× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 327571c6f345df8ca5769404f6445c034ab4d8b8cef2302fdfc0c7d5d8305eea
File name: output.114313495.txt
Detection ratio: 52 / 68
Analysis date: 2018-11-21 15:36:19 UTC ( 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31275839 20181121
AhnLab-V3 Trojan/Win32.Trickbot.C2753198 20181121
ALYac Trojan.Trickster.Gen 20181121
Antiy-AVL Trojan[Banker]/Win32.Trickster 20181121
Arcabit Trojan.Generic.D1DD3B3F 20181121
Avast Win32:Malware-gen 20181121
AVG Win32:Malware-gen 20181121
Avira (no cloud) HEUR/AGEN.1035840 20181121
BitDefender Trojan.GenericKD.31275839 20181121
CAT-QuickHeal Trojan.IGENERIC 20181121
ClamAV Win.Packer.Trickbot-6683856-3 20181121
Comodo Malware@#2vxcm9ktmo58l 20181121
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20181022
Cybereason malicious.34f9fb 20180225
Cylance Unsafe 20181121
Cyren W32/Trojan.BPXY-3600 20181121
DrWeb Trojan.DownLoader27.12419 20181121
eGambit Trojan.Generic 20181121
Emsisoft Trojan.GenericKD.31275839 (B) 20181121
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GLNT 20181121
F-Prot W32/Fqev.A 20181121
F-Secure Trojan.GenericKD.31275839 20181121
Fortinet W32/Kryptik.GLNT!tr 20181121
GData Trojan.GenericKD.31275839 20181121
Ikarus Trojan-Banker.TrickBot 20181121
Sophos ML heuristic 20181108
Jiangmin Trojan.Banker.Trickster.cu 20181121
K7AntiVirus Riskware ( 0040eff71 ) 20181121
K7GW Riskware ( 0040eff71 ) 20181121
Kaspersky Trojan-Banker.Win32.Trickster.tk 20181121
Malwarebytes Trojan.TrickBot 20181121
MAX malware (ai score=100) 20181121
McAfee Trojan-FQEV!89A3E1603484 20181121
McAfee-GW-Edition Trojan-FQEV!89A3E1603484 20181121
Microsoft Trojan:Win32/MereTam.A 20181121
eScan Trojan.GenericKD.31275839 20181121
NANO-Antivirus Trojan.Win32.Kryptik.fixqgt 20181121
Palo Alto Networks (Known Signatures) generic.ml 20181121
Panda Trj/GdSda.A 20181121
Qihoo-360 Win32/Trojan.b63 20181121
Sophos AV Troj/Trickbo-IR 20181121
Symantec Trojan.Gen.2 20181121
TACHYON Banker/W32.Trickster.578372.B 20181121
Tencent Win32.Trojan-banker.Trickster.Ecud 20181121
TrendMicro TROJ_GEN.R03BC0DJC18 20181121
TrendMicro-HouseCall TROJ_GEN.R03BC0DJC18 20181121
VBA32 TrojanBanker.Trickster 20181121
ViRobot Trojan.Win32.Z.Trickbot.578372 20181121
Webroot W32.Trojan.Trickbot 20181121
Zillya Adware.Trickster.Win32.23 20181121
ZoneAlarm by Check Point Trojan-Banker.Win32.Trickster.tk 20181121
AegisLab 20181121
Alibaba 20180921
Avast-Mobile 20181121
Babable 20180918
Baidu 20181121
Bkav 20181121
CMC 20181121
Kingsoft 20181121
Rising 20181121
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181121
Symantec Mobile Insight 20181121
TheHacker 20181118
TotalDefense 20181121
Trustlook 20181121
Yandex 20181119
Zoner 20181121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-10 09:20:18
Entry Point 0x000014E0
Number of sections 16
PE sections
Overlays
MD5 addaa55255caae47fc503f49166eb457
File type data
Offset 503808
Size 74564
Entropy 4.34
PE imports
GetLastError
EnterCriticalSection
ReleaseMutex
TryEnterCriticalSection
ResumeThread
SetEvent
QueryPerformanceCounter
WaitForSingleObject
GetTickCount
TlsAlloc
GetHandleInformation
LoadLibraryA
DeleteCriticalSection
GetAtomNameA
SetThreadPriority
GetCurrentProcessId
AddAtomA
GetCurrentProcess
UnhandledExceptionFilter
TlsGetValue
VirtualProtect
SetProcessAffinityMask
WaitForMultipleObjects
InterlockedCompareExchange
GetThreadContext
GetCurrentThread
SuspendThread
CreateMutexA
InterlockedExchangeAdd
CreateSemaphoreA
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
DuplicateHandle
GetThreadPriority
SetThreadContext
MoveFileA
TerminateProcess
GetProcessAffinityMask
ReleaseSemaphore
ResetEvent
InitializeCriticalSection
VirtualQuery
CreateEventA
FindAtomA
InterlockedDecrement
Sleep
TlsSetValue
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
strncmp
__lconv_init
malloc
realloc
memset
__dllonexit
_cexit
abort
fprintf
_setjmp3
printf
_fmode
_endthreadex
_amsg_exit
fputc
fwrite
_lock
_onexit
__initenv
fputs
_strdup
sprintf
memcmp
strlen
exit
__setusermatherr
_acmdln
longjmp
_unlock
free
vfprintf
__getmainargs
calloc
_write
memcpy
memmove
signal
strchr
_beginthreadex
_initterm
__set_app_type
strcmp
_ftime
_iob
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:10:10 02:20:18-07:00

FileType
Win32 EXE

PEType
PE32

CodeSize
87040

LinkerVersion
2.23

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit

EntryPoint
0x14e0

InitializedDataSize
417792

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
1536

Execution parents
File identification
MD5 89a3e160348482bb1701a9ca51db4679
SHA1 29eb8fb34f9fb8faabe0b676877c4d4485154a1e
SHA256 327571c6f345df8ca5769404f6445c034ab4d8b8cef2302fdfc0c7d5d8305eea
ssdeep
6144:7aeXMKpoTxYo79sFF2objbHDeGvyU9L7aqzQwzQ6WUnzBuc34Bza3GUAr2Ghw2/Y:WCMKOTH7aPbjr3vyd+DBT4BWiMbGu

authentihash a08438ff856378d896ba77ad2f2a1bc46ed4b63b922a491c3cad3a59bd6f657b
imphash 02589aaae3d71c9e6c6828c106a46ad6
File size 564.8 KB ( 578372 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-10-10 15:13:54 UTC ( 4 months, 2 weeks ago )
Last submission 2018-10-10 18:45:19 UTC ( 4 months, 2 weeks ago )
File names 16336954
<SAMPLE.EXE>
tetup.exe
output.114313495.txt
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections