× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4ac2ebd1db6ccc7662020725039c8fb1a1da3b88e74519283e89fb4211fa7058
File name: .
Detection ratio: 14 / 70
Analysis date: 2018-11-28 18:34:49 UTC ( 3 months, 3 weeks ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Ursnif.C2863241 20181128
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.018077 20180225
Cylance Unsafe 20181128
eGambit Unsafe.AI_Score_99% 20181128
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Dridex.CK 20181128
Ikarus Trojan.Win32.Dridex 20181128
Sophos ML heuristic 20181128
K7GW Hacktool ( 700007861 ) 20181128
Rising Spyware.Ursnif!8.1DEF (TFE:1:0KHXwQGJ8ON) 20181128
Symantec ML.Attribute.HighConfidence 20181128
Trapmine malicious.high.ml.score 20181126
Webroot W32.Trojan.Gen 20181128
Ad-Aware 20181128
AegisLab 20181128
Alibaba 20180921
ALYac 20181128
Antiy-AVL 20181128
Arcabit 20181128
Avast 20181128
Avast-Mobile 20181128
AVG 20181128
Avira (no cloud) 20181128
Babable 20180918
Baidu 20181128
BitDefender 20181128
Bkav 20181128
CAT-QuickHeal 20181128
ClamAV 20181128
CMC 20181128
Comodo 20181128
Cyren 20181128
DrWeb 20181128
Emsisoft 20181128
F-Prot 20181128
F-Secure 20181128
Fortinet 20181128
GData 20181128
Jiangmin 20181128
K7AntiVirus 20181128
Kaspersky 20181128
Kingsoft 20181128
Malwarebytes 20181128
MAX 20181128
McAfee 20181128
McAfee-GW-Edition 20181128
Microsoft 20181128
eScan 20181128
NANO-Antivirus 20181128
Palo Alto Networks (Known Signatures) 20181128
Panda 20181128
Qihoo-360 20181128
SentinelOne (Static ML) 20181011
Sophos AV 20181128
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181128
Tencent 20181128
TheHacker 20181126
TotalDefense 20181128
TrendMicro 20181128
TrendMicro-HouseCall 20181128
Trustlook 20181128
VBA32 20181128
VIPRE 20181128
ViRobot 20181128
Yandex 20181128
Zillya 20181128
ZoneAlarm by Check Point 20181128
Zoner 20181128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-27 00:37:16
Entry Point 0x000040B0
Number of sections 6
PE sections
PE imports
IsTokenRestricted
CM_Disable_DevNode
GetFontLanguageInfo
GetTextCharacterExtra
GetCurrentPositionEx
InterlockedCompareExchange64
GetUserDefaultLangID
GetConsoleFontSize
IsValidCodePage
WaitForSingleObject
GetExitCodeThread
FreeConsole
VarCyNeg
I_RpcNsBindingSetEntryNameW
SetupDiBuildClassInfoListExW
GetCursorPos
DdeUninitialize
SetCapture
GetCursor
GetFocus
SetProcessWindowStation
DestroyCaret
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:11:27 01:37:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
114688

LinkerVersion
16.3

FileTypeExtension
exe

InitializedDataSize
94208

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x40b0

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 dba562ea712e538c14ccea514ade4ac0
SHA1 4af647f018077cefa51725439078764d569bac21
SHA256 4ac2ebd1db6ccc7662020725039c8fb1a1da3b88e74519283e89fb4211fa7058
ssdeep
3072:0V1cFjodAor2i/53+wMN6uU+HBDfMZrW1+q:0bc01r2ixMN6uU+hLMZrW

authentihash 957ae384e8102d335d76036e2098500ae6ef35e60d0625f31013873091ee54b1
imphash f2c5ad8b2ac09a33994fee2204ad8662
File size 208.0 KB ( 212992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (58.9%)
Win32 Dynamic Link Library (generic) (14.0%)
Win32 Executable (generic) (9.6%)
Win16/32 Executable Delphi generic (4.4%)
OS/2 Executable (generic) (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-28 18:34:49 UTC ( 3 months, 3 weeks ago )
Last submission 2018-11-28 18:34:49 UTC ( 3 months, 3 weeks ago )
File names .
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!