× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4228dc8ef68ac0ec671053b375736df6eafedc036ab022b478aecfc340f28986
File name: lcyjozeb.exe
Detection ratio: 9 / 62
Analysis date: 2018-04-04 10:22:07 UTC ( 1 year ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9861 20180404
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180404
Endgame malicious (high confidence) 20180403
Palo Alto Networks (Known Signatures) generic.ml 20180404
Qihoo-360 HEUR/QVM20.1.46D5.Malware.Gen 20180404
SentinelOne (Static ML) static engine - malicious 20180225
Symantec ML.Attribute.HighConfidence 20180404
WhiteArmor Malware.HighConfidence 20180403
Ad-Aware 20180404
AegisLab 20180404
AhnLab-V3 20180404
Alibaba 20180404
ALYac 20180404
Antiy-AVL 20180404
Arcabit 20180404
Avast 20180404
Avast-Mobile 20180404
AVG 20180404
Avira (no cloud) 20180404
AVware 20180404
BitDefender 20180404
Bkav 20180404
CAT-QuickHeal 20180404
ClamAV 20180404
CMC 20180404
Comodo 20180404
Cybereason 20180225
Cyren 20180404
DrWeb 20180404
eGambit 20180404
Emsisoft 20180404
ESET-NOD32 20180404
F-Prot 20180404
F-Secure 20180404
Fortinet 20180404
GData 20180404
Jiangmin 20180404
K7AntiVirus 20180404
K7GW 20180404
Kingsoft 20180404
Malwarebytes 20180404
MAX 20180404
McAfee 20180404
McAfee-GW-Edition 20180404
Microsoft 20180404
eScan 20180404
nProtect 20180404
Panda 20180403
Rising 20180404
Sophos AV 20180404
SUPERAntiSpyware 20180404
Symantec Mobile Insight 20180401
Tencent 20180404
TheHacker 20180330
TrendMicro 20180404
TrendMicro-HouseCall 20180404
Trustlook 20180404
VBA32 20180403
VIPRE 20180404
ViRobot 20180404
Yandex 20180403
Zillya 20180403
ZoneAlarm by Check Point 20180404
Zoner 20180403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-11-16 08:13:03
Entry Point 0x00011D70
Number of sections 4
PE sections
PE imports
Ord(17)
InitCommonControlsEx
GetOpenFileNameW
CreateCompatibleDC
DeleteDC
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
GetVersionExW
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
InterlockedIncrement
FreeEnvironmentStringsW
GetCommandLineA
lstrcatW
TlsFree
CreateFileMappingW
lstrcpyW
RaiseException
GetCPInfo
GetStringTypeA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
QueryPerformanceCounter
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
GetProcAddress
VirtualAlloc
SetLastError
LeaveCriticalSection
GetParent
GetScrollRange
EndDialog
LoadBitmapW
DefWindowProcW
GetScrollPos
GetMessageW
PostQuitMessage
DrawFrameControl
LoadBitmapA
SetWindowPos
SetWindowLongW
MessageBoxW
EndPaint
MoveWindow
DialogBoxParamW
TranslateMessage
PostMessageW
DispatchMessageW
BeginPaint
GetMenu
TranslateAcceleratorW
LoadStringW
SetWindowTextW
FrameRect
InvalidateRect
DrawFocusRect
SetTimer
GetClassNameW
DialogBoxIndirectParamW
EnableWindow
DeferWindowPos
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
RegisterClassExW
GetMenuItemID
DestroyWindow
Number of PE resources by type
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
48.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.2

LanguageCode
Unknown (40D0)

FileFlagsMask
0x0000

FileDescription
AVZ Inc. EU application

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unknown (83B0)

InitializedDataSize
188416

EntryPoint
0x11d70

OriginalFileName
avzapp

MIMEType
application/octet-stream

LegalCopyright
AVZ Inc. All rights reserved. 2018

FileVersion
1.0.0.2

TimeStamp
2015:11:16 00:13:03-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
avzapp

ProductVersion
1.0.0.2

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
AVZ Inc.

CodeSize
249856

ProductName
AVZ Inc tehno

ProductVersionNumber
1.0.0.2

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 c52cba3359ef8b900b25dd81ec5df47d
SHA1 f07accb10755fa69eee854c6eedba2759bdb9636
SHA256 4228dc8ef68ac0ec671053b375736df6eafedc036ab022b478aecfc340f28986
ssdeep
6144:6QbWVUgSL1jOkrkNaXHS0X7X+KsRh+W/0hxLlanuO6L8sLGF9cYretWT+O3h2Ef9:DuLyowj6jK65cM

authentihash 25ea0e648075c904744aad122aaf61b4d0612ea75874f873f5ef6b3cb665cb79
imphash 502ac1e2a17989df52d5674d2c661587
File size 424.0 KB ( 434176 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-04 10:22:07 UTC ( 1 year ago )
Last submission 2019-01-06 12:58:31 UTC ( 3 months, 1 week ago )
File names dorogan.png
c52cba3359ef8b900b25dd81ec5df47d.exe
f07accb10755fa69eee854c6eedba2759bdb9636.exe
VirusShare_c52cba3359ef8b900b25dd81ec5df47d
2018-04-04-Trickbot-binary-1-of-2.exe
614a7b939c5ddde8644e8ab08541ed7083cdb9bc
lcyjozeb.exe
Kare-sbdb_rg.exe
c52cba3359ef8b900b25dd81ec5df47d_exe
output.113076554.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections