× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3389f1b585e5773d78120fd7b7e0de99f615592d4e1e6647a714eb65b74cf979
File name: tpN5esSaPVvGnWynCqD.exe
Detection ratio: 11 / 67
Analysis date: 2018-06-24 07:13:48 UTC ( 8 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.EPACK.Gen2 20180623
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180622
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.05f78f 20180225
Cylance Unsafe 20180624
Endgame malicious (high confidence) 20180612
Fortinet W32/Kryptik.GHWC!tr 20180624
Sophos ML heuristic 20180601
Palo Alto Networks (Known Signatures) generic.ml 20180624
Qihoo-360 HEUR/QVM20.1.0DBC.Malware.Gen 20180624
Symantec ML.Attribute.HighConfidence 20180623
Ad-Aware 20180624
AegisLab 20180622
AhnLab-V3 20180623
Alibaba 20180622
ALYac 20180624
Antiy-AVL 20180624
Arcabit 20180624
Avast 20180624
Avast-Mobile 20180623
AVG 20180624
AVware 20180624
Babable 20180406
BitDefender 20180624
Bkav 20180623
CAT-QuickHeal 20180623
ClamAV 20180624
CMC 20180624
Comodo 20180624
Cyren 20180624
DrWeb 20180624
eGambit 20180624
Emsisoft 20180624
ESET-NOD32 20180624
F-Prot 20180624
F-Secure 20180624
GData 20180624
Ikarus 20180623
Jiangmin 20180624
K7AntiVirus 20180624
K7GW 20180624
Kaspersky 20180624
Kingsoft 20180624
Malwarebytes 20180624
MAX 20180624
McAfee 20180624
McAfee-GW-Edition 20180624
Microsoft 20180624
eScan 20180624
NANO-Antivirus 20180624
Panda 20180623
Rising 20180624
SentinelOne (Static ML) 20180618
Sophos AV 20180624
SUPERAntiSpyware 20180624
Symantec Mobile Insight 20180619
TACHYON 20180624
Tencent 20180624
TheHacker 20180624
TotalDefense 20180624
TrendMicro 20180624
TrendMicro-HouseCall 20180624
Trustlook 20180624
VBA32 20180622
VIPRE 20180624
ViRobot 20180623
Webroot 20180624
Yandex 20180622
ZoneAlarm by Check Point 20180624
Zoner 20180623
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-24 07:03:28
Entry Point 0x00001A14
Number of sections 6
PE sections
PE imports
RegDeleteValueA
GdiFlush
GetROP2
GetNearestPaletteIndex
GetWorldTransform
CreateCompatibleBitmap
ImmGetCompositionWindow
GetSystemTime
LocalFree
LCMapStringW
GetConsoleFontSize
GetCurrentProcessId
SetFilePointer
GetThreadUILanguage
BackupWrite
GetCommandLineA
LockFile
MprConfigInterfaceTransportGetHandle
SafeArrayUnlock
VarBstrFromBool
BSTR_UserUnmarshal
RpcBindingToStringBindingW
I_RpcServerSetAddressChangeFn
PathParseIconLocationW
StrStrIW
GetSubMenu
GetClipboardViewer
GetParent
DrawEdge
GetKBCodePage
GetQueueStatus
LookupIconIdFromDirectory
AttachThreadInput
IsWindowVisible
DeferWindowPos
keybd_event
GetClassInfoW
ToUnicode
GetShellWindow
GetWindowContextHelpId
GetInputState
VerQueryValueW
VerFindFileW
WintrustRemoveActionID
SCardTransmit
GetColorDirectoryW
StgIsStorageFile
PdhEnumObjectsHW
URLOpenStreamA
Number of PE resources by type
RT_MENU 1
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:06:24 09:03:28+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
15872

LinkerVersion
15.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1a14

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 68169005a6ef0c4b345501fb1b5c06f6
SHA1 57240f205f78f3991c0659647b1bdba10f14b125
SHA256 3389f1b585e5773d78120fd7b7e0de99f615592d4e1e6647a714eb65b74cf979
ssdeep
3072:62cwd4p7r7P1hpLrnF12Ad9erxgqmnrbVimoP:62crpX7P9rn3Jz2xgvPVKP

authentihash 3b3baada4ed795a456a66673aac11f328db48abd9cead5a6fe42424cc817db90
imphash 051afb05770b7a47d212c1d855e53951
File size 184.5 KB ( 188928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-24 07:09:28 UTC ( 8 months ago )
Last submission 2018-06-24 07:09:28 UTC ( 8 months ago )
File names tpN5esSaPVvGnWynCqD.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!