× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 40693f4438a5d282eaf7e42f0ff80e514e5c9266e815899cca318b0098b26fa1
File name: a525e6e64a8a127bca83948fee880a65c48b957c
Detection ratio: 32 / 70
Analysis date: 2018-12-26 02:23:41 UTC ( 1 month, 3 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20181224
Ad-Aware Trojan.GenericKD.31440414 20181226
AhnLab-V3 Malware/RL.Possible_hpgen.R249734 20181225
ALYac Trojan.GenericKD.31440414 20181226
Arcabit Trojan.Generic.D1DFBE1E 20181226
Avast Win32:MalwareX-gen [Trj] 20181226
AVG Win32:MalwareX-gen [Trj] 20181226
BitDefender Trojan.GenericKD.31440414 20181226
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20181022
DrWeb Trojan.Packed2.41404 20181226
Emsisoft Trojan.GenericKD.31440414 (B) 20181226
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GOAX 20181225
F-Secure Trojan.GenericKD.31440414 20181226
Fortinet W32/Kryptik.GOBG!tr 20181226
GData Trojan.GenericKD.31440414 20181226
Sophos ML heuristic 20181128
Jiangmin Trojan.Propagate.pb 20181226
Kaspersky Trojan-Spy.Win32.Ursnif.afyb 20181226
Malwarebytes Trojan.MalPack.GS 20181225
MAX malware (ai score=86) 20181226
McAfee Packed-FPJ!6B3C68E6E56D 20181225
McAfee-GW-Edition Packed-FPJ!6B3C68E6E56D 20181225
Microsoft Trojan:Win32/Fuerboos.A!cl 20181225
eScan Trojan.GenericKD.31440414 20181225
Panda Trj/Genetic.gen 20181225
Qihoo-360 HEUR/QVM10.1.1D47.Malware.Gen 20181226
Rising Malware.Heuristic!ET#94% (RDM+:cmRtazqwEAFenml/xDXNBUGKqcXC) 20181225
Trapmine malicious.high.ml.score 20181205
VBA32 BScope.Trojan.Fuery 20181222
Webroot W32.Trojan.Gen 20181226
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.afyb 20181225
AegisLab 20181225
Alibaba 20180921
Antiy-AVL 20181225
Avast-Mobile 20181225
Avira (no cloud) 20181226
Babable 20180918
Baidu 20181207
Bkav 20181224
CAT-QuickHeal 20181225
ClamAV 20181226
CMC 20181225
Comodo 20181226
Cybereason 20180225
Cylance 20181226
Cyren 20181226
eGambit 20181226
F-Prot 20181226
Ikarus 20181226
K7AntiVirus 20181225
K7GW 20181225
Kingsoft 20181226
NANO-Antivirus 20181225
Palo Alto Networks (Known Signatures) 20181226
SentinelOne (Static ML) 20181223
Sophos AV 20181225
SUPERAntiSpyware 20181220
Symantec 20181225
Symantec Mobile Insight 20181225
TACHYON 20181224
Tencent 20181226
TheHacker 20181225
TotalDefense 20181223
TrendMicro 20181225
TrendMicro-HouseCall 20181225
Trustlook 20181226
ViRobot 20181225
Yandex 20181223
Zillya 20181225
Zoner 20181225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-26 22:39:35
Entry Point 0x00012377
Number of sections 4
PE sections
PE imports
ClearEventLogA
BackupEventLogW
ChangeServiceConfigA
CloseServiceHandle
FillPath
GetNativeSystemInfo
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GlobalFree
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetStdHandle
FillConsoleOutputCharacterW
RtlUnwind
ExitThread
FindFirstChangeNotificationW
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
DecodePointer
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetProcAddress
EncodePointer
EnumTimeFormatsA
ExitProcess
FindResourceExA
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
FindAtomW
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
FindAtomA
TlsGetValue
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
ShellExecuteA
MapWindowPoints
UpdateWindow
LoadBitmapW
MapVirtualKeyW
GetCaretPos
PrivateExtractIconsA
PeekMessageW
LoadCursorW
LoadCursorFromFileA
LoadKeyboardLayoutW
LookupIconIdFromDirectoryEx
GetMenu
DlgDirSelectExA
RealGetWindowClassW
SetParent
MapVirtualKeyExA
GetRawInputDeviceInfoA
LoadAcceleratorsA
LoadIconA
GetDesktopWindow
GetDialogBaseUnits
ScrollWindow
CloseClipboard
DefDlgProcW
OpenClipboard
Number of PE resources by type
RT_ICON 8
RT_BITMAP 3
LONEXE 1
LEMEJEVUXOTIPUFITEYIYAPELITAYAZU 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SERBIAN DEFAULT 15
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
168960

EntryPoint
0x12377

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2018, xakakavez

FileVersion
4.9.8.88

TimeStamp
2018:03:26 15:39:35-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
bunus.exe

ProductVersion
4.9.8.88

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
95232

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6b3c68e6e56ddd1504f642ac8e1c2d92
SHA1 a525e6e64a8a127bca83948fee880a65c48b957c
SHA256 40693f4438a5d282eaf7e42f0ff80e514e5c9266e815899cca318b0098b26fa1
ssdeep
1536:Xutq0PlX8HhA+aPNVJ6Hz0LuIJksab0EgERNVwam33VZH7vnktFoN6SrExGwtoUQ:eUq847sHz0SIJPTEgPPnVZH7ooc2wty

authentihash 9fa481c5a1a8b5e08f3000f8002279320e59ccad94183babd4a347c936ff547c
imphash 3daf3b4744319cf4d46f9bf638e4b119
File size 154.5 KB ( 158208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (61.9%)
Win32 Dynamic Link Library (generic) (13.0%)
Win32 Executable (generic) (8.9%)
OS/2 Executable (generic) (4.0%)
Clipper DOS Executable (4.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-26 02:23:41 UTC ( 1 month, 3 weeks ago )
Last submission 2018-12-26 02:23:41 UTC ( 1 month, 3 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections