× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 428558fcf4133715cf08d2fdf904b35f3c5e47dadbb5128b43785648688abfa1
File name: Pnjleral__0.exE
Detection ratio: 9 / 66
Analysis date: 2017-10-06 11:08:05 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20170930
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20171006
Endgame malicious (high confidence) 20170821
Palo Alto Networks (Known Signatures) generic.ml 20171006
Qihoo-360 HEUR/QVM07.1.5264.Malware.Gen 20171006
Rising Malware.Heuristic!ET#92% (RDM+:cmRtazryAN4uYLLXdBjSDmUoCTMA) 20171006
SentinelOne (Static ML) static engine - malicious 20171001
WhiteArmor Malware.HighConfidence 20170927
Ad-Aware 20171006
AegisLab 20171006
AhnLab-V3 20171006
Alibaba 20170911
ALYac 20171006
Antiy-AVL 20171006
Arcabit 20171006
Avast 20171006
Avast-Mobile 20171006
AVG 20171006
Avira (no cloud) 20171006
AVware 20171006
BitDefender 20171006
Bkav 20171006
CAT-QuickHeal 20171006
ClamAV 20171006
CMC 20171006
Comodo 20171006
Cyren 20171006
DrWeb 20171006
Emsisoft 20171006
ESET-NOD32 20171006
F-Prot 20171006
F-Secure 20171006
Fortinet 20171006
GData 20171006
Ikarus 20171006
Sophos ML 20170914
Jiangmin 20171006
K7AntiVirus 20171006
K7GW 20171006
Kaspersky 20171006
Kingsoft 20171006
Malwarebytes 20171006
MAX 20171006
McAfee 20171006
McAfee-GW-Edition 20171006
Microsoft 20171006
eScan 20171006
NANO-Antivirus 20171006
nProtect 20171006
Panda 20171005
Sophos AV 20171006
SUPERAntiSpyware 20171006
Symantec 20171006
Symantec Mobile Insight 20171006
Tencent 20171006
TheHacker 20171002
TotalDefense 20171006
TrendMicro 20171006
TrendMicro-HouseCall 20171006
Trustlook 20171006
VBA32 20171006
VIPRE 20171006
ViRobot 20171006
Webroot 20171006
Yandex 20171005
Zillya 20171005
ZoneAlarm by Check Point 20171006
Zoner 20171006
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-09 08:46:19
Entry Point 0x0001D470
Number of sections 4
PE sections
PE imports
CreateCompatibleDC
GetLastError
HeapFree
GetStdHandle
SetHandleCount
GetOEMCP
HeapDestroy
HeapAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
GetCurrentDirectoryW
GetFileSize
GetCPInfo
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetModuleHandleA
WriteFile
GetStartupInfoA
CloseHandle
CreateFileMappingA
GetACP
GetModuleHandleW
TerminateProcess
HeapCreate
CreateFileW
VirtualFree
GetFileType
CreateFileA
ExitProcess
GetVersion
VirtualAlloc
ExtractIconW
RedrawWindow
UpdateWindow
GetScrollRange
EndDialog
PostQuitMessage
DefWindowProcW
GetDlgCtrlID
GetMessageW
ShowWindow
SetScrollRange
GetWindowRect
RegisterClassExW
SetMenu
MoveWindow
DialogBoxParamW
TranslateMessage
GetScrollInfo
DispatchMessageW
RemovePropA
SendMessageW
LoadStringW
ScreenToClient
InvalidateRect
GetWindowLongA
LoadCursorA
GetActiveWindow
GetDesktopWindow
LoadCursorW
GetClassNameA
CreateWindowExW
wsprintfW
GetWindowTextA
PtInRect
DestroyWindow
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:04:09 10:46:19+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
282624

LinkerVersion
5.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1d470

InitializedDataSize
230400

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 4849ab316b3dcde68a2a23c22dee2d98
SHA1 48827786029e0575687ee5f0707f7ebfc4ca2515
SHA256 428558fcf4133715cf08d2fdf904b35f3c5e47dadbb5128b43785648688abfa1
ssdeep
6144:GmWhfxau8aL2lDSqF6TbuxbpWHVZTfv3bexsVQs2tZfG/NecanqvkP7j:0hfx7InEr/zTAsrfNeq6X

authentihash 694b83053330990cbb0b8fcdd0754024d17d44528c49afebeb2f793c0f202fcc
imphash 15a92363039fb41362406845afb153a0
File size 500.0 KB ( 512000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe installshield

VirusTotal metadata
First submission 2017-10-06 11:08:05 UTC ( 1 year, 6 months ago )
Last submission 2019-04-03 02:56:47 UTC ( 2 weeks, 2 days ago )
File names output.112319277.txt
c83042a1-acb4-11e7-bc60-80e65024849a.file
VirusShare_4849ab316b3dcde68a2a23c22dee2d98
c83042a1-acb4-11e7-bc60-80e65024849a.file
6g90gcf6-ad52-22f7-cd7d-80f66035859a.exe
6f90fbe6-ac41-11e7-bc7c-80e65024849a.file
ser106.png
6f90fbe6-ac41-11e7-bc7c-80e65024849a.exe
196679e85b00a315407e65f9965d5c4d0b15968b
6f90fbe6-ac41-11e7-bc7c-80e65024849a.file
6g90gcf6-ad52-22f7-cd7d-80f66035859a.exe
Pnjleral__0.exE
c83042a1-acb4-11e7-bc60-80e65024849a.exe
6f90fbe6-ac41-11e7-bc7c-80e65024849a.file
4849ab316b3dcde68a2a23c22dee2d98.exe
d84053a2-adc5-22f7-cd60-80f66035859a.exe
c83042a1-acb4-11e7-bc60-80e65024849a.file
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications