× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 45d8a01dcb0a64c9af1afb46b2c7d96895a84658ba8d610160836baefffce57e
File name: ORif1xJ.exe
Detection ratio: 15 / 66
Analysis date: 2018-03-13 21:43:07 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab Filerepmalware.Gen!c 20180313
Avast FileRepMalware 20180313
AVG FileRepMalware 20180313
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180313
Bkav HW32.Packed.7D28 20180313
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170201
Cylance Unsafe 20180313
Endgame malicious (high confidence) 20180308
ESET-NOD32 a variant of Win32/GenKryptik.BTKD 20180313
Fortinet W32/Kryptik.GDRZ!tr 20180313
Sophos ML heuristic 20180121
McAfee Artemis!BB85E046BA14 20180313
McAfee-GW-Edition BehavesLike.Win32.Backdoor.cc 20180313
Rising Trojan.GenKryptik!8.AA55 (TFE:3:1SU5YtSnuWJ) 20180313
Webroot W32.Trojan.Emotet 20180313
Ad-Aware 20180313
AhnLab-V3 20180313
Alibaba 20180313
ALYac 20180313
Antiy-AVL 20180313
Arcabit 20180313
Avast-Mobile 20180313
Avira (no cloud) 20180313
AVware 20180313
BitDefender 20180313
CAT-QuickHeal 20180313
ClamAV 20180313
CMC 20180313
Comodo 20180313
Cybereason None
Cyren 20180313
DrWeb 20180313
eGambit 20180313
Emsisoft 20180313
F-Prot 20180313
F-Secure 20180310
GData 20180313
Ikarus 20180313
Jiangmin 20180313
K7AntiVirus 20180313
K7GW 20180313
Kaspersky 20180313
Kingsoft 20180313
Malwarebytes 20180313
MAX 20180313
Microsoft 20180313
eScan 20180313
NANO-Antivirus 20180313
nProtect 20180313
Panda 20180313
Qihoo-360 20180313
SentinelOne (Static ML) 20180225
Sophos AV 20180313
SUPERAntiSpyware 20180313
Symantec 20180313
Symantec Mobile Insight 20180311
Tencent 20180313
TheHacker 20180311
TotalDefense 20180313
TrendMicro 20180313
TrendMicro-HouseCall 20180313
Trustlook 20180313
VBA32 20180313
VIPRE 20180313
ViRobot 20180313
WhiteArmor 20180223
Yandex 20180313
Zillya 20180313
ZoneAlarm by Check Point 20180313
Zoner 20180313
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-13 18:30:30
Entry Point 0x00005000
Number of sections 5
PE sections
PE imports
AddAuditAccessAceEx
InitializeAcl
SetServiceStatus
AddFontResourceExW
GetNearestColor
OffsetClipRgn
GetDIBColorTable
GetCurrentProcess
SetCommConfig
CreateEventW
SetEvent
LocalHandle
CloseHandle
GetThreadUILanguage
GetConsoleOutputCP
GetCurrentThreadId
GetVersion
WaitForMultipleObjects
ResetEvent
VarUI4FromUI8
BSTR_UserFree
SafeArrayAllocDescriptor
SetupDiGetSelectedDevice
GetDCEx
CreatePopupMenu
DdeGetData
SetPropA
GetInputState
IsWindowEnabled
ToUnicode
GetShellWindow
GetWindowContextHelpId
GetClipboardSequenceNumber
DdeCmpStringHandles
InvalidateRect
waveInStop
SetPrinterDataExW
SCardGetStatusChangeW
ReadFmtUserTypeStg
Number of PE resources by type
RT_ICON 11
RT_STRING 3
RT_BITMAP 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:13 19:30:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1

LinkerVersion
13.5

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x5000

InitializedDataSize
121344

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
4096

File identification
MD5 bb85e046ba141ef5859915d038ff4ae2
SHA1 3e2625fbfbac91976f0e190d051580e53ed64cb1
SHA256 45d8a01dcb0a64c9af1afb46b2c7d96895a84658ba8d610160836baefffce57e
ssdeep
3072:X0Z7DgqALTozH7Uk+DyHvBOaZwxQh4qFBhU/:EZgqALEb7Uf+HvEaZwxFohU

authentihash 1721f20064ab9662b7822e1b1ff18804e2f5bf15cd8507b00f944069305932ed
imphash c35d8fbdc8dab21d0552cbeee7f8d298
File size 131.5 KB ( 134656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-13 18:40:54 UTC ( 7 months, 1 week ago )
Last submission 2018-05-25 09:19:28 UTC ( 5 months ago )
File names 8880.exe
62360.exe
1585.exe
output.112985427.txt
67845.exe
ORif1xJ.exe
VirusShare_bb85e046ba141ef5859915d038ff4ae2
093_03_06_2018_14_12_46_5890.exe.malware.MRG
VirusShare_bb85e046ba141ef5859915d038ff4ae2
4813.exe
79585.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!