× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 41937095a71686508a76b18762ac4911a0358089cb856e84fdef6639ce36ca1b
Detection ratio: 25 / 62
Analysis date: 2018-04-16 07:19:58 UTC ( 1 year ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan[PSWTool]/Win32.NetPass 20180416
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180416
BitDefender Gen:Application.Heur.kmGfkOuVZZfG 20180416
CAT-QuickHeal Pwstool.Netpass 20180416
Comodo CloudScanner.Trojan.Gen 20180416
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20170201
Cyren W32/Application.STJM-4263 20180416
Emsisoft Gen:Application.Heur.kmGfkOuVZZfG (B) 20180416
Endgame malicious (moderate confidence) 20180403
ESET-NOD32 a variant of Win32/PSWTool.WebBrowserPassView.B potentially unsafe 20180416
Fortinet Riskware/WebBrowserPassView 20180416
Sophos ML heuristic 20180121
K7AntiVirus Unwanted-Program ( 004b8f2c1 ) 20180416
K7GW Unwanted-Program ( 004b8f2c1 ) 20180416
Malwarebytes Trojan.Dropper 20180416
MAX malware (ai score=98) 20180416
NANO-Antivirus Riskware.Win32.PassView.dwvwlf 20180416
Palo Alto Networks (Known Signatures) generic.ml 20180416
Panda Trj/CI.A 20180415
Qihoo-360 Win32/Virus.PSW.a52 20180416
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Generic PUA CF (PUA) 20180416
Symantec PasswordRevealer 20180416
Webroot W32.Malware.Gen 20180416
ZoneAlarm by Check Point not-a-virus:HEUR:PSWTool.Win32.NetPass.gen 20180416
Ad-Aware 20180416
AegisLab 20180416
AhnLab-V3 20180416
Alibaba 20180416
ALYac 20180416
Arcabit 20180416
Avast 20180416
Avast-Mobile 20180416
AVG 20180416
Avira (no cloud) 20180415
AVware 20180416
Bkav 20180410
ClamAV 20180416
Cybereason None
DrWeb 20180416
eGambit 20180416
F-Prot 20180416
F-Secure 20180416
GData 20180416
Jiangmin 20180416
Kingsoft 20180416
McAfee 20180416
McAfee-GW-Edition 20180416
Microsoft 20180416
eScan 20180416
nProtect 20180416
Rising 20180416
SUPERAntiSpyware 20180416
Symantec Mobile Insight 20180412
Tencent 20180416
TheHacker 20180415
TrendMicro-HouseCall 20180416
Trustlook 20180416
VBA32 20180414
VIPRE 20180416
ViRobot 20180416
WhiteArmor 20180408
Yandex 20180414
Zillya 20180413
Zoner 20180416
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-11 13:54:06
Entry Point 0x0001CEC9
Number of sections 6
PE sections
Overlays
MD5 15709c4c9090d114c85ea637d6933d3c
File type application/x-rar
Offset 259584
Size 3839196
Entropy 8.00
PE imports
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
FindNextFileA
EncodePointer
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
SetFilePointerEx
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
InitializeCriticalSection
AllocConsole
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
QueryPerformanceFrequency
LoadLibraryExA
SetThreadPriority
FindClose
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
FoldStringW
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
CreateSemaphoreW
IsProcessorFeaturePresent
TzSpecificLocalTimeToSystemTime
TerminateProcess
SetUnhandledExceptionFilter
GetModuleHandleExW
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
DecodePointer
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindFirstFileExA
FindNextFileW
ResetEvent
FreeConsole
FindFirstFileW
SetEvent
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
AttachConsole
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetSystemInfo
GetConsoleCP
FindResourceW
CompareStringW
GetEnvironmentStringsW
IsDBCSLeadByte
VirtualQuery
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
GetTempPathW
Sleep
GetOEMCP
CreateHardLinkW
Number of PE resources by type
RT_STRING 10
RT_DIALOG 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN NEUTRAL 23
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:08:11 15:54:06+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
188928

LinkerVersion
14.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1cec9

InitializedDataSize
69632

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d7ee9538f74450acf1d0def1169e9afd
SHA1 257d91e999d967938f9d9155b2995eb994410364
SHA256 41937095a71686508a76b18762ac4911a0358089cb856e84fdef6639ce36ca1b
ssdeep
98304:g+iu/xqMdzM83YKP7d+Z302KyKUWx2uDx9S:g+i+qQMQ7835KH4uC

authentihash 7f23bbbb9b2e5e63f2a1f7d249ee543f27442e83592020434daf16fe81f8bbf2
imphash 027ea80e8125c6dda271246922d4c3b0
File size 3.9 MB ( 4098780 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-04-02 16:18:45 UTC ( 1 year ago )
Last submission 2019-03-22 05:19:19 UTC ( 1 month ago )
File names web (1).exe
web.exe
web.exe
1c9877e3-414b-11e8-9653-80e65024849a.file
Malware (126).exe
web.exe
web.exe
1c9877e3-414b-11e8-9653-80e65024849a.file
output.113025589.txt
1c9877e3-414b-11e8-9653-80e65024849a.file
1c9877e3-414b-11e8-9653-80e65024849a.file
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs