× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 33742743194ffcfb38e4f7642120049cad7d5953cfdf982d3391e46e94611a29
File name: 529BF07B0B46B2B050A90EBD2872A348.mlw
Detection ratio: 50 / 68
Analysis date: 2018-11-02 15:45:07 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40441232 20181102
AegisLab Trojan.Win32.Coins.i!c 20181102
AhnLab-V3 Malware/Win32.Generic.C2691039 20181102
ALYac Trojan.GenericKD.40441232 20181102
Arcabit Trojan.Generic.D2691590 20181102
Avast Win32:PWSX-gen [Trj] 20181102
AVG Win32:PWSX-gen [Trj] 20181102
Avira (no cloud) HEUR/AGEN.1035110 20181102
BitDefender Trojan.GenericKD.40441232 20181102
Bkav W32.eHeur.Malware03 20181102
CAT-QuickHeal Trojan.IGENERIC 20181102
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.908175 20180225
Cylance Unsafe 20181102
Cyren W32/Trojan.JSGH-3956 20181102
DrWeb Trojan.PWS.Stealer.23950 20181102
Emsisoft Trojan.GenericKD.40441232 (B) 20181102
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKIZ 20181102
F-Prot W32/GandCrab.T.gen!Eldorado 20181102
Fortinet W32/Fareit.A 20181102
GData Win32.Trojan-Ransom.GandCrab.O 20181102
Ikarus Trojan.Crypt 20181102
Sophos ML heuristic 20180717
Jiangmin Trojan.PSW.Coins.bbq 20181102
K7AntiVirus Trojan ( 00516fdf1 ) 20181102
K7GW Trojan ( 00516fdf1 ) 20181102
Kaspersky Trojan-PSW.Win32.Coins.jgq 20181102
Malwarebytes Trojan.MalPack.GS 20181102
MAX malware (ai score=92) 20181102
McAfee Trojan-FPST!529BF07B0B46 20181102
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20181102
Microsoft Trojan:Win32/Tiggre!rfn 20181102
eScan Trojan.GenericKD.40441232 20181102
NANO-Antivirus Trojan.Win32.Coins.figzwx 20181102
Palo Alto Networks (Known Signatures) generic.ml 20181102
Panda Trj/GdSda.A 20181102
Qihoo-360 HEUR/QVM10.2.900B.Malware.Gen 20181102
Rising Trojan.Kryptik!1.B3B1 (CLOUD) 20181102
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/GandCrab-B 20181102
Symantec Trojan.Gen.2 20181102
Tencent Win32.Trojan-qqpass.Qqrob.Suxv 20181102
TrendMicro TROJ_GEN.R011C0PI218 20181102
TrendMicro-HouseCall TROJ_GEN.R011C0PI218 20181102
VBA32 BScope.Trojan.Agentb 20181102
VIPRE Trojan.Win32.Generic!BT 20181102
Webroot W32.Adware.Installcore 20181102
Zillya Trojan.GenericKD.Win32.199638 20181102
ZoneAlarm by Check Point Trojan-PSW.Win32.Coins.jgq 20181102
Alibaba 20180921
Antiy-AVL 20181102
Avast-Mobile 20181102
Babable 20180918
Baidu 20181102
ClamAV 20181102
CMC 20181102
eGambit 20181102
F-Secure 20181102
Kingsoft 20181102
SUPERAntiSpyware 20181031
Symantec Mobile Insight 20181030
TACHYON 20181102
TheHacker 20181031
TotalDefense 20181102
Trustlook 20181102
ViRobot 20181102
Yandex 20181101
Zoner 20181102
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-04 22:10:49
Entry Point 0x00004814
Number of sections 5
PE sections
PE imports
ReportEventA
BeginPath
CreateDiscardableBitmap
StretchBlt
FillPath
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
SetProcessShutdownParameters
TlsAlloc
GetSystemTimes
VirtualProtect
FillConsoleOutputCharacterW
GetCommandLineW
RtlUnwind
ExitThread
FindFirstChangeNotificationW
IsProcessorFeaturePresent
DeleteCriticalSection
LeaveCriticalSection
EnumSystemLocalesA
GetEnvironmentStringsW
GetLocaleInfoA
GetCurrentProcessId
UnhandledExceptionFilter
GetModuleHandleW
GetCPInfo
ExitProcess
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetProcAddress
InterlockedCompareExchange
GetStartupInfoW
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
HeapSetInformation
InterlockedExchange
SetUnhandledExceptionFilter
lstrcpyA
GetConsoleDisplayMode
DecodePointer
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
HeapAlloc
GetSystemTimeAdjustment
TerminateProcess
GetCurrentDirectoryW
GetProcessShutdownParameters
GetCurrentProcess
IsValidCodePage
HeapCreate
WriteFile
EnumTimeFormatsA
FindAtomA
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetProcessVersion
EncodePointer
GetCurrentThreadId
GetLocaleInfoW
VirtualAlloc
SetLastError
InterlockedIncrement
ExtractIconA
GetMenuState
GetDesktopWindow
GetMessageExtraInfo
Number of PE resources by type
RT_BITMAP 4
RT_VERSION 1
Number of PE resources by language
NEUTRAL 5
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
11.0.0.0

LanguageCode
Unknown (3436)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unknown (77B0)

InitializedDataSize
109568

EntryPoint
0x4814

MIMEType
application/octet-stream

FileVersion
2.4.8

TimeStamp
2018:03:04 23:10:49+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x588891)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
140800

FileSubtype
0

ProductVersionNumber
12.0.0.0

FileTypeExtension
exe

ObjectFileType
VxD

File identification
MD5 529bf07b0b46b2b050a90ebd2872a348
SHA1 f79599b908175f4d95ffdcf3c9a73da8611ecf58
SHA256 33742743194ffcfb38e4f7642120049cad7d5953cfdf982d3391e46e94611a29
ssdeep
3072:226ONuvztgkHd12Rn8h2amSQBHzWOXfq7Kw5r801ZzPh4BNzbh:b6OOV12Y2amXClB1Ih

authentihash b37c8d7f54b83f0ddcdf6249535f7531e8effce924b86745a82a3b5159251a3b
imphash aed8d24d60c48a9a8946bfb3f74de97f
File size 241.0 KB ( 246784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-01 07:16:59 UTC ( 3 months, 1 week ago )
Last submission 2018-09-01 07:16:59 UTC ( 3 months, 1 week ago )
File names 529BF07B0B46B2B050A90EBD2872A348.mlw
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications