× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3050ee56c677338984783dd9f304289ae632f98a4e1ab97c7e47f3d5cdf81ad8
File name: 2624039262.exe
Detection ratio: 25 / 67
Analysis date: 2019-04-14 13:01:08 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190413
AegisLab Trojan.Win32.Generic.4!c 20190414
Alibaba Trojan:Win32/Starter.ali2000005 20190402
Avast Win32:Malware-gen 20190414
AVG Win32:Malware-gen 20190414
Avira (no cloud) TR/AD.Phorpiex.asogd 20190414
Bkav HW32.Packed. 20190412
CrowdStrike Falcon (ML) win/malicious_confidence_70% (W) 20190212
Cyren W32/Trojan.IETX-4157 20190414
eGambit Unsafe.AI_Score_90% 20190414
Endgame malicious (moderate confidence) 20190403
ESET-NOD32 a variant of Win32/Kryptik.GSCI 20190414
Fortinet W32/Kryptik.GRZZ!tr 20190414
GData Win32.Packed.Kryptik.OC7VRV 20190414
Kaspersky Trojan-Downloader.Win32.Bitmin.xbv 20190414
Malwarebytes Trojan.MalPack.GS 20190414
McAfee Artemis!16A8C33DB655 20190414
McAfee-GW-Edition BehavesLike.Win32.SoftPulse.cc 20190414
Microsoft Trojan:Win32/Gandcrab.AF 20190414
Palo Alto Networks (Known Signatures) generic.ml 20190414
Qihoo-360 HEUR/QVM11.1.82B3.Malware.Gen 20190414
Rising Trojan.Kryptik!8.8 (CLOUD) 20190414
Sophos AV Mal/Generic-S 20190414
Trapmine suspicious.low.ml.score 20190325
ZoneAlarm by Check Point Trojan-Downloader.Win32.Bitmin.xbv 20190414
Ad-Aware 20190414
AhnLab-V3 20190414
ALYac 20190414
Antiy-AVL 20190414
Arcabit 20190414
Avast-Mobile 20190414
Babable 20180918
Baidu 20190318
BitDefender 20190414
CAT-QuickHeal 20190414
ClamAV 20190414
CMC 20190321
Comodo 20190414
Cybereason 20190403
DrWeb 20190414
Emsisoft 20190414
F-Secure 20190413
FireEye 20190414
Ikarus 20190414
Sophos ML 20190313
Jiangmin 20190414
K7AntiVirus 20190414
K7GW 20190414
Kingsoft 20190414
MAX 20190414
eScan 20190414
NANO-Antivirus 20190414
Panda 20190414
SentinelOne (Static ML) 20190407
SUPERAntiSpyware 20190410
Symantec Mobile Insight 20190410
TACHYON 20190414
Tencent 20190414
TheHacker 20190411
TotalDefense 20190413
TrendMicro-HouseCall 20190414
Trustlook 20190414
VBA32 20190412
VIPRE 20190413
ViRobot 20190414
Yandex 20190412
Zillya 20190412
Zoner 20190414
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-17 17:25:09
Entry Point 0x0610FE50
Number of sections 3
PE sections
PE imports
GetUserNameA
LineTo
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
AlphaBlend
DuplicateIcon
LoadImageA
CLSIDFromString
Number of PE resources by type
Struct(241) 3
RT_ICON 2
AFX_DIALOG_LAYOUT 2
RT_STRING 2
DUFAVACOGEMUFOSECUBASIZUYIGO 1
JAZOWOKISAPAPUVOPO 1
RT_GROUP_CURSOR 1
MINERAYAXEWEBIWA 1
DIKOHATIJU 1
WILIHATUDUREWUTICIWURU 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
NEPALI DEFAULT 5
NEUTRAL 3
SPANISH NICARAGUA 3
TSWANA DEFAULT 2
FAEROESE DEFAULT 2
BELARUSIAN DEFAULT 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:02:17 18:25:09+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
196608

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, Large address aware, 32-bit

EntryPoint
0x610fe50

InitializedDataSize
12288

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
101580800

Execution parents
File identification
MD5 16a8c33db655b2a540b5f7f5e4fdd9c0
SHA1 ddba58575c44e7c9f4f97fd4eb840269655592a5
SHA256 3050ee56c677338984783dd9f304289ae632f98a4e1ab97c7e47f3d5cdf81ad8
ssdeep
3072:XKXR9xuIJlGtc69xrLP8LJyMGkSOOWCGTTSct/Y46IfBabXsxP7MT7oH131c/Y:XaDWH95LkJ3RCGOct/Y0P7MC1W/Y

authentihash 9ce009e83a32f967b6c5130109ad0bb69103a410c43f7609c79dfcbf51632998
imphash f2deac3f91a49fd2ed649e95a518e198
File size 198.5 KB ( 203264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (71.9%)
Win32 Executable (generic) (11.9%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.3%)
DOS Executable Generic (5.3%)
Tags
peexe upx nxdomain

VirusTotal metadata
First submission 2019-04-14 03:08:21 UTC ( 1 month, 1 week ago )
Last submission 2019-04-18 23:40:42 UTC ( 1 month ago )
File names 16a8c33db655b2a540b5f7f5e4fdd9c0.virobj
2624039262.exe
1.exe
winsvcs.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections