× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 35de112de2021eb54dea91383112609551240db7d95ac0171d224ca13fa4e0e5
File name: 1.exe
Detection ratio: 16 / 69
Analysis date: 2019-01-10 15:02:10 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan[Ransom]/Win32.Chapak.a 20190110
Avast FileRepMalware 20190110
AVG FileRepMalware 20190110
Cylance Unsafe 20190110
Endgame malicious (high confidence) 20181108
K7AntiVirus Adware ( 004ea9a61 ) 20190110
K7GW Adware ( 004ea9a61 ) 20190110
Microsoft Trojan:Win32/Fuerboos.C!cl 20190110
Palo Alto Networks (Known Signatures) generic.ml 20190110
Qihoo-360 HEUR/QVM10.1.749B.Malware.Gen 20190110
Rising Trojan.GenKryptik!8.AA55/N3#86% (RDM+:cmRtazpboVUHS5lBuGS0c1pbmHrz) 20190110
Symantec ML.Attribute.HighConfidence 20190110
Trapmine malicious.high.ml.score 20190103
TrendMicro TrojanSpy.Win32.FAREIT.SMKC.hp 20190110
TrendMicro-HouseCall TrojanSpy.Win32.FAREIT.SMKC.hp 20190110
VBA32 BScope.TrojanPSW.Azorult 20190110
Acronis 20190110
Ad-Aware 20190110
AegisLab 20190110
AhnLab-V3 20190110
Alibaba 20180921
ALYac 20190110
Arcabit 20190110
Avast-Mobile 20190110
Avira (no cloud) 20190110
Babable 20180918
Baidu 20190110
BitDefender 20190110
Bkav 20190108
CAT-QuickHeal 20190110
ClamAV 20190110
CMC 20190110
Comodo 20190110
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190110
DrWeb 20190110
eGambit 20190110
Emsisoft 20190110
ESET-NOD32 20190110
F-Prot 20190110
F-Secure 20190110
Fortinet 20190110
GData 20190110
Ikarus 20190110
Sophos ML 20181128
Jiangmin 20190110
Kaspersky 20190110
Kingsoft 20190110
Malwarebytes 20190110
MAX 20190110
McAfee 20190110
McAfee-GW-Edition 20190110
eScan 20190110
NANO-Antivirus 20190110
Panda 20190109
SentinelOne (Static ML) 20181223
Sophos AV 20190110
SUPERAntiSpyware 20190109
TACHYON 20190110
Tencent 20190110
TheHacker 20190106
Trustlook 20190110
ViRobot 20190110
Webroot 20190110
Yandex 20190110
Zillya 20190109
ZoneAlarm by Check Point 20190110
Zoner 20190110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-16 12:31:07
Entry Point 0x00007BBD
Number of sections 8
PE sections
PE imports
FreeEnvironmentStringsW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
GetCurrentThread
LCMapStringW
FindFirstChangeNotificationA
LoadLibraryW
GlobalFree
HeapDestroy
GetEnvironmentStringsW
CopyFileA
GetTickCount
SetProcessShutdownParameters
TlsAlloc
VirtualProtect
LoadLibraryA
RtlUnwind
FillConsoleOutputCharacterW
FreeLibrary
GetACP
HeapSetInformation
GetCurrentProcess
EnumSystemLocalesA
EnterCriticalSection
GetLocaleInfoA
GetCurrentProcessId
AddAtomA
SetHandleCount
UnhandledExceptionFilter
GetModuleHandleW
GetCurrentDirectoryA
ExitProcess
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
GetFileInformationByHandle
IsDebuggerPresent
GetCommandLineA
GetProcAddress
EncodePointer
HeapSize
CreateFileMappingW
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
DeleteCriticalSection
LeaveCriticalSection
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
DecodePointer
IsProcessorFeaturePresent
IsValidLocale
ExitThread
HeapReAlloc
GetStringTypeW
GetUserDefaultLCID
GetOEMCP
GetSystemTimeAdjustment
TerminateProcess
FindCloseChangeNotification
GetModuleFileNameA
QueryPerformanceCounter
WideCharToMultiByte
IsValidCodePage
HeapCreate
FatalAppExitA
TlsGetValue
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetLocaleInfoW
SetConsoleCtrlHandler
SetLastError
InterlockedIncrement
DragQueryFileW
ShellExecuteW
ShellAboutA
GetListBoxInfo
MapVirtualKeyExA
GetDialogBaseUnits
PeekMessageA
CloseClipboard
CallMsgFilterW
GetNextDlgTabItem
GetClipboardSequenceNumber
OpenClipboard
Number of PE resources by type
RT_ICON 6
RT_DIALOG 2
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SERBIAN DEFAULT 11
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
270336

EntryPoint
0x7bbd

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.8.7.85

TimeStamp
2018:03:16 13:31:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
yitokevo.exe

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

LegalCopyright
Copyright (C) 2018, kemid

MachineType
Intel 386 or later, and compatibles

CodeSize
101888

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 b58fe475f58e3070e3f506085108ef76
SHA1 269074f92e51174f4ae4913e0c96bed1479c82f3
SHA256 35de112de2021eb54dea91383112609551240db7d95ac0171d224ca13fa4e0e5
ssdeep
1536:lino5QItOav0d+UV1r+jPB++qLaHZ7zln0nSG0a6d0t8Ti/bwRfmJrTmI2TnxfgX:2qQItOZkqOG7tttr/bamrmDR2yyD

authentihash d9316a7f1a310afd96654d8cd10d86ebecfb870f53f85f266980a1d88c3d9109
imphash dbb5721884b48a0d02427e95cd93e1d9
File size 261.0 KB ( 267264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
suspicious-dns peexe nxdomain

VirusTotal metadata
First submission 2019-01-10 15:02:10 UTC ( 2 months, 2 weeks ago )
Last submission 2019-03-12 06:40:17 UTC ( 2 weeks ago )
File names 1[1].exe
1.exe
DeviceManager.exe
WINSVCS.EXE
winsvcs.exe
winsvcs(103).gxe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications