× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4a96d91789ec57a52c40c2358d99e63628b975dd24bc326c613cbeab9e4aa398
File name: NcJDgiHkONQM8SP.exe
Detection ratio: 17 / 67
Analysis date: 2018-03-13 13:11:46 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180313
AVG FileRepMalware 20180313
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180313
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
eGambit Unsafe.AI_Score_100% 20180313
Endgame malicious (high confidence) 20180308
Fortinet W32/Kryptik.GEEX!tr 20180313
Sophos ML heuristic 20180121
McAfee Emotet-FEI!E85D3B01C48F 20180313
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20180313
Palo Alto Networks (Known Signatures) generic.ml 20180313
Qihoo-360 HEUR/QVM20.1.CBB7.Malware.Gen 20180313
Rising Malware.XPACK-LNR/Heur!1.5594 (CLASSIC) 20180313
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANR 20180313
TrendMicro TSPY_HPEMOTET.SMF5 20180313
TrendMicro-HouseCall TSPY_HPEMOTET.SMF5 20180313
Ad-Aware 20180313
AegisLab 20180313
AhnLab-V3 20180313
Alibaba 20180313
ALYac 20180313
Antiy-AVL 20180313
Arcabit 20180313
Avast-Mobile 20180313
Avira (no cloud) 20180313
AVware 20180313
BitDefender 20180313
Bkav 20180313
CAT-QuickHeal 20180313
ClamAV 20180313
CMC 20180313
Comodo 20180313
Cybereason None
Cylance 20180313
Cyren 20180313
DrWeb 20180313
Emsisoft 20180313
ESET-NOD32 20180313
F-Prot 20180313
F-Secure 20180313
GData 20180313
Ikarus 20180313
Jiangmin 20180313
K7AntiVirus 20180313
K7GW 20180313
Kaspersky 20180313
Kingsoft 20180313
Malwarebytes 20180313
MAX 20180313
Microsoft 20180313
eScan 20180313
NANO-Antivirus 20180313
nProtect 20180313
Panda 20180313
SUPERAntiSpyware 20180313
Symantec 20180313
Symantec Mobile Insight 20180311
Tencent 20180313
TheHacker 20180311
TotalDefense 20180313
Trustlook 20180313
VBA32 20180313
VIPRE 20180313
ViRobot 20180313
Webroot 20180313
WhiteArmor 20180223
Yandex 20180313
Zillya 20180312
ZoneAlarm by Check Point 20180313
Zoner 20180313
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-13 13:04:19
Entry Point 0x00002AF0
Number of sections 5
PE sections
PE imports
SetUserFileEncryptionKey
GetSystemDefaultLangID
QueryThreadCycleTime
InitAtomTable
IsSystemResumeAutomatic
GetCommandLineW
WTSGetActiveConsoleSessionId
GetEnvironmentStringsW
GetForegroundWindow
DestroyWindow
OffsetRect
DefWindowProcW
FindWindowW
PostQuitMessage
MessageBeep
SetWindowPos
GetSystemMetrics
RegisterClassExW
CharUpperW
TranslateMessage
SetActiveWindow
CheckMenuItem
SendMessageW
IsZoomed
GetWindowPlacement
CloseClipboard
BringWindowToTop
MoveWindow
IsIconic
IsClipboardFormatAvailable
GetKeyboardLayout
DestroyAcceleratorTable
SetForegroundWindow
CharNextW
SetCursor
InternetUnlockRequestFile
Ord(29)
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:13 14:04:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1012959262

LinkerVersion
11.2

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

EntryPoint
0x2af0

InitializedDataSize
110592

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
1

File identification
MD5 e85d3b01c48f2c59c0291e70ea53b385
SHA1 f1d34e32714b2bd270275a2d70c3e4a1217891c2
SHA256 4a96d91789ec57a52c40c2358d99e63628b975dd24bc326c613cbeab9e4aa398
ssdeep
1536:c2ZiPHhr29zXwZtcFK6sXrJBh5TlrbVJP+8C:cwA+zXwN3nh5xFJPu

authentihash 7af1023b215fa17b6a22ca61ef760dd147ae7cacd42abacdc71b12555db2514b
imphash 2b7fa33549cf142f1a197ef7b8e7a9f0
File size 128.0 KB ( 131072 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-03-13 13:11:46 UTC ( 1 year, 1 month ago )
Last submission 2018-05-08 17:43:00 UTC ( 11 months, 2 weeks ago )
File names 60719.exe
NcJDgiHkONQM8SP.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!