× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 41e17ea8101b4fac481168afed74955d58c230e8df3c590ecbf66e7ed42a11ce
File name: Audikadp.exe
Detection ratio: 22 / 64
Analysis date: 2017-09-11 07:11:44 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
AegisLab Troj.Spy.W32.Ursnif!c 20170911
AhnLab-V3 Trojan/Win32.Refinka.R208445 20170911
Avast FileRepMetagen [Malware] 20170911
AVG FileRepMetagen [Malware] 20170911
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20170911
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20170911
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/GenKryptik.AVOX 20170911
Sophos ML heuristic 20170822
Kaspersky Trojan-Spy.Win32.Ursnif.twd 20170911
McAfee-GW-Edition BehavesLike.Win32.Downloader.fc 20170911
Palo Alto Networks (Known Signatures) generic.ml 20170911
Qihoo-360 HEUR/QVM20.1.C4AE.Malware.Gen 20170911
Rising Malware.Heuristic!ET#98% (rdm+) 20170911
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Elenoocka-E 20170911
Symantec ML.Attribute.HighConfidence 20170911
TrendMicro Ransom_CERBER.SMALY0 20170911
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20170911
WhiteArmor Malware.HighConfidence 20170829
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.twd 20170911
Ad-Aware 20170911
Alibaba 20170911
ALYac 20170911
Antiy-AVL 20170911
Arcabit 20170911
Avira (no cloud) 20170911
AVware 20170906
BitDefender 20170911
Bkav 20170909
CAT-QuickHeal 20170911
ClamAV 20170911
CMC 20170902
Comodo 20170911
Cyren 20170911
DrWeb 20170911
Emsisoft 20170911
F-Prot 20170911
F-Secure 20170911
Fortinet 20170911
GData 20170911
Ikarus 20170910
Jiangmin 20170911
K7AntiVirus 20170911
K7GW 20170911
Kingsoft 20170911
Malwarebytes 20170911
MAX 20170911
McAfee 20170911
Microsoft 20170911
eScan 20170911
NANO-Antivirus 20170911
nProtect 20170911
Panda 20170910
SUPERAntiSpyware 20170911
Symantec Mobile Insight 20170911
Tencent 20170911
TheHacker 20170907
Trustlook 20170911
VBA32 20170907
VIPRE 20170911
ViRobot 20170911
Webroot 20170911
Yandex 20170908
Zillya 20170909
Zoner 20170911
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-24 11:48:16
Entry Point 0x0000AAD7
Number of sections 4
PE sections
PE imports
RegUnLoadKeyA
RegReplaceKeyA
RegOpenKeyA
RegSaveKeyA
LogonUserW
OpenEventLogW
ControlService
InitializeAcl
RegCreateKeyExA
RegEnumKeyA
ClearEventLogA
CryptSignHashA
GetConsoleAliasA
lstrcmpiA
WaitForSingleObject
CreateJobObjectW
GetTickCount
CreateMailslotA
GetModuleFileNameA
GetFileAttributesW
GetDateFormatA
LoadLibraryExA
GetProfileSectionW
GetCommandLineW
SearchPathW
DeleteFileW
GetProcAddress
GetTempPathA
MoveFileExW
GetModuleHandleA
GetSystemDirectoryA
GetStringTypeW
ReadConsoleA
MoveFileA
GetLogicalDriveStringsA
OpenJobObjectW
InitializeCriticalSection
UnmapViewOfFile
CreateFileW
GetVersion
GetExpandedNameA
PathCompactPathW
UrlIsA
UrlHashW
PathAppendA
UrlIsNoHistoryW
UrlIsOpaqueW
UrlGetLocationW
PathCommonPrefixA
PathCombineA
PathIsURLW
UrlCombineW
UrlGetPartW
PathIsRootW
UrlCompareW
Chkdsk
FormatEx
WTSVirtualChannelPurgeInput
WTSQuerySessionInformationA
WTSQueryUserToken
WTSVirtualChannelRead
WTSFreeMemory
WTSRegisterSessionNotification
WTSSetSessionInformationW
WTSEnumerateSessionsW
WTSSetUserConfigW
WTSWaitSystemEvent
WTSEnumerateServersA
Number of PE resources by type
RT_DIALOG 5
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:03:24 12:48:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
50176

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xaad7

InitializedDataSize
328192

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Execution parents
PCAP parents
File identification
MD5 90054d1ec814c6aae580e8876889c23f
SHA1 b127fb5638348824fd34050ee3718bdb3917f060
SHA256 41e17ea8101b4fac481168afed74955d58c230e8df3c590ecbf66e7ed42a11ce
ssdeep
6144:ekIDomomomomomomoUoh9jeTmMSe8/eavPBD0kuymAz+8KESnXsCNwl0GoUXS:ekIU999999D7jeTmHe8HutAz+P7nXsy0

authentihash 8130261fb382d44f7c8a95b44aad890503b5210f4b6a80d242480bc94c73841b
imphash 50eae9f52b8ec60048240987120f56ba
File size 370.5 KB ( 379392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-09-11 06:32:46 UTC ( 1 year, 6 months ago )
Last submission 2018-05-21 19:33:37 UTC ( 10 months ago )
File names 5000.exe
90054d1ec814c6aae580e8876889c23f.vir
Audikadp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Opened mutexes
Searched windows
Runtime DLLs