× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 42ea1cb0449bf305c0be51c4bda3373ddc61441ec66bd2fce3c8683768478b96
File name: output.114722617.txt
Detection ratio: 47 / 70
Analysis date: 2018-12-21 14:49:53 UTC ( 3 months, 4 weeks ago ) View latest
Antivirus Result Update
Acronis malware 20180726
Ad-Aware Gen:Variant.Razy.375484 20181221
AhnLab-V3 Trojan/Win64.CoinMiner.C2710341 20181221
ALYac Gen:Variant.Razy.375484 20181221
Antiy-AVL Trojan/Win32.Fuerboos 20181221
Arcabit Trojan.Razy.D5BABC 20181221
Avast Win64:Malware-gen 20181221
AVG Win64:Malware-gen 20181221
Avira (no cloud) HEUR/AGEN.1031781 20181221
BitDefender Gen:Variant.Razy.375484 20181221
CAT-QuickHeal Trojan.IGENERIC 20181221
Comodo Malware@#b6kgnkuv3z4e 20181220
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181022
Cylance Unsafe 20181221
Cyren W64/Trojan.YJHU-7078 20181221
DrWeb Trojan.MulDrop8.33370 20181221
Emsisoft Gen:Variant.Razy.375484 (B) 20181221
ESET-NOD32 a variant of Win64/Packed.Enigma.Q 20181221
F-Secure Gen:Variant.Razy.375484 20181221
Fortinet W32/PossibleThreat 20181221
GData Gen:Variant.Razy.375484 20181221
Ikarus Trojan.Win64.Enigma 20181221
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005387901 ) 20181221
K7GW Trojan ( 005387901 ) 20181221
Malwarebytes Trojan.MalPack.Generic 20181221
MAX malware (ai score=100) 20181221
McAfee Artemis!D23D4C1D56AF 20181221
McAfee-GW-Edition BehavesLike.Win64.Injector.rc 20181221
Microsoft Trojan:Win32/Skeeyah.A!rfn 20181221
eScan Gen:Variant.Razy.375484 20181221
NANO-Antivirus Virus.Win64.Virut-Gen.bwpxnc 20181221
Palo Alto Networks (Known Signatures) generic.ml 20181221
Panda Trj/CI.A 20181220
Qihoo-360 Win32/Trojan.ae7 20181221
Rising Trojan.Occamy!8.F1CD (CLOUD) 20181221
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Mal/Generic-S 20181221
Symantec Trojan.Gen.2 20181221
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.R001C0DJV18 20181221
TrendMicro-HouseCall TROJ_GEN.R001C0DJV18 20181221
VBA32 Trojan.MulDrop 20181221
ViRobot Trojan.Win32.Z.Razy.4573696 20181221
Webroot W32.Trojan.Gen 20181221
Yandex Trojan.Enigma! 20181221
Zillya Trojan.Packed.Win64.1988 20181219
AegisLab 20181221
Alibaba 20180921
Avast-Mobile 20181221
Babable 20180918
Baidu 20181207
Bkav 20181221
ClamAV 20181221
CMC 20181220
Cybereason 20180225
eGambit 20181221
Endgame 20181108
F-Prot 20181221
Jiangmin 20181221
Kaspersky 20181221
Kingsoft 20181221
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181221
Tencent 20181221
TheHacker 20181220
TotalDefense 20181221
Trustlook 20181221
ZoneAlarm by Check Point 20181221
Zoner 20181221
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
FileVersionInfo properties
Packers identified
F-PROT embedded
PE header basic information
Target machine x64
Compilation timestamp 2018-07-14 10:42:59
Entry Point 0x0000EC00
Number of sections 5
PE sections
PE imports
RegOpenKeyA
SetThreadLocale
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
WaitForSingleObject
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetDriveTypeW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetThreadContext
FindResourceExA
WideCharToMultiByte
WriteFile
EnumResourceLanguagesA
ResumeThread
SetEvent
LocalFree
GetThreadPriority
InitializeCriticalSection
LoadResource
GetLogicalDriveStringsW
FindClose
TlsGetValue
QueryDosDeviceW
FormatMessageA
GetFullPathNameW
SetLastError
SuspendThread
RemoveDirectoryW
TryEnterCriticalSection
ExitProcess
GetModuleFileNameA
EnumCalendarInfoA
CreateActCtxW
SetThreadPriority
GetUserDefaultLCID
ActivateActCtx
RtlVirtualUnwind
MultiByteToWideChar
FlushInstructionCache
SetFilePointer
SetFileAttributesW
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
ExitThread
SetThreadContext
SetCurrentDirectoryW
SetEndOfFile
GetVersion
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
FreeLibrary
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
WriteProcessMemory
GetWindowsDirectoryA
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CompareStringW
GetModuleFileNameW
FindNextFileW
RtlLookupFunctionEntry
EnumResourceNamesA
ResetEvent
FindFirstFileW
RtlUnwindEx
CreateFileW
CreateEventA
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
VirtualAllocEx
GetSystemInfo
GetConsoleCP
GetThreadLocale
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineA
EnumResourceTypesA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetCurrentThreadId
FreeResource
GetTempPathW
PostQueuedCompletionStatus
VirtualFree
Sleep
IsBadReadPtr
FindResourceA
VirtualAlloc
GetOEMCP
CompareStringA
ZwProtectVirtualMemory
RtlFormatCurrentUserKeyPath
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlInitAnsiString
LdrGetProcedureAddress
LdrLoadDll
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
CoUninitialize
CoInitialize
VariantCopy
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayPtrOfIndex
SysAllocStringLen
SafeArrayUnaccessData
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
SafeArrayRedim
SysFreeString
SafeArrayPutElement
VariantInit
VariantChangeTypeEx
PathMatchSpecW
CharLowerBuffW
CharLowerA
GetSystemMetrics
CharUpperBuffA
MessageBoxA
CharLowerBuffA
CharUpperBuffW
MessageBeep
CharUpperA
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2018:07:14 11:42:59+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
8192

LinkerVersion
2.3

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Large address aware, No debug

EntryPoint
0xec00

InitializedDataSize
4096

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
49152

File identification
MD5 d23d4c1d56afd999bf79fb8d4403ebe1
SHA1 2638c3ab849e27212ea56d8631153363043c3456
SHA256 42ea1cb0449bf305c0be51c4bda3373ddc61441ec66bd2fce3c8683768478b96
ssdeep
98304:C2T/u0Y39aLWLbsIKMHPBgK1ieLsA+zxTOnAjYUAoX:C2C5NaLWLbsIfT8DA+lQSYRo

authentihash 7327f8133cd6c61f21480441274e7a3414d8a396a08fe8790ae7319da23eb605
imphash c12117e38e47ef89b191482b17ad4180
File size 4.4 MB ( 4573696 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console)

TrID Win32 EXE PECompact compressed (generic) (43.1%)
Win64 Executable (generic) (28.6%)
Microsoft Visual C++ compiled executable (generic) (17.1%)
Win32 Executable (generic) (4.6%)
OS/2 Executable (generic) (2.1%)
Tags
64bits peexe

VirusTotal metadata
First submission 2018-10-27 05:46:19 UTC ( 5 months, 3 weeks ago )
Last submission 2018-12-21 14:49:53 UTC ( 3 months, 4 weeks ago )
File names output.114722617.txt
b
d23d4c1d56afd999bf79fb8d4403ebe1
jcecn.exe
jcecn.exe
j033a.exe
.
jcecn.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!