× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3e225d16e486fae7df684d73c6e4531fbaf203b898ea899623cf5150a0f13652
File name: serstalkerskysbox.png
Detection ratio: 52 / 67
Analysis date: 2018-09-05 21:54:09 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5566213 20180905
AegisLab Trojan.Win32.Generic.4!c 20180905
AhnLab-V3 Trojan/Win32.Trickbot.R204026 20180905
ALYac Trojan.Trickster.Gen 20180905
Antiy-AVL Trojan/Win32.Trickster 20180905
Arcabit Trojan.Generic.D54EF05 20180905
Avast Win32:Malware-gen 20180905
AVG Win32:Malware-gen 20180905
Avira (no cloud) HEUR/AGEN.1014350 20180905
AVware Trojan.Win32.Generic!BT 20180905
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9988 20180905
BitDefender Trojan.GenericKD.5566213 20180905
CAT-QuickHeal Trojan.Mauvaise.SL1 20180905
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.5fc87a 20180225
Cylance Unsafe 20180905
Cyren W32/GenBl.35F08B75!Olympus 20180905
DrWeb Trojan.Siggen7.23701 20180905
Emsisoft Trojan.GenericKD.5566213 (B) 20180905
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/TrickBot.O 20180905
F-Secure Trojan.GenericKD.5566213 20180905
Fortinet W32/GenKryptik.ANRD!tr 20180905
GData Trojan.GenericKD.5566213 20180905
Ikarus Trojan.Win32.Trickbot 20180905
Sophos ML heuristic 20180717
Jiangmin Trojan.Trickster.gu 20180905
K7AntiVirus Trojan ( 0050f1201 ) 20180905
K7GW Trojan ( 0050f1201 ) 20180905
Kaspersky Trojan.Win32.Trickster.na 20180905
MAX malware (ai score=100) 20180905
McAfee Trojan-FNZP!35F08B75FC87 20180905
McAfee-GW-Edition BehavesLike.Win32.Generic.gh 20180905
Microsoft Trojan:Win32/Totbrick!rfn 20180905
eScan Trojan.GenericKD.5566213 20180905
NANO-Antivirus Trojan.Win32.Trickster.eqspsg 20180905
Palo Alto Networks (Known Signatures) generic.ml 20180905
Panda Trj/GdSda.A 20180905
Qihoo-360 Win32/Trojan.09d 20180905
Rising Trojan.TrickBot!8.E313 (CLOUD) 20180905
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Troj/Trickbot-N 20180905
Symantec Trojan.Trickybot 20180905
Tencent Win32.Trojan.Trickster.Lmku 20180905
TrendMicro TSPY_TRICKBOT.AUTA 20180905
TrendMicro-HouseCall TSPY_TRICKBOT.AUTA 20180905
VBA32 BScope.Trojan.Trickster 20180905
VIPRE Trojan.Win32.Generic!BT 20180905
ViRobot Trojan.Win32.Agent.451584.E 20180905
Webroot W32.Trojan.Gen 20180905
Yandex Trojan.Trickster! 20180905
ZoneAlarm by Check Point Trojan.Win32.Trickster.na 20180905
Alibaba 20180713
Avast-Mobile 20180905
Babable 20180902
Bkav 20180905
ClamAV 20180905
CMC 20180905
Comodo 20180905
eGambit 20180905
F-Prot 20180905
Kingsoft 20180905
Malwarebytes 20180905
SUPERAntiSpyware 20180905
Symantec Mobile Insight 20180905
TACHYON 20180905
TheHacker 20180904
TotalDefense 20180905
Trustlook 20180905
Zoner 20180904
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-27 23:43:06
Entry Point 0x00002780
Number of sections 4
PE sections
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitCommonControlsEx
GetLastError
lstrlenA
GetCurrentDirectoryW
GetModuleHandleA
lstrcmpA
CreateFileW
GetCommandLineW
GetStartupInfoA
ExitProcess
lstrcatW
lstrcmpW
lstrlenW
_except_handler3
__p__fmode
_acmdln
_exit
__p__commode
__setusermatherr
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
CommandLineToArgvW
ReleaseDC
LoadBitmapW
MessageBoxW
SendMessageW
wsprintfW
RegisterClassExW
TranslateMessage
GetMessageW
MoveWindow
DefWindowProcW
LoadStringW
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
PostQuitMessage
DispatchMessageW
TranslateAcceleratorW
LoadMenuW
SetWindowPos
DestroyWindow
Number of PE resources by type
RT_DIALOG 1
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_STRING 1
RT_BITMAP 1
RT_CURSOR 1
Number of PE resources by language
FINNISH DEFAULT 5
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:10:28 00:43:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
194560

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
256512

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x2780

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 35f08b75fc87a8f72f4867f59d5d53d2
SHA1 eb12cb2fb84cb178e2b98c96372c53d07cdfbbb7
SHA256 3e225d16e486fae7df684d73c6e4531fbaf203b898ea899623cf5150a0f13652
ssdeep
6144:eCDLfoW8M511y7XtKo4JD76eIqZsfr+BJIfUcyBekT:eCDLfoWHfMXR4UesRyBF

authentihash 840afe283ffa2c0fd64eaff626f1997d1ce9daf6bd118e7ea04fc77f115b5ab5
imphash c586dc25e86228003635f4c72b92584c
File size 441.0 KB ( 451584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-07-05 17:07:46 UTC ( 1 year, 4 months ago )
Last submission 2017-08-25 19:35:56 UTC ( 1 year, 2 months ago )
File names serstalkerskysbox.png
VirusShare_35f08b75fc87a8f72f4867f59d5d53d2
IfwaeELBn.msi
ltuozc.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications