× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4a42de0946540be873996d62ae9d113823481bdc42a91099ef7a8418e3d5cf84
File name: 1aqkyfidydepiemfufuzy.exe
Detection ratio: 15 / 64
Analysis date: 2018-05-21 18:03:04 UTC ( 11 months, 1 week ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9995 20180521
Cylance Unsafe 20180521
Endgame malicious (high confidence) 20180507
Fortinet W32/Kryptik.GGQN!tr 20180521
Sophos ML heuristic 20180504
K7AntiVirus Trojan ( 003e58dd1 ) 20180521
K7GW Trojan ( 003e58dd1 ) 20180521
Kaspersky HEUR:Trojan-Banker.Win32.NeutrinoPOS.gen 20180521
McAfee Trojan-FPPS!CA2E57067487 20180521
McAfee-GW-Edition BehavesLike.Win32.Generic.dh 20180521
Palo Alto Networks (Known Signatures) generic.ml 20180521
Qihoo-360 HEUR/QVM10.1.50A1.Malware.Gen 20180521
Sophos AV Mal/GandCrab-A 20180521
Symantec Packed.Generic.525 20180521
ZoneAlarm by Check Point HEUR:Trojan-Banker.Win32.NeutrinoPOS.gen 20180521
Ad-Aware 20180521
AegisLab 20180521
AhnLab-V3 20180521
Alibaba 20180521
ALYac 20180521
Antiy-AVL 20180521
Arcabit 20180521
Avast 20180521
Avast-Mobile 20180520
AVG 20180521
Avira (no cloud) 20180521
AVware 20180521
Babable 20180406
BitDefender 20180521
Bkav 20180521
CAT-QuickHeal 20180521
ClamAV 20180521
CMC 20180521
Comodo 20180521
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cyren 20180521
DrWeb 20180521
eGambit 20180521
Emsisoft 20180521
ESET-NOD32 20180521
F-Prot 20180521
GData 20180521
Ikarus 20180521
Jiangmin 20180521
Kingsoft 20180521
Malwarebytes 20180521
MAX 20180521
Microsoft 20180521
eScan 20180521
NANO-Antivirus 20180521
nProtect 20180521
Panda 20180521
Rising 20180521
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180521
Symantec Mobile Insight 20180519
Tencent 20180521
TheHacker 20180516
TotalDefense 20180520
TrendMicro 20180521
TrendMicro-HouseCall 20180521
Trustlook 20180521
VBA32 20180521
VIPRE 20180521
ViRobot 20180521
Yandex 20180518
Zillya 20180521
Zoner 20180521
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-21 06:59:37
Entry Point 0x00005FCC
Number of sections 5
PE sections
PE imports
ReportEventA
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
LoadLibraryW
GetConsoleCP
FlushFileBuffers
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
IsValidLocale
GetEnvironmentStringsW
GetLocaleInfoW
LoadLibraryA
RtlUnwind
lstrlenW
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
AddConsoleAliasA
GetLocaleInfoA
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetUserDefaultLCID
GetCommandLineW
IsValidCodePage
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetProcAddress
GetFileType
SetStdHandle
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
HeapSetInformation
GetCurrentThreadId
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
PulseEvent
CloseHandle
IsProcessorFeaturePresent
GetThreadTimes
GetSystemTimes
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
ExitProcess
TerminateProcess
InitializeCriticalSection
HeapCreate
FindFirstVolumeMountPointW
CreateFileW
InterlockedDecrement
Sleep
SetLastError
GetTickCount
TlsSetValue
HeapAlloc
PrepareTape
LeaveCriticalSection
VirtualAlloc
WriteConsoleW
InterlockedIncrement
DrawEdge
GetWindowTextLengthA
SetWindowsHookW
DestroyCursor
PostMessageW
SetMenuInfo
DeleteMenu
RemoveMenu
Number of PE resources by type
RT_STRING 39
RT_BITMAP 2
OQV 1
RT_GROUP_ICON 1
RT_ICON 1
Number of PE resources by language
NEUTRAL 44
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:05:21 07:59:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
89600

LinkerVersion
10.0

EntryPoint
0x5fcc

InitializedDataSize
74759680

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 ca2e5706748796cc2723c60452cb093e
SHA1 b0d4ff43244f3bed3bf2c4d77a1b4fe4104d3127
SHA256 4a42de0946540be873996d62ae9d113823481bdc42a91099ef7a8418e3d5cf84
ssdeep
6144:oLFAYz7z6hp2WxL+7OXUzYNH26y4OF4FauO0:KBX672akM26tOF47

authentihash 76d4a8da6af3b09687f224d8291f1f485c9b1f334523986f5cdda2b8dab5d034
imphash 25f3201f91b69b7c57f516ad4f680a58
File size 287.0 KB ( 293888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-21 18:03:04 UTC ( 11 months, 1 week ago )
Last submission 2018-05-21 18:03:04 UTC ( 11 months, 1 week ago )
File names 1aqkyfidydepiemfufuzy.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs