× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 36d80c091c3a442fcdbc35c04582ba4843f2774785d173adf8e946163ef01d39
File name: output.114779926.txt
Detection ratio: 8 / 71
Analysis date: 2019-01-19 02:35:15 UTC ( 2 months ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20190118
Kaspersky UDS:DangerousObject.Multi.Generic 20190119
Palo Alto Networks (Known Signatures) generic.ml 20190119
Qihoo-360 HEUR/QVM10.2.A413.Malware.Gen 20190119
Rising Malware.Heuristic.MLite(94%) (AI-LITE:OH92aDJoK3RBfJg4DUQmcw) 20190119
Symantec Packed.Generic.525 20190118
VBA32 BScope.Backdoor.Quicdy 20190118
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20190119
Acronis 20190118
Ad-Aware 20190119
AegisLab 20190119
AhnLab-V3 20190118
Alibaba 20180921
ALYac 20190119
Antiy-AVL 20190119
Arcabit 20190118
Avast 20190119
Avast-Mobile 20190118
Avira (no cloud) 20190119
AVware 20180925
Babable 20180918
Baidu 20190118
BitDefender 20190118
Bkav 20190118
CAT-QuickHeal 20190118
ClamAV 20190118
CMC 20190118
Comodo 20190119
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190119
Cyren 20190118
DrWeb 20190118
eGambit 20190119
Emsisoft 20190118
Endgame 20181108
ESET-NOD32 20190119
F-Prot 20190118
F-Secure 20190118
Fortinet 20190118
GData 20190119
Ikarus 20190118
Sophos ML 20181128
Jiangmin 20190119
K7AntiVirus 20190118
K7GW 20190118
Kingsoft 20190119
Malwarebytes 20190119
MAX 20190119
McAfee 20190119
McAfee-GW-Edition 20190118
Microsoft 20190119
eScan 20190119
NANO-Antivirus 20190119
Panda 20190118
SentinelOne (Static ML) 20190118
Sophos AV 20190119
SUPERAntiSpyware 20190116
TACHYON 20190119
Tencent 20190119
TheHacker 20190118
TotalDefense 20190118
Trapmine 20190103
TrendMicro 20190119
TrendMicro-HouseCall 20190119
Trustlook 20190119
ViRobot 20190118
Webroot 20190119
Yandex 20190118
Zillya 20190118
Zoner 20190119
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-07-27 19:17:00
Entry Point 0x00007B28
Number of sections 9
PE sections
PE imports
GetStdHandle
WaitForSingleObject
GetConsoleAliasW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
IsProcessInJob
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetThreadPriority
FindClose
TlsGetValue
SetFileAttributesW
SetLastError
GetModuleFileNameW
CopyFileA
ExitProcess
RaiseException
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimes
DecodePointer
FindAtomW
GetModuleHandleExW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetEvent
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
WriteConsoleInputW
FreeLibrary
GetStartupInfoW
GetProcAddress
AddAtomW
GetProcessHeap
GetComputerNameExA
GetComputerNameW
FindNextFileW
GetComputerNameA
TerminateProcess
FindFirstFileExW
SetCommState
CreateFileW
IsDebuggerPresent
GetFileType
TlsSetValue
HeapAlloc
PrepareTape
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetThreadLocale
GetEnvironmentStringsW
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
ReadConsoleW
TlsFree
ReadFile
SetFirmwareEnvironmentVariableA
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
GetDefaultCommConfigA
TransparentBlt
AlphaBlend
GetCursorPos
WaitMessage
UpdateWindow
GetScrollInfo
PostMessageA
CreateIcon
SendMessageA
MapVirtualKeyA
RemoveMenu
LoadMenuW
DrawCaption
DeviceCapabilitiesW
CoLoadLibrary
CreateItemMoniker
PE exports
Number of PE resources by type
RT_ICON 6
RT_STRING 1
RT_GROUP_ICON 1
Number of PE resources by language
POLISH DEFAULT 8
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:07:27 21:17:00+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
100352

LinkerVersion
14.0

ImageFileCharacteristics
Executable, Large address aware, 32-bit

EntryPoint
0x7b28

InitializedDataSize
446464

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Execution parents
File identification
MD5 196b5ee2af2b43bba6a25e9284f81dd7
SHA1 e54d655ebafa31226e59ceabda0e56a1a42a4b6e
SHA256 36d80c091c3a442fcdbc35c04582ba4843f2774785d173adf8e946163ef01d39
ssdeep
3072:dK4kG4wPsecpFQ+I37rwhej4YE+CoRK4d:seGS+I3OPgK4d

authentihash 13c873e276ec41267561d50485dc3210667858eb5f719720895a5ff8efe4ea0b
imphash e36f0caa1330b8cc83a892cd91770c16
File size 532.5 KB ( 545280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
suspicious-dns peexe nxdomain

VirusTotal metadata
First submission 2019-01-19 02:35:15 UTC ( 2 months ago )
Last submission 2019-03-22 14:05:54 UTC ( 18 hours, 42 minutes ago )
File names output.114775326.txt
output.114779926.txt
output.114971092.txt
1110510246.exe
1 (1).exe
VirusShare_196b5ee2af2b43bba6a25e9284f81dd7
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications