× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 46c5afc61fcb4d07652716b6f481d604314df3706476599db96a38c62fffe7ab
Detection ratio: 35 / 69
Analysis date: 2018-10-09 15:21:16 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40589317 20181009
Antiy-AVL Trojan/Win32.Vigorf 20181009
Arcabit Trojan.Generic.D26B5805 20181009
Avast Win32:Malware-gen 20181009
AVG Win32:Malware-gen 20181009
BitDefender Trojan.GenericKD.40589317 20181009
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180723
Cylance Unsafe 20181009
Cyren W32/Trojan.LHXO-1156 20181009
DrWeb Trojan.PWS.Stealer.24814 20181009
Emsisoft Trojan.GenericKD.40589317 (B) 20181009
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GLML 20181009
F-Secure Trojan.GenericKD.40589317 20181009
Fortinet W32/GenKryptik.CNLN!tr 20181009
GData Trojan.GenericKD.40589317 20181009
Ikarus Trojan.Win32.Crypt 20181009
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 00516fdf1 ) 20181009
K7GW Trojan ( 00516fdf1 ) 20181009
Kaspersky Trojan.Win32.Chapak.ayde 20181009
Malwarebytes Trojan.Downloader 20181009
MAX malware (ai score=99) 20181009
McAfee Trojan-FPST!DBF0B14AEB70 20181009
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20181009
Microsoft Trojan:Win32/Occamy.C 20181009
eScan Trojan.GenericKD.40589317 20181009
Panda Trj/GdSda.A 20181009
Qihoo-360 Win32/Trojan.866 20181009
Rising Downloader.Vigorf!8.F626 (CLOUD) 20181009
SentinelOne (Static ML) static engine - malicious 20180926
Symantec Packed.Generic.525 20181009
TrendMicro-HouseCall TROJ_GEN.R020H05J818 20181009
Webroot W32.Adware.Installcore 20181009
ZoneAlarm by Check Point Trojan.Win32.Chapak.ayde 20181009
AegisLab 20181009
AhnLab-V3 20181009
Alibaba 20180921
ALYac 20181009
Avast-Mobile 20181009
Avira (no cloud) 20181009
AVware 20180925
Babable 20180918
Baidu 20181009
Bkav 20181009
CAT-QuickHeal 20181008
ClamAV 20181009
CMC 20181009
Comodo 20181009
Cybereason 20180225
eGambit 20181009
F-Prot 20181009
Jiangmin 20181009
Kingsoft 20181009
NANO-Antivirus 20181009
Palo Alto Networks (Known Signatures) 20181009
Sophos AV 20181009
SUPERAntiSpyware 20181006
Symantec Mobile Insight 20181001
TACHYON 20181009
Tencent 20181009
TheHacker 20181008
TotalDefense 20181009
TrendMicro 20181009
Trustlook 20181009
VBA32 20181009
VIPRE 20181009
ViRobot 20181009
Yandex 20181008
Zillya 20181008
Zoner 20181008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-16 12:13:34
Entry Point 0x00001F1F
Number of sections 5
PE sections
PE imports
PlayMetaFileRecord
SetPolyFillMode
SetPixelV
SetStretchBltMode
SetTextColor
StretchDIBits
GetLastError
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
TerminateThread
LoadLibraryW
GetConsoleCP
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
VirtualProtect
HeapFree
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FindFirstChangeNotificationW
GetACP
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetEnvironmentStringsW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
AddAtomA
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
SetStdHandle
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
QueryPerformanceCounter
TlsFree
GetFileType
GetComputerNameW
RaiseException
GetCPInfo
GetStringTypeA
SetFilePointer
GetSystemTimeAsFileTime
ReadFile
SetEndOfFile
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetMailslotInfo
ExitThread
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetProcessHeap
GetSystemTimeAdjustment
TerminateProcess
WriteConsoleOutputCharacterW
WriteConsoleA
IsValidCodePage
HeapCreate
FatalExit
VirtualFree
FindAtomA
TlsGetValue
Sleep
SetLastError
GetTickCount
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
ShellExecuteW
DragFinish
DragQueryPoint
DragQueryFileA
RegisterClassExW
GetDlgCtrlID
GetRawInputDeviceInfoW
GetMenu
DlgDirSelectExA
EndPaint
BeginPaint
GetDesktopWindow
LoadImageA
GetAltTabInfoA
LoadCursorFromFileW
GetNextDlgTabItem
Number of PE resources by type
RT_BITMAP 2
RT_ICON 2
RT_ACCELERATOR 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 5
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
88064

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unknown (A56B)

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
1.0.0.1

TimeStamp
2017:04:16 13:13:34+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ostksdtgsdfg.exe

ProductVersion
1.0.0.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
135680

FileSubtype
0

ProductVersionNumber
3.0.0.0

EntryPoint
0x1f1f

ObjectFileType
Executable application

File identification
MD5 dbf0b14aeb709afdbba323277e3932ef
SHA1 c65bb5c4c5fefbe9cbe32e7f35c57c4474d1edc5
SHA256 46c5afc61fcb4d07652716b6f481d604314df3706476599db96a38c62fffe7ab
ssdeep
3072:h/kk2VHeLVny578J1/Bjocdzfzlz1z+q5qERd/zh:h/kkoHSV64dZzOm

authentihash b3132246a80fb089fca83d2abd2ccad474262187c2ebbe3c3979ea8245a7f70d
imphash 0801320c432573fba6afc3034e941b96
File size 212.5 KB ( 217600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-08 22:57:39 UTC ( 1 month, 1 week ago )
Last submission 2018-10-08 22:57:39 UTC ( 1 month, 1 week ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections