× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 463abf7f20772e22cbbbfe39f400e2596da862ff95bb2b1a6350da8c59505359
File name: 5258e6281ce5330c8bbca3a00a8bd1f8
Detection ratio: 11 / 68
Analysis date: 2018-10-06 04:43:09 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180723
Cylance Unsafe 20181006
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKUR 20181006
Fortinet W32/GenKryptik.CIGB!tr 20181006
Kaspersky UDS:DangerousObject.Multi.Generic 20181006
NANO-Antivirus Virus.Win32.Gen.ccmw 20181006
Rising Malware.Heuristic!ET#97% (RDM+:cmRtazowal5SXZdBPBVART7ML/HS) 20181006
SentinelOne (Static ML) static engine - malicious 20180926
VBA32 TScope.Malware-Cryptor.SB 20181005
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181006
Ad-Aware 20181006
AegisLab 20181006
AhnLab-V3 20181005
Alibaba 20180921
Antiy-AVL 20181005
Arcabit 20181006
Avast 20181006
Avast-Mobile 20181005
AVG 20181006
Avira (no cloud) 20181005
AVware 20180925
Babable 20180918
Baidu 20180930
BitDefender 20181006
Bkav 20181005
CAT-QuickHeal 20181005
ClamAV 20181005
CMC 20181005
Comodo 20181006
Cybereason 20180225
Cyren 20181006
DrWeb 20181006
eGambit 20181006
Emsisoft 20181006
F-Prot 20181006
F-Secure 20181006
GData 20181006
Ikarus 20181005
Sophos ML 20180717
Jiangmin 20181006
K7AntiVirus 20181006
K7GW 20181005
Kingsoft 20181006
Malwarebytes 20181006
MAX 20181006
McAfee 20181006
McAfee-GW-Edition 20181006
Microsoft 20181006
eScan 20181006
Palo Alto Networks (Known Signatures) 20181006
Panda 20181005
Qihoo-360 20181006
Sophos AV 20181006
SUPERAntiSpyware 20181006
Symantec 20181005
Symantec Mobile Insight 20181001
TACHYON 20181006
Tencent 20181006
TheHacker 20181001
TotalDefense 20181005
TrendMicro 20181006
TrendMicro-HouseCall 20181006
Trustlook 20181006
VIPRE 20181006
ViRobot 20181005
Webroot 20181006
Yandex 20181005
Zillya 20181005
Zoner 20181005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Signature verification The digital signature of the object did not verify.
Signing date 9:32 PM 2/13/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-04 18:17:24
Entry Point 0x000041B7
Number of sections 5
PE sections
Overlays
MD5 10b360ca25e83a9dd6bf8530b66c7781
File type data
Offset 305664
Size 13528
Entropy 7.40
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
HeapAlloc
GetCurrentProcess
GetFileType
GetConsoleMode
HeapSize
GetCurrentProcessId
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetThreadContext
GetProcessHeap
SetStdHandle
WideCharToMultiByte
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
CreateProcessA
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
GetStringTypeW
TlsGetValue
Sleep
SetLastError
TlsSetValue
EncodePointer
GetCurrentThreadId
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
pow
memset
RtlUnwind
sqrt
fabs
Number of PE resources by type
RT_ICON 2
RT_STRING 1
RT_DIALOG 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
SLOVAK DEFAULT 5
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:10:04 19:17:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
12.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x41b7

InitializedDataSize
259584

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 5258e6281ce5330c8bbca3a00a8bd1f8
SHA1 3f0b34e9d1b76e844062c14e9bc0c8c018ca570c
SHA256 463abf7f20772e22cbbbfe39f400e2596da862ff95bb2b1a6350da8c59505359
ssdeep
6144:hhvrL3CMmOUZ+HazFckrxm3VwSPbdfHhaAHzz0aF2JdLzl0:hhvrL3C+YkazF/+BP1haAHzz0UOl0

authentihash 02cbac567ad658069449e85e6753682b401d91db05a3066b5a5a9873c626ab14
imphash fb63a4bc4626aced0217054d2412a8f1
File size 311.7 KB ( 319192 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-10-06 04:43:09 UTC ( 5 months, 3 weeks ago )
Last submission 2018-10-06 04:43:09 UTC ( 5 months, 3 weeks ago )
File names 5258e6281ce5330c8bbca3a00a8bd1f8
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!