× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 410828750c57d4da9a7331c9d7a2acaf2ec512e4c3cf606cc834cd1dd53f1981
File name: Unzip__290e2xob752ej35a.exe
Detection ratio: 38 / 64
Analysis date: 2019-03-09 15:20:05 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKD.41079521 20190309
AhnLab-V3 Malware/Win32.Generic.C2950469 20190309
Arcabit Trojan.Generic.D272D2E1 20190309
Avast Win32:Evo-gen [Susp] 20190309
AVG FileRepMalware 20190309
Avira (no cloud) ADWARE/OxyPumper.azmjg 20190309
BitDefender Trojan.GenericKD.41079521 20190309
Comodo Malware@#1kgztaptjep6t 20190309
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.e34f53 20190109
Cyren W32/Adware.RRXG-1804 20190309
Emsisoft Trojan.GenericKD.41079521 (B) 20190309
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Adware.OxyPumper.BP 20190309
Fortinet Riskware/OxyPumper 20190309
GData Trojan.GenericKD.41079521 20190309
Ikarus PUA.OxyPumper 20190309
Jiangmin RiskTool.BitCoinMiner.jrn 20190309
K7AntiVirus Adware ( 005460da1 ) 20190309
K7GW Adware ( 005460da1 ) 20190309
Kaspersky Trojan.Win32.Agent.qwimrx 20190308
Malwarebytes Adware.AdLoad 20190309
MAX malware (ai score=85) 20190309
McAfee RDN/Generic PUP.z 20190309
McAfee-GW-Edition BehavesLike.Win32.Trojan.fh 20190309
Microsoft Trojan:Win32/Occamy.C 20190307
eScan Trojan.GenericKD.41079521 20190309
NANO-Antivirus Riskware.Win32.OxyPumper.fnuyjy 20190309
Palo Alto Networks (Known Signatures) generic.ml 20190309
Panda Trj/Genetic.gen 20190309
Qihoo-360 HEUR/QVM10.2.B5CB.Malware.Gen 20190309
Rising Trojan.Agent!8.B1E (CLOUD) 20190309
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Generic PUA EC (PUA) 20190309
TrendMicro-HouseCall TROJ_GEN.F0C2C00C919 20190309
VBA32 BScope.Trojan.CoinMiner 20190307
ZoneAlarm by Check Point Trojan.Win32.Agent.qwimrx 20190309
AegisLab 20190309
Alibaba 20190306
ALYac 20190309
Antiy-AVL 20190309
Avast-Mobile 20190308
Babable 20180917
Baidu 20190305
Bkav 20190308
CAT-QuickHeal 20190309
ClamAV 20190309
CMC 20190309
DrWeb 20190309
eGambit 20190309
F-Secure 20190309
Sophos ML 20181128
Kingsoft 20190309
SUPERAntiSpyware 20190306
Symantec Mobile Insight 20190220
TACHYON 20190308
Tencent 20190309
TheHacker 20190308
TotalDefense 20190308
Trapmine 20190228
Trustlook 20190309
ViRobot 20190309
Yandex 20190308
Zoner 20190308
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-08 14:14:32
Entry Point 0x00020D37
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
GetUserNameW
RegEnumValueW
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
LoadLibraryExW
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
OutputDebugStringW
FindClose
TlsGetValue
SetLastError
GetSystemTime
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GetVersion
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
FreeLibrary
OpenProcess
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
GetTempFileNameW
CompareStringW
FindNextFileW
GetCurrentThreadId
IsValidLocale
FindFirstFileExW
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
lstrlenW
Process32NextW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
Process32FirstW
RaiseException
TlsFree
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
WriteFile
CreateProcessW
Sleep
SysAllocStringLen
VariantClear
SysAllocString
GetErrorInfo
SysFreeString
VariantInit
UuidCreate
UuidToStringW
SHGetFolderPathW
wvsprintfW
GetWindowThreadProcessId
GetDlgCtrlID
SendMessageW
EnumWindows
EnumChildWindows
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpSendRequestW
InternetOpenW
HttpOpenRequestW
CoUninitialize
CoCreateInstance
CoInitialize
CoSetProxyBlanket
URLDownloadToFileW
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:03:08 15:14:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
232960

LinkerVersion
14.16

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x20d37

InitializedDataSize
116224

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 050df58e34f530b716159bac88e6eefe
SHA1 422dd2e7f41a676cb373e21b75c75426a9cc9938
SHA256 410828750c57d4da9a7331c9d7a2acaf2ec512e4c3cf606cc834cd1dd53f1981
ssdeep
6144:7I3qqkPf2Lo35xauEIDwtOlneJ2N6MGOpP5m8lC5SEe4uI1O3AOp8tZr1973:7I3qXPf2U35xauEIDwtc1hpxm8lCEELh

authentihash 044de44d283e52630c589e91e6000a7d99762b85dd3829943807bf2301c1e2bf
imphash d5b5540b8030b2f88f496518cb81d1c7
File size 338.5 KB ( 346624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-08 14:47:31 UTC ( 1 month, 2 weeks ago )
Last submission 2019-03-08 14:47:31 UTC ( 1 month, 2 weeks ago )
File names Unzip__290e2xob752ej35a.exe
Archive.zip__7b291xo3737gmee2.exe
Archive.zip__43ea717824.exe
Archive.zip__50ea1k23vuqvcc95.exe
Archive.zip__f5d5ek2qqh9ib5c8.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections