× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4154154b18aa17496333e2ca626e6e3e37e2a000fe34facbbefa73dd897509b6
File name: 185bz.jpg.exe_
Detection ratio: 32 / 70
Analysis date: 2019-02-18 07:48:10 UTC ( 3 months ago ) View latest
Antivirus Result Update
Acronis suspicious 20190213
Ad-Aware Gen:Variant.Barys.1716 20190218
ALYac Gen:Variant.Barys.1716 20190218
Antiy-AVL Trojan[Spy]/Win32.Noon 20190218
Arcabit Trojan.Barys.D6B4 20190218
Avast Win32:Malware-gen 20190218
AVG Win32:Malware-gen 20190218
BitDefender Gen:Variant.Barys.1716 20190218
Cybereason malicious.873857 20190109
Cylance Unsafe 20190218
DrWeb Trojan.PWS.Spy.21017 20190218
Emsisoft Gen:Variant.Barys.1716 (B) 20190218
Endgame malicious (high confidence) 20190215
ESET-NOD32 Win32/TrojanDownloader.Zurgop.DA 20190218
Fortinet W32/Generic.AC.43A2A9!tr 20190218
GData Gen:Variant.Barys.1716 20190218
Ikarus Trojan-Downloader.Win32.Zurgop 20190217
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20190218
K7GW Riskware ( 0040eff71 ) 20190218
MAX malware (ai score=84) 20190218
McAfee GenericRXGY-BO!E85D9FA87385 20190218
McAfee-GW-Edition BehavesLike.Win32.Pate.dh 20190218
Microsoft Trojan:Win32/Fuerboos.C!cl 20190218
eScan Gen:Variant.Barys.1716 20190218
NANO-Antivirus Trojan.Win32.Zurgop.fmoknh 20190218
Panda Trj/GdSda.A 20190217
Rising Downloader.Zurgop!8.4BB (RDM+:cmRtazqZhYax1Gkqb/IphTMvuU4a) 20190218
SentinelOne (Static ML) static engine - malicious 20190203
Trapmine malicious.moderate.ml.score 20190123
VBA32 TrojanDownloader.Dofoil 20190215
Zillya Downloader.Zurgop.Win32.2095 20190215
AegisLab 20190218
AhnLab-V3 20190217
Alibaba 20180921
Avast-Mobile 20190217
Avira (no cloud) 20190218
Babable 20180918
Baidu 20190215
Bkav 20190216
CAT-QuickHeal 20190217
ClamAV 20190217
CMC 20190217
Comodo 20190218
CrowdStrike Falcon (ML) 20181023
Cyren 20190218
eGambit 20190218
F-Prot 20190218
F-Secure 20190218
Jiangmin 20190218
Kaspersky 20190218
Kingsoft 20190218
Malwarebytes 20190218
Palo Alto Networks (Known Signatures) 20190218
Qihoo-360 20190218
Sophos AV 20190218
SUPERAntiSpyware 20190213
Symantec 20190217
Symantec Mobile Insight 20190207
TACHYON 20190218
Tencent 20190218
TheHacker 20190217
TotalDefense 20190218
TrendMicro 20190218
TrendMicro-HouseCall 20190218
Trustlook 20190218
ViRobot 20190218
Webroot 20190218
Yandex 20190215
ZoneAlarm by Check Point 20190218
Zoner 20190218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 11:30:31
Entry Point 0x000037C5
Number of sections 6
PE sections
PE imports
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
SetMapMode
PatBlt
SaveDC
TextOutA
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
SetPixel
IntersectClipRect
BitBlt
SetTextColor
GetObjectA
CreateBitmap
RectVisible
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
ExtTextOutA
PtVisible
GetTextExtentPointA
GdiFlush
CreateCompatibleDC
ScaleViewportExtEx
SelectObject
SetWindowExtEx
CreateSolidBrush
SetViewportExtEx
Escape
SetBkColor
DeleteObject
GetStdHandle
HeapDestroy
IsBadCodePtr
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
TlsGetValue
FormatMessageA
SetLastError
GlobalFindAtomA
HeapAlloc
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
TerminateProcess
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GetProcAddress
GlobalReAlloc
lstrcmpA
lstrcpyA
GetProfileStringA
GlobalLock
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetVersion
SizeofResource
HeapCreate
VirtualFree
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
LoadRegTypeLib
SysFreeString
SysStringLen
SetFocus
GetMessagePos
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
GrayStringA
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetWindowTextLengthA
ClientToScreen
GetTopWindow
ExcludeUpdateRgn
GetActiveWindow
GetWindowTextA
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
EnumWindows
ShowWindow
GetPropA
GetMenuState
EnableWindow
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
LoadStringA
GetWindowPlacement
IsIconic
RegisterClassA
TabbedTextOutA
GetSubMenu
CreateWindowExA
CharNextA
GetSysColorBrush
IsWindowUnicode
PtInRect
IsDialogMessageA
MapWindowPoints
BeginPaint
OffsetRect
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
GetWindowRect
InflateRect
PostMessageA
DrawIcon
SetWindowLongA
RemovePropA
SetWindowTextA
ShowCaret
GetWindowLongA
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
ValidateRect
GetMenuItemID
SetForegroundWindow
PostThreadMessageA
DrawTextA
IntersectRect
EndDialog
HideCaret
CopyRect
GetCapture
CheckMenuItem
UnhookWindowsHookEx
RegisterClipboardFormatA
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
InvalidateRect
wsprintfA
DefDlgProcA
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
OleUninitialize
OleInitialize
CoRevokeClassObject
OleFlushClipboard
CoCreateInstance
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleIsCurrentClipboard
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:12:06 12:30:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
90112

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x37c5

InitializedDataSize
155648

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 e85d9fa873857a9540e47e2d7cd14b02
SHA1 8ac4ec00512ffad5c51fee90db7d3421e7588d6d
SHA256 4154154b18aa17496333e2ca626e6e3e37e2a000fe34facbbefa73dd897509b6
ssdeep
3072:EE9CqoFKSahgRLPwb0bvPzATYNUIBlPaxZrnQNjwdofgQOmxILTGJBDr9VV:iqdgJIOsOUuTOma895

authentihash 33975eb6f0cb2124434ef0bb51cf9e2b2352c85c08017d520d1843dbb6f51789
imphash 17f26bdcef683ee9a171592a44da0877
File size 244.0 KB ( 249856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-18 07:48:10 UTC ( 3 months ago )
Last submission 2019-02-18 07:48:10 UTC ( 3 months ago )
File names 185bz.jpg.exe_
185bz.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs