× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3721c0d2deb08a9ceeebe1272034b1aefd49c1c0cb3fec3a37ec9b294e250b6c
File name: 67205bb3c8b372c3dcb7c3f44b3fdb53
Detection ratio: 40 / 64
Analysis date: 2018-04-29 08:26:36 UTC ( 12 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.282755 20180429
AhnLab-V3 Trojan/Win32.RansomCrypt.R226444 20180428
ALYac Gen:Variant.Zusy.282755 20180429
Antiy-AVL Trojan/Win32.TSGeneric 20180428
Arcabit Trojan.Zusy.D45083 20180429
Babable Malware.HighConfidence 20180406
BitDefender Gen:Variant.Zusy.282755 20180429
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180418
Cylance Unsafe 20180429
Cyren W32/S-92788ce3!Eldorado 20180429
DrWeb Trojan.Encoder.24384 20180429
eGambit Unsafe.AI_Score_65% 20180429
Emsisoft Gen:Variant.Zusy.282755 (B) 20180429
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Kryptik.GGCH 20180429
F-Prot W32/S-92788ce3!Eldorado 20180429
F-Secure Gen:Variant.Zusy.282755 20180429
Fortinet W32/Kryptik.BVB!tr 20180429
GData Gen:Variant.Zusy.282755 20180429
Sophos ML heuristic 20180121
Jiangmin Trojan.Chapak.hq 20180429
K7AntiVirus Trojan ( 0052f1231 ) 20180429
K7GW Trojan ( 0052f1231 ) 20180429
Kaspersky Trojan-Spy.Win32.Panda.awr 20180429
MAX malware (ai score=80) 20180429
McAfee GenericRXFC-RQ!67205BB3C8B3 20180429
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20180425
Microsoft Trojan:Win32/Fuerboos.C!cl 20180429
eScan Gen:Variant.Zusy.282755 20180429
NANO-Antivirus Trojan.Win32.Encoder.farwkq 20180429
Panda Trj/Genetic.gen 20180429
Qihoo-360 Win32/Trojan.Spy.21e 20180429
Sophos AV Mal/Generic-S 20180429
Symantec Trojan.Gen.MBT 20180428
Tencent Win32.Trojan-spy.Panda.Wnci 20180429
TrendMicro TROJ_GEN.R015C0WDR18 20180429
TrendMicro-HouseCall TROJ_GEN.R015C0WDR18 20180429
VBA32 Trojan.Chapak 20180428
Webroot W32.Trojan.Gen 20180429
ZoneAlarm by Check Point Trojan-Spy.Win32.Panda.awr 20180429
AegisLab 20180429
Avast 20180429
Avast-Mobile 20180428
AVG 20180429
Avira (no cloud) 20180428
AVware 20180428
Bkav 20180426
CAT-QuickHeal 20180428
ClamAV 20180429
CMC 20180428
Comodo 20180429
Cybereason None
Kingsoft 20180429
nProtect 20180429
Palo Alto Networks (Known Signatures) 20180429
Rising 20180429
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180429
TheHacker 20180426
TotalDefense 20180429
Trustlook 20180429
VIPRE 20180428
ViRobot 20180428
Yandex 20180428
Zillya 20180427
Zoner 20180428
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-25 13:09:28
Entry Point 0x000039E0
Number of sections 5
PE sections
PE imports
TranslateCharsetInfo
AddFontResourceA
SetICMProfileA
CreateICW
PathToRegion
ResetDCW
GetGlyphOutlineA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
DosDateTimeToFileTime
LCMapStringW
SetConsoleMode
lstrlenA
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
EnterCriticalSection
IsDebuggerPresent
EncodePointer
TlsAlloc
FlushFileBuffers
VirtualProtect
CreateMailslotA
IsDBCSLeadByte
SetConsoleOutputCP
RtlUnwind
GetModuleFileNameA
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
SetFileShortNameW
GetFileType
GetConsoleMode
DecodePointer
LocalAlloc
UnhandledExceptionFilter
WideCharToMultiByte
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
SetDefaultCommConfigA
FindVolumeMountPointClose
GetProcAddress
GetThreadContext
GetProcessHeap
SetStdHandle
GetTempPathA
RaiseException
GetCPInfo
TlsFree
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetMailslotInfo
GetCommandLineA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
WriteProfileSectionA
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
LocalFileTimeToFileTime
GetEnvironmentStringsW
TlsGetValue
Sleep
SetLastError
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
HiliteMenuItem
AppendMenuA
SetDlgItemInt
RemovePropW
LoadAcceleratorsW
GetPropA
CoIsOle1Class
Number of PE resources by type
RT_STRING 22
RT_ACCELERATOR 3
NI 1
ODCH 1
RT_ICON 1
TOLOHUREJE 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 31
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:04:25 14:09:28+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
55296

LinkerVersion
12.0

FileTypeExtension
exe

InitializedDataSize
7532544

SubsystemVersion
5.1

EntryPoint
0x39e0

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 67205bb3c8b372c3dcb7c3f44b3fdb53
SHA1 b8bc95fdd69edee832c107328583ec8c01f7aa69
SHA256 3721c0d2deb08a9ceeebe1272034b1aefd49c1c0cb3fec3a37ec9b294e250b6c
ssdeep
3072:tPu6tEnqep+DxnalNZSR2VvSe7JMf3zCnvGlqeT2vs2Ej8V:xu6t+1pOsNZRVvh7JOAvunqvsRj8V

imphash 013d11bb5b12cb88f2a2201fed7c8c2a
File size 199.0 KB ( 203776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-29 08:26:36 UTC ( 12 months ago )
Last submission 2018-04-29 08:26:36 UTC ( 12 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs