCompareExchange
EncodePointer
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
DecodePointer
TerminateProcess
AllocConsole
Sleep
ExitProcess
GetCurrentThreadId
_cprintf
_acmdln
memset
__dllonexit
_controlfp_s
_invoke_watson
_fmode
_amsg_exit
?terminate@@YAXXZ
_lock
system
_onexit
exit
_XcptFilter
_commode
__setusermatherr
_initterm_e
_cexit
_ismbblead
_unlock
_crt_debugger_hook
_except_handler4_common
__getmainargs
_initterm
_configthreadlocale
_exit
__set_app_type
GetMessageA
UpdateWindow
DispatchMessageA
TranslateMessage
MessageBoxA
CreateDialogParamA
PostQuitMessage
ShowWindow
DestroyWindow
DeleteUrlCacheEntry
URLDownloadToFileA
Number of PE resources by type
RT_MANIFEST 1
RT_DIALOG 1
Number of PE resources by language
THAI DEFAULT 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:06:29 12:56:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3584

LinkerVersion
10.0

EntryPoint
0x1842

InitializedDataSize
5632

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 bd4e7cef17fd4e7e48c3076d93012449
SHA1 d4b2cbcd62a55d914b3a3053c0999b172258cb43
SHA256 2fa9f890e32cc4d19663be8abe54fdbff91f93a9a8c7f96d736a700c165cc746
ssdeep
192:U51ZHvzxoVHLeQekXytH4B4zruGW6ptSw:U5DHvlUHLeYXytH4B4HuGf

authentihash 894aacce94e136f43ed7b2d7de18bc8c3d934f6a3e9d2dba118ce891c3c5ef2c
imphash ec8ee6dab86cae837768de2de4a1dcae
File size 10.0 KB ( 10240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-06-29 15:22:11 UTC ( 6 months, 3 weeks ago )
Last submission 2017-07-25 15:17:03 UTC ( 5 months, 3 weeks ago )
File names zlib1.exe
output.111733438.txt
LJRiwXpk.js
bd4e7cef17fd4e7e48c3076d93012449
bd4e7cef17fd4e7e48c3076d93012449
bd4e7cef17fd4e7e48c3076d93012449.exe.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!