× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3a3d615edff38ad14b60beb5300836669d6c17524a5101406e7fd12032961399
File name: mudakchtoli.exe
Detection ratio: 10 / 56
Analysis date: 2017-02-08 18:45:19 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20170208
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170208
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Sophos ML virus.win32.virut.bn 20170203
K7GW Trojan ( 700001211 ) 20170208
Kaspersky Trojan-Banker.Win32.CoreBot.cz 20170208
McAfee Artemis!71AAF68437DB 20170208
McAfee-GW-Edition BehavesLike.Win32.Downloader.cc 20170208
Rising Malware.Generic!6e4XAAEia9J@2 (thunder) 20170208
Symantec Trojan.Cridex 20170208
Ad-Aware 20170208
AhnLab-V3 20170208
Alibaba 20170122
ALYac 20170208
Antiy-AVL 20170208
Arcabit 20170208
Avast 20170208
AVG 20170208
Avira (no cloud) 20170208
AVware 20170208
BitDefender 20170208
Bkav 20170208
CAT-QuickHeal 20170208
ClamAV 20170208
CMC 20170208
Comodo 20170208
Cyren 20170208
DrWeb 20170208
Emsisoft 20170208
ESET-NOD32 20170208
F-Prot 20170208
F-Secure 20170208
Fortinet 20170208
GData 20170208
Ikarus 20170208
Jiangmin 20170208
K7AntiVirus 20170208
Kingsoft 20170208
Malwarebytes 20170208
Microsoft 20170208
eScan 20170208
NANO-Antivirus 20170208
nProtect 20170208
Panda 20170208
Qihoo-360 20170208
Sophos AV 20170208
SUPERAntiSpyware 20170208
Tencent 20170208
TheHacker 20170205
TrendMicro 20170208
TrendMicro-HouseCall 20170208
Trustlook 20170208
VBA32 20170208
VIPRE 20170208
ViRobot 20170208
WhiteArmor 20170202
Yandex 20170208
Zillya 20170207
Zoner 20170208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name REGEDIT.EXE
Internal name REGEDIT
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Registry Editor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-01-13 08:35:46
Entry Point 0x00009F10
Number of sections 9
PE sections
PE imports
DeregisterEventSource
FindFirstFreeAce
StartServiceCtrlDispatcherW
RegCreateKeyExA
GetSidIdentifierAuthority
ImageList_SetOverlayImage
GetPaletteEntries
TryEnterCriticalSection
GetTapeStatus
QueryPerformanceCounter
LoadLibraryA
FlushViewOfFile
CommConfigDialogW
SetTapePosition
GetCurrentDirectoryA
EnumSystemLocalesW
OpenWaitableTimerW
GetProcAddress
GetComputerNameExA
GlobalReAlloc
GetModuleHandleA
WritePrivateProfileStructA
EnumSystemLanguageGroupsA
GetFirmwareEnvironmentVariableA
SwitchToFiber
HeapReAlloc
GetUserDefaultLCID
IsBadStringPtrW
IsBadHugeWritePtr
LocalSize
GlobalAlloc
SHDeleteEmptyKeyA
PathQuoteSpacesW
PathBuildRootW
ChrCmpIA
PathUnquoteSpacesW
SendMessageTimeoutA
GetNextDlgTabItem
SetWindowTextA
ChangeMenuA
CreateIconIndirect
WaitMessage
BringWindowToTop
SetScrollPos
TranslateAcceleratorW
sprintf
strncpy
Number of PE resources by type
RT_ICON 11
RT_GROUP_ICON 5
RT_GROUP_CURSOR 1
REGINST 1
RT_CURSOR 1
MUI 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 21
PE resources
ExifTool file metadata
UninitializedDataSize
6144

LinkerVersion
197.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Registry Editor

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
0

EntryPoint
0x9f10

OriginalFileName
REGEDIT.EXE

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2001:01:13 09:35:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
REGEDIT

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
22016

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 71aaf68437dbe995dd1d8dd7f1021e6a
SHA1 63f252e036ecad29bea2aac04a5e884efc4bd8b1
SHA256 3a3d615edff38ad14b60beb5300836669d6c17524a5101406e7fd12032961399
ssdeep
3072:G8e/gtH3g8jmmzd2uvQqgvJNyghg0eBXVD/+M:G8eotXg8rd28cJhg0sp/1

authentihash 26641e18d2f1eef3fe5c2e9b4cc219fabbfc76eb75009ffc6b3d14631f311e38
imphash cbebc64726c7dc3c7b2ab37479ab0679
File size 117.8 KB ( 120616 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2017-02-08 10:45:18 UTC ( 2 years, 2 months ago )
Last submission 2019-03-16 12:35:04 UTC ( 1 month, 1 week ago )
File names mudakchtoli.exe
mudakchtoli.exe
mudakchtoli.exe
71aaf68437dbe995dd1d8dd7f1021e6a.exe
gIGSBXS.exe
REGEDIT.EXE
mudakchtoli.exe
REGEDIT
mudakchtoli.exe
mudakchtoli.exe
mudakchtoli.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications