× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 34272baf52d49f6dff843b049e0a4b73408c20481f230cfb5f80ff5f8467c59a
File name: 1313eb9e614871f87f7924f47998e14d
Detection ratio: 47 / 68
Analysis date: 2017-12-26 05:06:03 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.228707 20171225
AhnLab-V3 Trojan/Win32.Magniber.R215645 20171225
ALYac Gen:Variant.Razy.228707 20171226
Antiy-AVL Trojan/Win32.TSGeneric 20171226
Arcabit Trojan.Razy.D37D63 20171226
Avast Win32:Malware-gen 20171226
AVG Win32:Malware-gen 20171226
Avira (no cloud) TR/Crypt.ZPACK.quxlm 20171225
AVware Trojan.Win32.Generic!BT 20171226
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171226
BitDefender Gen:Variant.Razy.228707 20171226
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.0d4ad7 20171103
Cylance Unsafe 20171226
DrWeb Trojan.PWS.Panda.11620 20171226
eGambit Unsafe.AI_Score_100% 20171226
Emsisoft Gen:Variant.Razy.228707 (B) 20171226
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/GenKryptik.BJQL 20171226
F-Secure Gen:Variant.Razy.228707 20171226
Fortinet W32/GenKryptik.BJQL!tr 20171226
GData Gen:Variant.Razy.228707 20171226
Ikarus Trojan.Win32.Krypt 20171225
Sophos ML heuristic 20170914
K7GW Hacktool ( 700007861 ) 20171225
Kaspersky Trojan-Spy.Win32.Panda.aes 20171226
Malwarebytes Spyware.Zbot 20171226
MAX malware (ai score=88) 20171226
McAfee GenericRXDO-JD!1313EB9E6148 20171226
McAfee-GW-Edition BehavesLike.Win32.Trojan.cc 20171226
Microsoft Trojan:Win32/Zuepan.A 20171226
eScan Gen:Variant.Razy.228707 20171226
nProtect Trojan-Spy/W32.Panda.168448 20171226
Panda Trj/GdSda.A 20171225
Qihoo-360 HEUR/QVM20.1.18B7.Malware.Gen 20171226
Rising Malware.XPACK-LNR/Heur!1.5594 (CLASSIC) 20171226
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Mal/Generic-S 20171226
Symantec Trojan.Gen.2 20171225
Tencent Suspicious.Heuristic.Gen.b.0 20171226
TrendMicro TROJ_GEN.R020C0WLN17 20171226
TrendMicro-HouseCall TROJ_GEN.R020C0WLN17 20171226
VBA32 Trojan.FakeAV.01657 20171222
VIPRE Trojan.Win32.Generic!BT 20171226
Webroot Trojan.Dropper.Gen 20171226
WhiteArmor Malware.HighConfidence 20171204
ZoneAlarm by Check Point Trojan-Spy.Win32.Panda.aes 20171226
AegisLab 20171226
Alibaba 20171226
Avast-Mobile 20171225
Bkav 20171226
CAT-QuickHeal 20171223
ClamAV 20171225
CMC 20171225
Comodo 20171226
Cyren 20171226
F-Prot 20171226
Jiangmin 20171226
K7AntiVirus 20171225
Kingsoft 20171226
NANO-Antivirus 20171226
Palo Alto Networks (Known Signatures) 20171226
SUPERAntiSpyware 20171226
Symantec Mobile Insight 20171222
TheHacker 20171219
TotalDefense 20171225
Trustlook 20171226
ViRobot 20171226
Yandex 20171225
Zillya 20171225
Zoner 20171226
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-09 02:47:42
Entry Point 0x00009077
Number of sections 3
PE sections
PE imports
CAEnumFirstCA
CAEnumNextCA
lstrcat
GetStartupInfoA
CreateProcessA
VirtualAllocEx
lstrcmpiW
AddAtomA
GetConsoleTitleW
InterlockedExchange
ResetEvent
ReadConsoleW
ReadProcessMemory
CreateFileA
GetCommandLineA
LoadLibraryA
SleepEx
OpenJobObjectA
ExtractIconA
ShellAboutA
SHChangeNotify
SHGetDesktopFolder
ShellMessageBoxA
DragQueryPoint
DragAcceptFiles
SHGetDiskFreeSpaceA
DragQueryFileA
SHGetMalloc
SHFileOperationA
wsprintfA
LoadCursorA
PeekMessageW
IsDialogMessageW
CharToOemW
CreateDesktopW
DispatchMessageW
DialogBoxParamA
DrawStateW
GetPropA
LoadBitmapA
GetClassLongA
LoadIconA
Number of PE resources by type
RT_RCDATA 3
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:05:09 03:47:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
152576

LinkerVersion
208.0

FileTypeExtension
exe

InitializedDataSize
19456

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x9077

OSVersion
5.1

ImageVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 1313eb9e614871f87f7924f47998e14d
SHA1 67e44ec0d4ad7f49c12963d411647b215e781845
SHA256 34272baf52d49f6dff843b049e0a4b73408c20481f230cfb5f80ff5f8467c59a
ssdeep
3072:D3fa8dw5a1jrzDbhYlBbqkaWDSdV5MbeNHQZFtnGMW/:W8dwssBbkr5MbNG

authentihash b3328d3d2e85da3e4195b1f37ece911fd657d3c071de7625d78405b11f5bb959
imphash df033a052c9a701cccc8a818cb71f9fd
File size 164.5 KB ( 168448 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-26 05:06:03 UTC ( 1 year, 3 months ago )
Last submission 2017-12-26 05:06:03 UTC ( 1 year, 3 months ago )
File names 1313eb9e614871f87f7924f47998e14d
1032-67e44ec0d4ad7f49c12963d411647b215e781845
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs