× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3e4de6797fb83963bf660c2da8fd0fd523130e6b48b7834ba48d3f635d4e1ece
File name: ComboFix.exe
Detection ratio: 9 / 68
Analysis date: 2018-08-21 03:21:57 UTC ( 9 months ago ) View latest
Antivirus Result Update
Antiy-AVL GrayWare[Downloader]/Win32.Adload.gen 20180821
Baidu Multi.Threats.InArchive 20180820
Cylance Unsafe 20180821
Cyren W32/Trojan.CMDB-5767 20180821
Sophos ML heuristic 20180717
Rising Malware.Undefined!8.C (CLOUD) 20180821
Sophos AV NirCmd (PUA) 20180820
Tencent Win32.Backdoor.Zegost.Htlw 20180821
TrendMicro-HouseCall Suspicious_GEN.F47V0808 20180821
Ad-Aware 20180821
AegisLab 20180821
AhnLab-V3 20180821
Alibaba 20180713
ALYac 20180821
Arcabit 20180821
Avast 20180821
Avast-Mobile 20180820
AVG 20180821
Avira (no cloud) 20180821
AVware 20180821
Babable 20180725
BitDefender 20180821
Bkav 20180820
CAT-QuickHeal 20180820
ClamAV 20180821
CMC 20180817
Comodo 20180821
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
DrWeb 20180821
eGambit 20180821
Emsisoft 20180821
Endgame 20180730
ESET-NOD32 20180821
F-Prot 20180821
F-Secure 20180821
Fortinet 20180821
GData 20180821
Ikarus 20180820
Jiangmin 20180821
K7AntiVirus 20180820
K7GW 20180820
Kaspersky 20180821
Kingsoft 20180821
Malwarebytes 20180821
MAX 20180821
McAfee 20180821
McAfee-GW-Edition 20180821
Microsoft 20180821
eScan 20180821
NANO-Antivirus 20180821
Palo Alto Networks (Known Signatures) 20180821
Panda 20180820
Qihoo-360 20180821
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180821
Symantec 20180821
Symantec Mobile Insight 20180814
TACHYON 20180821
TheHacker 20180821
TrendMicro 20180821
Trustlook 20180821
VBA32 20180820
VIPRE 20180821
ViRobot 20180820
Webroot 20180821
Yandex 20180820
Zillya 20180820
ZoneAlarm by Check Point 20180821
Zoner 20180820
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
sUBs

Product ComboFix
Original name ComboFix.exe
Internal name ComboFix.exe
File version 18.08.08.01
Description ComboFix NSIS Installer
Packers identified
F-PROT UPX, PECompact, appended, NSIS, UTF-8, Unicode, AutoIt, PecBundle
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-05-11 20:03:36
Entry Point 0x000314D0
Number of sections 3
PE sections
Overlays
MD5 f937a8e892a8e90b7d0454500e51f9e4
File type data
Offset 26624
Size 5633886
Entropy 8.00
PE imports
RegCloseKey
SetBkMode
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ShellExecuteA
VerQueryValueA
CoTaskMemFree
Number of PE resources by type
RT_DIALOG 12
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
8192

ImageVersion
6.0

ProductName
ComboFix

FileVersionNumber
18.8.8.1

UninitializedDataSize
180224

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
ComboFix.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
18.08.08.01

TimeStamp
2014:05:11 22:03:36+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
ComboFix.exe

FileDescription
ComboFix NSIS Installer

OSVersion
4.0

FileOS
Win32

LegalCopyright
sUBs

MachineType
Intel 386 or later, and compatibles

CompanyName
Swearware

CodeSize
20480

FileSubtype
0

ProductVersionNumber
18.8.8.1

EntryPoint
0x314d0

ObjectFileType
Executable application

File identification
MD5 9c181b1351af9d8574df0aaeb0e278de
SHA1 16010baa64a7d21fe9c435abac13798ccfedd0cd
SHA256 3e4de6797fb83963bf660c2da8fd0fd523130e6b48b7834ba48d3f635d4e1ece
ssdeep
98304:DqlVpGyyT4ll/NNYuG9M8ZVC1BjB8yGTnTWe9YUxQSPNZPz44z77mBu67B+CbON:MGZT4llVN1apVkFGT5KSPNOe7mBuyQzN

authentihash 95c1e3457c7ee355a66856b2ab717a5a15026740fcbf565a8a5a4d374476295c
imphash 74a01f7126dc9d5c16ea49b9d705758d
File size 5.4 MB ( 5660510 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
pecompact peexe nsis upx overlay

VirusTotal metadata
First submission 2018-08-08 07:02:09 UTC ( 9 months, 2 weeks ago )
Last submission 2019-05-07 08:09:18 UTC ( 2 weeks ago )
File names Combofix.exe
ComboFix_18.7.10.1.exe
ComboFix.exe
ComboFix (1).exe
output.126523576.txt
IEXPLORE.EXE
ComboFix.exe
ComboFix.exe
f7ad09cb6c00f556e7fa21108c70310748b93f32d1d533c28285ad3ecff0bbe9.exe
ComboFix.exe
ComboFix_2.exe
ComboFix.exe
ComboFix.exe
ComboFix.exe
ComboFix.exe
ComboFix.exe
ComboFix.exe
combofix.exe
ComboFix(3).exe
ComboFix18881.exe
combofix_18.8.8.1.exe
ComboFix-18.8.8.1.exe
ComboFix (2).exe
AAA-ComboFixPre.exe
ComboFix.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Runtime DLLs