× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 445be12aeed47aa5f0a9aec919c365ffd57f5b51da1aceb511f06500b3e6e253
File name: 111.exe
Detection ratio: 54 / 71
Analysis date: 2019-02-12 20:17:43 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Acronis suspicious 20190208
Ad-Aware Trojan.CryptZ.Gen 20190212
AhnLab-V3 Trojan/Win32.Shell.R1283 20190212
ALYac Trojan.CryptZ.Gen 20190212
Antiy-AVL Trojan[Packed]/Win32.BDF 20190212
Arcabit Trojan.CryptZ.Gen 20190212
Avast Win32:SwPatch [Wrm] 20190212
AVG Win32:SwPatch [Wrm] 20190212
Avira (no cloud) TR/Crypt.EPACK.Gen2 20190212
BitDefender Trojan.CryptZ.Gen 20190212
Bkav W32.FamVT.RorenNHc.Trojan 20190201
CAT-QuickHeal Trojan.Swrort.A 20190212
ClamAV Win.Trojan.Swrort-5710536-0 20190212
Comodo TrojWare.Win32.Rozena.A@4jwdqr 20190212
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.b8d656 20190109
Cylance Unsafe 20190212
Cyren W32/Swrort.A 20190212
DrWeb Trojan.Swrort.1 20190212
Emsisoft Trojan.CryptZ.Gen (B) 20190212
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Rozena.ED 20190212
F-Prot W32/Swrort.A 20190212
F-Secure Trojan.TR/Crypt.EPACK.Gen2 20190212
Fortinet W32/Swrort.C!tr 20190212
GData Trojan.CryptZ.Gen 20190212
Ikarus Trojan.Win32.Swrort 20190212
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 004c49f81 ) 20190212
K7GW Trojan ( 004c49f81 ) 20190212
Kaspersky Packed.Win32.BDF.a 20190212
McAfee Swrort.i 20190212
McAfee-GW-Edition BehavesLike.Win32.Swrort.lh 20190212
Microsoft Trojan:Win32/Meterpreter.O 20190212
eScan Trojan.CryptZ.Gen 20190212
NANO-Antivirus Virus.Win32.Gen.ccmw 20190212
Palo Alto Networks (Known Signatures) generic.ml 20190212
Panda Trj/GdSda.A 20190212
Qihoo-360 Win32/Trojan.08a 20190212
Rising HackTool.Swrort!1.6477 (CLOUD) 20190212
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/EncPk-TZ 20190212
SUPERAntiSpyware Trojan.Backdoor-PoisonIvy 20190206
Symantec Packed.Generic.347 20190212
Tencent Win32.Trojan.Generic.Efkt 20190212
Trapmine malicious.high.ml.score 20190123
TrendMicro BKDR_SWRORT.SM 20190212
TrendMicro-HouseCall BKDR_SWRORT.SM 20190212
VIPRE Trojan.Win32.Swrort.B (v) 20190212
ViRobot Trojan.Win32.Elzob.Gen 20190212
Webroot W32.Malware.Gen 20190212
Yandex Trojan.Rosena.Gen.1 20190212
Zillya Trojan.Rozena.Win32.70079 20190212
ZoneAlarm by Check Point Packed.Win32.BDF.a 20190212
AegisLab 20190212
Alibaba 20180921
Avast-Mobile 20190212
Babable 20180918
Baidu 20190202
CMC 20190212
eGambit 20190212
Jiangmin 20190212
Kingsoft 20190212
Malwarebytes 20190212
MAX 20190213
Symantec Mobile Insight 20190207
TACHYON 20190212
TheHacker 20190212
TotalDefense 20190212
Trustlook 20190212
VBA32 20190212
Zoner 20190212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2009 The Apache Software Foundation.

Product Apache HTTP Server
Original name ab.exe
Internal name ab.exe
File version 2.2.14
Description ApacheBench command line utility
Comments Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-05-17 00:49:44
Entry Point 0x0000B096
Number of sections 4
PE sections
Overlays
MD5 95eb479e8f470740aa86bcb86cb13966
File type data
Offset 73728
Size 74
Entropy 4.61
PE imports
FreeSid
AllocateAndInitializeSid
PeekNamedPipe
GetLastError
EnterCriticalSection
ReleaseMutex
FileTimeToSystemTime
GetOverlappedResult
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SystemTimeToFileTime
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
FileTimeToLocalFileTime
GetCommandLineW
FreeEnvironmentStringsW
GetProcAddress
FormatMessageA
SetStdHandle
CreateMutexA
TlsFree
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetFileInformationByHandle
DuplicateHandle
SetHandleInformation
SetEvent
LocalFree
TerminateProcess
DeviceIoControl
GetTimeZoneInformation
InitializeCriticalSection
CreateFileW
CreateEventA
Sleep
GetFileType
CreateFileA
SetLastError
LeaveCriticalSection
strncmp
__p__fmode
malloc
__p__environ
realloc
fclose
__dllonexit
_controlfp
fprintf
printf
fflush
fopen
strncpy
_except_handler3
_errno
qsort
_onexit
wcslen
exit
_XcptFilter
_ftol
strrchr
__setusermatherr
__p__wenviron
_adjust_fdiv
_strdup
_close
strchr
_isctype
__p__commode
_pctype
free
__p___initenv
atoi
wcsncmp
__getmainargs
calloc
perror
_initterm
strstr
signal
strerror
wcscpy
strspn
modf
__mb_cur_max
_strnicmp
_exit
__set_app_type
_iob
WSARecv
WSASend
setsockopt
getsockopt
__WSAFDIsSet
ntohl
ioctlsocket
WSAStartup
gethostbyname
WSAGetLastError
connect
WSACleanup
inet_ntoa
htons
closesocket
select
socket
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.2.14.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ApacheBench command line utility

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
40960

EntryPoint
0xb096

OriginalFileName
ab.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2009 The Apache Software Foundation.

FileVersion
2.2.14

TimeStamp
2009:05:17 02:49:44+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
ab.exe

ProductVersion
2.2.14

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Apache Software Foundation

CodeSize
45056

ProductName
Apache HTTP Server

ProductVersionNumber
2.2.14.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f6db277b8d65602a9957b59c2bfa2d6a
SHA1 3913897a4c9d5876a2f7657acbf46c2cc7c16b0a
SHA256 445be12aeed47aa5f0a9aec919c365ffd57f5b51da1aceb511f06500b3e6e253
ssdeep
1536:IKZQy7hFAanbh2qLSn64wnFbrbZrAMb+KR0Nc8QsJq39:tQy7hWabh2oR4wnDUe0Nc8QsC9

authentihash 79b91e4830e5dc6976af843414561a7da96dee955918dd66b82211dbdb16caf5
imphash 481f47bbb2c9c21e108d65f52b04c448
File size 72.1 KB ( 73802 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-01-25 08:20:55 UTC ( 3 months, 3 weeks ago )
Last submission 2019-02-12 20:17:43 UTC ( 3 months, 1 week ago )
File names 445be12aeed47aa5f0a9aec919c365ffd57f5b51da1aceb511f06500b3e6e253.exe
ab.exe
111.exe
111.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs