× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 414bb1af4fbb618c4889d69144c7f66591c6e5294d0ab3b7ea8b774946977cf2
File name: output.114546501.txt
Detection ratio: 20 / 69
Analysis date: 2018-12-29 05:26:12 UTC ( 3 months, 4 weeks ago ) View latest
Antivirus Result Update
AegisLab Hacktool.Win32.Krap.lKMc 20181229
Avast FileRepMalware 20181229
AVG FileRepMalware 20181229
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cylance Unsafe 20181229
DrWeb Trojan.Packed 20181229
eGambit PE.Heur.InvalidSig 20181229
Endgame malicious (high confidence) 20181108
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20181229
McAfee Artemis!4C6F64715DF6 20181229
McAfee-GW-Edition Artemis!Trojan 20181228
Microsoft Ransom:Win32/Troldesh.A 20181228
Palo Alto Networks (Known Signatures) generic.ml 20181229
Qihoo-360 Win32/Trojan.Ransom.f3d 20181229
Rising Malware.Heuristic!ET#81% (RDM+:cmRtazq2fJL1peVHk8v0fC3gbNcM) 20181229
SentinelOne (Static ML) static engine - malicious 20181223
Trapmine malicious.high.ml.score 20181205
VBA32 BScope.Trojan-Spy.Zbot 20181228
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181229
Acronis 20181227
Ad-Aware 20181229
AhnLab-V3 20181228
Alibaba 20180921
ALYac 20181229
Antiy-AVL 20181228
Arcabit 20181229
Avast-Mobile 20181228
Avira (no cloud) 20181228
Babable 20180918
Baidu 20181207
BitDefender 20181229
Bkav 20181227
CAT-QuickHeal 20181228
ClamAV 20181229
CMC 20181228
Comodo 20181229
Cybereason 20180225
Cyren 20181229
Emsisoft 20181229
ESET-NOD32 20181229
F-Prot 20181229
F-Secure 20181229
Fortinet 20181229
GData 20181229
Ikarus 20181228
Jiangmin 20181229
K7AntiVirus 20181228
K7GW 20181229
Kingsoft 20181229
Malwarebytes 20181229
MAX 20181229
eScan 20181229
NANO-Antivirus 20181229
Panda 20181228
Sophos AV 20181229
SUPERAntiSpyware 20181226
Symantec 20181228
Symantec Mobile Insight 20181225
TACHYON 20181229
Tencent 20181229
TheHacker 20181225
TrendMicro 20181229
TrendMicro-HouseCall 20181229
Trustlook 20181229
ViRobot 20181228
Webroot 20181229
Yandex 20181227
Zillya 20181228
Zoner 20181229
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification The digital signature of the object did not verify.
Signing date 7:37 AM 4/9/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-29 03:12:27
Entry Point 0x00156560
Number of sections 3
PE sections
Overlays
MD5 13944cb2cb91524e398ae6416dcf4b50
File type data
Offset 1487360
Size 2760
Entropy 7.40
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegOpenKeyExA
RegQueryValueExW
InitCommonControlsEx
PlayMetaFileRecord
DeleteEnhMetaFile
CreateFontIndirectW
CreateHalftonePalette
GetBkMode
SaveDC
GdiInitSpool
SetDCBrushColor
GdiGradientFill
GdiConvertBrush
GdiGetCharDimensions
GetPixel
GetGlyphOutlineA
GetLayout
PolyDraw
ExcludeClipRect
LineTo
EngAlphaBlend
StartFormPage
DeleteDC
CancelDC
RestoreDC
SetBkMode
GetTextCharacterExtra
EngQueryLocalTime
SetPixel
EngQueryEMFInfo
GdiGetLocalBrush
CLIPOBJ_cEnumStart
BitBlt
GetTextAlign
Polyline
CreateCompatibleBitmap
EnumFontFamiliesA
SetTextColor
GetDeviceCaps
GetCurrentObject
MoveToEx
GdiReleaseDC
BRUSHOBJ_hGetColorTransform
SetMiterLimit
GetGlyphOutline
DrawEscape
CloseMetaFile
GetStockObject
GetDCBrushColor
CreateEnhMetaFileA
ExtCreateRegion
GdiFlush
CreateCompatibleDC
StrokeAndFillPath
HT_Get8BPPMaskPalette
FONTOBJ_pQueryGlyphAttrs
ExtEscape
CreateScalableFontResourceW
CloseFigure
SelectObject
DeleteObject
GdiGetSpoolMessage
Ellipse
SetWindowExtEx
CreateColorSpaceW
GetTextColor
CreateSolidBrush
GdiConvertMetaFilePict
GetMapMode
SetBkColor
SetWinMetaFileBits
GetCharWidth32A
GetTextExtentPoint32W
SetRectRgn
ImmDisableIME
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
HeapSize
SetStdHandle
GetFileTime
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
InterlockedDecrement
SetLastError
GetSystemTime
OpenThread
TlsGetValue
CopyFileW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
LoadLibraryA
EnumResourceLanguagesW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
FlushInstructionCache
GetPrivateProfileStringW
GetVolumeNameForVolumeMountPointA
CreateThread
GetSystemDirectoryW
CreateSemaphoreW
CreateMutexW
MulDiv
IsProcessorFeaturePresent
SetEnvironmentVariableA
FindAtomW
SetUnhandledExceptionFilter
WriteConsoleA
VirtualQuery
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
DeviceIoControl
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoA
GetEnvironmentStrings
GetFileSize
GetStartupInfoW
CreateDirectoryW
GetProcAddress
GetPrivateProfileIntW
AddAtomW
GetProcessHeap
CompareStringW
WriteFile
GetFileSizeEx
ExpandEnvironmentStringsW
GetModuleHandleA
CompareStringA
TerminateProcess
GetPrivateProfileSectionW
GetTimeZoneInformation
ReadDirectoryChangesW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
lstrcpyW
GlobalAlloc
lstrlenW
VirtualFree
Module32FirstW
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
GetAtomNameW
GetCommandLineA
InterlockedCompareExchange
WritePrivateProfileStringW
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
DeleteAtom
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
FindResourceExW
GetLongPathNameW
IsValidCodePage
HeapCreate
FindResourceW
CreateProcessW
Sleep
OpenSemaphoreW
VirtualAlloc
SHGetFolderPathW
SHLoadInProc
DoEnvironmentSubstA
ShellExecuteW
ExtractAssociatedIconExA
SHFileOperationW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHSetValueW
StrStrIA
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
StrCmpNIW
StrStrIW
PathAppendW
StrCmpNA
PathCombineW
StrToIntW
SHGetValueW
GetForegroundWindow
SetWindowRgn
DestroyWindow
LoadCursorFromFileA
PostQuitMessage
GetWindowContextHelpId
IsWindow
GrayStringW
SetDeskWallpaper
EndPaint
OpenIcon
VkKeyScanA
OpenWindowStationW
GetDC
ReleaseDC
LoadBitmapW
SendMessageW
UnregisterClassA
AnyPopup
GetClientRect
DrawTextW
IsClipboardFormatAvailable
GetActiveWindow
GetWindowTextW
LoadAcceleratorsW
GetMenuItemID
PtInRect
GetClassInfoExW
UpdateWindow
GetGuiResources
EnumWindows
CheckRadioButton
GetMessageW
ShowWindow
CallMsgFilterW
ValidateRgn
PeekMessageW
EnableWindow
CharUpperW
TranslateMessage
GetDlgItemTextW
LoadStringA
RegisterClassW
CharLowerA
IsZoomed
GetWindowPlacement
LoadStringW
DrawMenuBar
IsIconic
InvertRect
GetSubMenu
SetTimer
FillRect
EnumThreadWindows
CharNextA
GetDialogBaseUnits
CreateWindowExW
GetWindowLongW
GetWindowInfo
CharNextW
BeginPaint
OffsetRect
DefWindowProcW
CheckMenuRadioItem
GetParent
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
GetMessageExtraInfo
WINNLSGetEnableStatus
CharLowerW
PostMessageW
CheckDlgButton
WaitMessage
CreatePopupMenu
GetTitleBarInfo
SetWindowTextW
CreateMenu
GetDlgItem
CreateIconIndirect
IsDlgButtonChecked
GetDesktopWindow
LoadCursorW
LoadIconW
DispatchMessageW
IntersectRect
EndDialog
GetMessagePos
FindWindowW
GetWindowThreadProcessId
MessageBoxW
GetMenu
RegisterClassExW
MoveWindow
DialogBoxParamW
MessageBoxA
SetDlgItemTextW
EnableMenuItem
GetAltTabInfoA
IsWindowVisible
WinHelpW
UnionRect
FrameRect
SetRect
RealGetWindowClassA
InvalidateRect
CallWindowProcW
CloseDesktop
IsMenu
SendMessageTimeoutW
wsprintfW
TranslateAcceleratorW
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:12:29 04:12:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1401344

LinkerVersion
2.5

FileTypeExtension
exe

InitializedDataSize
85504

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x156560

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Execution parents
File identification
MD5 4c6f64715df65201b347a48ac66d3daa
SHA1 2c4ff72e0f17af6dad7146a2f9de06e1187e0b69
SHA256 414bb1af4fbb618c4889d69144c7f66591c6e5294d0ab3b7ea8b774946977cf2
ssdeep
24576:AcH4RyUdH474qoYqDDBfdcxVrGpw+yf2fJala9wth/j9O/1:jgh4sqoYiDge3o2xaASZMd

authentihash ddfc8758fe67050e4aa53c42e7115ac8d96273ed40cc8417232eb12364c860f6
imphash c0b56bf400b50c017c67f5287c8df2b0
File size 1.4 MB ( 1490120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (47.7%)
Windows screen saver (22.6%)
Win32 Dynamic Link Library (generic) (11.3%)
Win32 Executable (generic) (7.7%)
OS/2 Executable (generic) (3.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-12-29 03:37:47 UTC ( 3 months, 4 weeks ago )
Last submission 2019-03-12 10:55:59 UTC ( 1 month, 2 weeks ago )
File names output.114836334.txt
csrss(84).gxe
sserv.jpg
output.114636648.txt
output.115120293.txt
rad1CE0F.tmp
output.114812960.txt
output.114800187.txt
zinf.jpg
output.114882186.txt
output.114812995.txt
output.114591102.txt
output.114750315.txt
radF671A.tmp
csrss.exe
output.114882382.txt
output.114882783.txt
output.114794729.txt
output.114744735.txt
csrss.exe
output.114812970.txt
output.114770246.txt
output.114882635.txt
output.114577902.txt
4c6f64715df65201b347a48ac66d3daa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections