× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 47b608454858a50a53573e1c1155d587397e6fccab2de4440e608b4a506bd9ba
File name: nn.jpg
Detection ratio: 35 / 69
Analysis date: 2019-02-08 13:17:01 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31660540 20190208
AegisLab Trojan.Win32.Generic.4!c 20190208
ALYac Trojan.GenericKD.31660540 20190208
Arcabit Trojan.Generic.D1E319FC 20190208
Avast Win32:Trojan-gen 20190208
AVG Win32:Trojan-gen 20190208
Avira (no cloud) TR/Kryptik.qqafw 20190208
BitDefender Trojan.GenericKD.31660540 20190208
CrowdStrike Falcon (ML) malicious_confidence_70% (W) 20181023
Cylance Unsafe 20190208
Emsisoft Trojan.GenericKD.31660540 (B) 20190208
ESET-NOD32 a variant of Win32/GenKryptik.CYQA 20190208
F-Secure Trojan.TR/Kryptik.qqafw 20190208
Fortinet W32/GenKryptik.CYQA!tr 20190208
GData Trojan.GenericKD.31660540 20190208
Ikarus Trojan.Win32.Krypt 20190208
Sophos ML heuristic 20181128
Kaspersky Trojan.Win32.Yakes.ykev 20190208
MAX malware (ai score=82) 20190208
McAfee Artemis!E078AB84F3E4 20190208
McAfee-GW-Edition BehavesLike.Win32.Generic.cc 20190208
Microsoft Trojan:Win32/Zpevdo.B 20190208
eScan Trojan.GenericKD.31660540 20190208
Palo Alto Networks (Known Signatures) generic.ml 20190208
Panda Trj/CI.A 20190208
Rising Trojan.Kryptik!8.8/N3#84% (RDM+:cmRtazpGtW9s2pJCwJlA29w41PPz) 20190208
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Generic-S 20190208
SUPERAntiSpyware Trojan.Agent/Gen-Miuref 20190206
Symantec Trojan.Gen.2 20190208
Trapmine malicious.high.ml.score 20190123
TrendMicro TROJ_GEN.R002C0WB819 20190208
TrendMicro-HouseCall TROJ_GEN.R002C0WB819 20190208
VBA32 BScope.Trojan.Azden 20190208
ZoneAlarm by Check Point Trojan.Win32.Yakes.ykev 20190208
Acronis 20190208
AhnLab-V3 20190208
Alibaba 20180921
Antiy-AVL 20190208
Avast-Mobile 20190208
Babable 20180918
Baidu 20190202
Bkav 20190201
CAT-QuickHeal 20190208
ClamAV 20190208
CMC 20190208
Comodo 20190208
Cybereason 20190109
Cyren 20190208
DrWeb 20190208
eGambit 20190208
Endgame 20181108
F-Prot 20190208
Jiangmin 20190208
K7AntiVirus 20190208
K7GW 20190208
Kingsoft 20190208
Malwarebytes 20190208
NANO-Antivirus 20190208
Qihoo-360 20190208
Symantec Mobile Insight 20190207
TACHYON 20190208
Tencent 20190208
TheHacker 20190203
Trustlook 20190208
ViRobot 20190208
Webroot 20190208
Yandex 20190208
Zillya 20190208
Zoner 20190208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-05 17:50:00
Entry Point 0x00019E60
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
GetTokenInformation
RegCloseKey
CryptAcquireContextA
OpenProcessToken
RegSetValueExW
SetEntriesInAclA
SetNamedSecurityInfoA
CryptGenRandom
RegOpenKeyExW
LogonUserA
ImpersonateLoggedOnUser
GetNamedSecurityInfoA
RegOpenKeyExA
BuildExplicitAccessWithNameA
CryptGenKey
IsValidSecurityDescriptor
CreateToolbarEx
ImageList_Create
ImageList_BeginDrag
ChooseColorA
SetMapMode
GetSystemPaletteEntries
SaveDC
GetROP2
GetDeviceCaps
LineTo
GetMapMode
GetPixelFormat
CreateSolidBrush
StartPage
ChoosePixelFormat
SetPaletteEntries
RealizePalette
GetObjectA
DescribePixelFormat
MoveToEx
CreatePalette
GetPolyFillMode
SelectPalette
UnrealizeObject
SetPixelFormat
GdiFlush
CreateCompatibleDC
SwapBuffers
SelectObject
StartDocA
SetWindowExtEx
SetWindowOrgEx
SetViewportExtEx
DeleteObject
gluErrorString
gluQuadricDrawStyle
gluSphere
gluLookAt
gluPerspective
gluCylinder
gluNewQuadric
gluQuadricNormals
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
EncodePointer
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetTempPathA
FindNextVolumeMountPointA
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
FormatMessageW
OutputDebugStringW
InterlockedDecrement
GetFullPathNameW
SetLastError
TlsGetValue
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetConsoleScreenBufferSize
RaiseException
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetVolumeNameForVolumeMountPointA
CreateThread
SetUnhandledExceptionFilter
Module32NextW
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
VirtualQuery
SetEndOfFile
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
GetModuleHandleA
CreateToolhelp32Snapshot
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
Process32Next
Process32First
GetModuleHandleW
GetStartupInfoW
DeleteFileW
GetUserDefaultLCID
GetConsoleScreenBufferInfo
GetProcessHeap
CompareStringW
lstrcmpA
IsValidLocale
GetProcAddress
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
Module32FirstW
GetCurrentProcessId
GetCompressedFileSizeW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
ReadConsoleW
TlsFree
SetFilePointer
VirtualUnlock
ReadFile
CloseHandle
GetACP
GetCurrentThreadId
WideCharToMultiByte
IsValidCodePage
Sleep
WriteConsoleW
VirtualAlloc
OleSavePictureFile
glPopMatrix
glReadBuffer
glClearColor
wglCreateContext
wglGetCurrentDC
glBegin
glVertex3dv
glVertex3fv
glGetString
glEnable
glVertex3f
glColor4fv
glClear
glScaled
glFinish
glRotated
glNormal3f
wglGetProcAddress
glPushAttrib
glPopAttrib
glTranslated
glVertex3d
wglMakeCurrent
glColor3d
glViewport
glGetError
wglGetCurrentContext
glLoadIdentity
glNormal3fv
wglDeleteContext
glPolygonMode
glDrawBuffer
glPushMatrix
glMatrixMode
glEnd
glOrtho
SetupDiEnumDriverInfoA
SetupDiSetSelectedDriverA
LsaGetLogonSessionData
SetFocus
GetMessageA
MapVirtualKeyA
RegisterClassA
GetParent
UpdateWindow
PostMessageA
EndDialog
BeginPaint
DefWindowProcA
KillTimer
ChangeDisplaySettingsA
PostQuitMessage
CreatePopupMenu
SetWindowTextA
SetWindowPos
RemoveMenu
GetSystemMetrics
EnableMenuItem
SetScrollRange
AppendMenuA
DispatchMessageA
EndPaint
SetCapture
ReleaseCapture
GetDlgItemTextA
CallWindowProcA
WindowFromPoint
PeekMessageA
ChildWindowFromPoint
SetWindowLongA
TranslateMessage
GetDC
GetKeyState
GetCursorPos
ReleaseDC
GetClassInfoA
GetDlgItem
GetMenu
GetWindowLongA
ShowWindow
SendMessageA
DestroyWindow
GetClientRect
CreateWindowExA
SetCursorPos
DrawMenuBar
LoadIconA
IsWindow
SetScrollPos
ScreenToClient
InvalidateRect
GetSubMenu
SetTimer
LoadCursorA
EnumDisplaySettingsA
TrackPopupMenu
ClientToScreen
AdjustWindowRect
GetDesktopWindow
GetNextDlgTabItem
MsgWaitForMultipleObjects
GetWindowTextA
DestroyMenu
ModifyMenuA
GetAncestor
SetCursor
WinHttpSendRequest
joySetThreshold
joySetCapture
joyGetPosEx
joyReleaseCapture
SymUnloadModule
Number of PE resources by type
RT_STRING 8
STYLE 3
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2019:02:05 18:50:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
399872

LinkerVersion
11.0

FileTypeExtension
exe

InitializedDataSize
486400

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x19e60

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 e078ab84f3e412c30109750731bf29c5
SHA1 156b9ed1f2e78939aa35c7587d04d148ce35d95a
SHA256 47b608454858a50a53573e1c1155d587397e6fccab2de4440e608b4a506bd9ba
ssdeep
24576:EAwEZJEZpEg/DHrM1O0PMOT/nBQ/p4PIecVf4Etk+:hLZJiEgLo17PMOTpQ/p4SVf4Etr

authentihash fd74b31f43f6f50a11d95c0039a1ad3322ef4e33c2e56a0d9b04a7350df8e2f6
imphash 32ee8cf05c38384568d467defca87a5c
File size 866.5 KB ( 887296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (59.0%)
Win32 Dynamic Link Library (generic) (14.0%)
Win32 Executable (generic) (9.6%)
OS/2 Executable (generic) (4.3%)
Clipper DOS Executable (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2019-02-06 12:58:45 UTC ( 3 months, 2 weeks ago )
Last submission 2019-02-15 10:12:12 UTC ( 3 months, 1 week ago )
File names nn.exe
47b608454858a50a53573e1c1155d587397e6fccab2de4440e608b4a506bd9ba.exe
nn.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.