× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3f8f6cbbea1f205771dcadf9add6d1bcaea1739d61552e6d48a040c474242c1d
File name: 0c0918d568b426593e67f9a799b88d46
Detection ratio: 54 / 67
Analysis date: 2018-03-17 17:06:51 UTC ( 1 year ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.117472 20180317
AegisLab Troj.W32.VB.mxAs 20180317
AhnLab-V3 Trojan/Win32.VBKrypt.R12400 20180317
ALYac Gen:Variant.Zusy.117472 20180317
Antiy-AVL Trojan/Win32.VB 20180317
Arcabit Trojan.Zusy.D1CAE0 20180317
Avast Win32:Malware-gen 20180317
AVG Win32:Malware-gen 20180317
Avira (no cloud) TR/Dropper.Gen 20180317
AVware Trojan.Win32.Generic!BT 20180317
BitDefender Gen:Variant.Zusy.117472 20180317
Bkav W32.WinlogonNumberLnrC.Trojan 20180317
CAT-QuickHeal VirTool.VBInject.G3 20180317
Comodo UnclassifiedMalware 20180317
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170201
Cylance Unsafe 20180317
Cyren W32/S-1af86f33!Eldorado 20180317
DrWeb Trojan.Siggen3.5475 20180317
Emsisoft Gen:Variant.Zusy.117472 (B) 20180317
Endgame malicious (high confidence) 20180316
ESET-NOD32 a variant of Win32/Injector.EVZ 20180317
F-Prot W32/S-1af86f33!Eldorado 20180317
Fortinet W32/VBInjector.W!tr 20180317
GData Gen:Variant.Zusy.117472 20180317
Ikarus Trojan.Win32.VB 20180317
Sophos ML heuristic 20180121
Jiangmin Trojan/VB.cpqg 20180317
K7AntiVirus Trojan ( 004e4e6d1 ) 20180317
K7GW Trojan ( 004e4e6d1 ) 20180317
Kaspersky Trojan.Win32.VB.asxu 20180317
MAX malware (ai score=89) 20180317
McAfee Generic Packed.r 20180317
McAfee-GW-Edition BehavesLike.Win32.Trojan.kc 20180317
Microsoft VirTool:Win32/VBInject 20180317
eScan Gen:Variant.Zusy.117472 20180317
NANO-Antivirus Trojan.Win32.VB.ejhodo 20180317
Panda Generic Malware 20180317
Rising Malware.Undefined!8.C (TFE:1:9l4Fr7z0JQK) 20180317
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/SillyFDC-G 20180317
Symantec W32.Rontokbro@mm 20180316
Tencent Win32.Trojan.Vb.Eon 20180317
TheHacker Posible_Worm32 20180316
TotalDefense Win32/Veebuu.QD 20180315
TrendMicro WORM_ESFURY.SMB 20180317
TrendMicro-HouseCall WORM_ESFURY.SMB 20180317
VBA32 Trojan.VB 20180316
VIPRE Trojan.Win32.Generic!BT 20180317
ViRobot Trojan.Win32.A.VB.92160.A 20180317
Webroot W32.Trojan.Gen 20180317
WhiteArmor Malware.HighConfidence 20180223
Yandex Trojan.VB!HLUCCjmUXGU 20180316
Zillya Trojan.VB.Win32.58945 20180316
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180317
Alibaba 20180316
Avast-Mobile 20180317
Baidu 20180317
ClamAV 20180316
CMC 20180317
Cybereason None
eGambit 20180317
F-Secure 20180317
Kingsoft 20180317
Malwarebytes 20180317
nProtect 20180317
Palo Alto Networks (Known Signatures) 20180317
Qihoo-360 20180317
SUPERAntiSpyware 20180317
Symantec Mobile Insight 20180311
Trustlook 20180317
Zoner 20180317
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x00037FD0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Ord(581)
CallWindowProcW
Number of PE resources by type
RT_STRING 4
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
61440

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
4096

SubsystemVersion
4.0

EntryPoint
0x37fd0

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
167936

File identification
MD5 0c0918d568b426593e67f9a799b88d46
SHA1 25f8b8d3e08fec6bd1fe984fb18541ed56446bad
SHA256 3f8f6cbbea1f205771dcadf9add6d1bcaea1739d61552e6d48a040c474242c1d
ssdeep
1536:U1v9r0j/MG0ZDyP5miVCO3ghqAU3Hk1BMX5qatnzAnouy8:qaj/MGbhN3SqA+Mout

authentihash 66093becea6aa9a6fb2e2a20a093dbdb8c6bed3ce5869894b439f3b72a7043a2
imphash 49f00326ad08086c15f0af105d2004b5
File size 60.0 KB ( 61440 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.9%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-03-17 17:06:51 UTC ( 1 year ago )
Last submission 2018-03-17 17:06:51 UTC ( 1 year ago )
File names 0c0918d568b426593e67f9a799b88d46
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications