× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3ca6465761d6be2d2152dcc9ed56595dbc73405a4f9456913f9ba0c72d976b04
File name: 4028440725.EXE
Detection ratio: 12 / 71
Analysis date: 2019-01-27 14:58:49 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190124
Avira (no cloud) TR/Crypt.XPACK.Gen2 20190127
Cylance Unsafe 20190127
eGambit Unsafe.AI_Score_92% 20190127
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GPBJ 20190127
Microsoft Trojan:Win32/Azden.A!cl 20190127
Qihoo-360 HEUR/QVM10.2.D43B.Malware.Gen 20190127
Rising Ransom.GandCrypt!8.F33E (TFE:dGZlOgFfuqN+379qxw) 20190127
Symantec ML.Attribute.HighConfidence 20190126
Trapmine malicious.high.ml.score 20190123
VBA32 BScope.Trojan.Fuery 20190125
Ad-Aware 20190127
AegisLab 20190127
AhnLab-V3 20190127
Alibaba 20180921
ALYac 20190127
Antiy-AVL 20190127
Arcabit 20190127
Avast 20190127
Avast-Mobile 20190127
AVG 20190127
Babable 20180918
Baidu 20190125
BitDefender 20190127
Bkav 20190125
CAT-QuickHeal 20190127
ClamAV 20190127
CMC 20190127
Comodo 20190127
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190127
DrWeb 20190127
Emsisoft 20190127
F-Prot 20190127
F-Secure 20190127
Fortinet 20190127
GData 20190127
Ikarus 20190127
Sophos ML 20181128
Jiangmin 20190127
K7AntiVirus 20190127
K7GW 20190127
Kaspersky 20190127
Kingsoft 20190127
Malwarebytes 20190127
MAX 20190127
McAfee 20190127
McAfee-GW-Edition 20190127
eScan 20190127
NANO-Antivirus 20190127
Palo Alto Networks (Known Signatures) 20190127
Panda 20190127
SentinelOne (Static ML) 20190124
Sophos AV 20190127
SUPERAntiSpyware 20190123
TACHYON 20190127
Tencent 20190127
TheHacker 20190125
TotalDefense 20190127
TrendMicro 20190127
TrendMicro-HouseCall 20190127
Trustlook 20190127
VIPRE 20190127
ViRobot 20190127
Webroot 20190127
Yandex 20190125
Zillya 20190125
ZoneAlarm by Check Point 20190127
Zoner 20190125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 9.3.9.32
Comments Modified by an unpaid evaluation copy of Resource Tuner 2. http://www.heaventools.com
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-03 10:06:09
Entry Point 0x00006272
Number of sections 6
PE sections
PE imports
BeginPath
AddFontResourceExA
GetLastError
TlsGetValue
HeapFree
TlsAlloc
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
LoadLibraryW
GetOEMCP
LCMapStringA
IsDebuggerPresent
GetTickCount
SetProcessShutdownParameters
SetFileApisToANSI
GetEnvironmentStringsW
GetModuleFileNameA
SetConsoleOutputCP
RtlUnwind
LoadLibraryA
GetStdHandle
DeleteCriticalSection
FlushViewOfFile
EnumSystemLocalesA
GetLocaleInfoA
HeapSize
GetCurrentProcessId
LCMapStringW
UnhandledExceptionFilter
GetCommandLineW
IsValidCodePage
GetCPInfo
ExitProcess
GetCPInfoExA
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetProfileSectionA
GetUserDefaultLCID
AddAtomW
GetLocaleInfoW
GetStartupInfoA
EnumResourceLanguagesW
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
LeaveCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
GetStringTypeA
CloseHandle
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetConsoleSelectionInfo
HeapAlloc
LocalFree
TerminateProcess
CreateProcessA
QueryPerformanceCounter
GetProcessShutdownParameters
InitializeCriticalSection
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
GlobalGetAtomNameA
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
RemoveVectoredExceptionHandler
SetLastError
SetConsoleTextAttribute
TransparentBlt
IsAccelerator
Number of PE resources by type
RT_STRING 15
RT_ICON 10
RT_GROUP_ICON 2
RT_GROUP_CURSOR 1
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_CURSOR 1
RT_VERSION 1
RATAYOHEMAPIZERAPUJIGO 1
Number of PE resources by language
CZECH DEFAULT 21
NEUTRAL 7
ENGLISH US 4
DANISH DEFAULT 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Modified by an unpaid evaluation copy of Resource Tuner 2. http://www.heaventools.com

InitializedDataSize
479744

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, Large address aware, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

EntryPoint
0x6272

MIMEType
application/octet-stream

FileVersion
9.3.9.32

TimeStamp
2018:03:03 11:06:09+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
9.3.9.32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
91136

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 467a518fd0d3745bb35c241053432fe8
SHA1 8504da8292f5bd4e70b9ea3971fc01a937bcc421
SHA256 3ca6465761d6be2d2152dcc9ed56595dbc73405a4f9456913f9ba0c72d976b04
ssdeep
3072:hiBxhVyELxjBJOa9m8KgVrc0ew+MFhmkpq8nbnNysyGVLw4:hiXh8ELNBJOa91zG0eY/bJxVLw

authentihash 8956d986e61789c878c6548cee99cfcbb37ed7aaf9e5fd3a40f32e8172222db3
imphash 278af6557fdb72a439b496c52749bf63
File size 558.5 KB ( 571904 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
suspicious-dns peexe nxdomain

VirusTotal metadata
First submission 2019-01-27 14:58:49 UTC ( 1 month, 3 weeks ago )
Last submission 2019-01-27 14:58:49 UTC ( 1 month, 3 weeks ago )
File names 3716035157.exe
t.exe
2396528277.exe
1.exe
4028440725.EXE
3404331941.exe
2492134514.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications