× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4b38b703b848f6a750fb20919e3b4c05e5f0a2672f4f3b75b95e8a899c24326e
File name: trickloader.exe
Detection ratio: 13 / 67
Analysis date: 2017-12-20 16:19:53 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20171220
AVG FileRepMalware 20171220
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9990 20171219
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.8eea05 20171103
Cylance Unsafe 20171220
Endgame malicious (high confidence) 20171130
Fortinet W32/Generic.AP.9F5966!tr 20171220
Sophos ML heuristic 20170914
Palo Alto Networks (Known Signatures) generic.ml 20171220
Qihoo-360 HEUR/QVM20.1.F9A1.Malware.Gen 20171220
SentinelOne (Static ML) static engine - malicious 20171207
WhiteArmor Malware.HighConfidence 20171204
Ad-Aware 20171220
AegisLab 20171220
AhnLab-V3 20171220
Alibaba 20171220
ALYac 20171220
Antiy-AVL 20171220
Arcabit 20171220
Avast-Mobile 20171220
Avira (no cloud) 20171220
AVware 20171220
BitDefender 20171220
Bkav 20171220
CAT-QuickHeal 20171219
ClamAV 20171220
CMC 20171218
Comodo 20171220
Cyren 20171220
DrWeb 20171220
eGambit 20171220
Emsisoft 20171220
ESET-NOD32 20171220
F-Prot 20171220
F-Secure 20171220
GData 20171220
Ikarus 20171220
Jiangmin 20171220
K7AntiVirus 20171220
K7GW 20171220
Kaspersky 20171220
Kingsoft 20171220
Malwarebytes 20171220
MAX 20171220
McAfee 20171220
McAfee-GW-Edition 20171220
Microsoft 20171220
eScan 20171220
NANO-Antivirus 20171220
nProtect 20171220
Panda 20171220
Rising 20171220
Sophos AV 20171220
SUPERAntiSpyware 20171220
Symantec 20171220
Symantec Mobile Insight 20171220
Tencent 20171220
TheHacker 20171219
TrendMicro 20171220
TrendMicro-HouseCall 20171220
Trustlook 20171220
VBA32 20171219
VIPRE 20171220
ViRobot 20171220
Webroot 20171220
Yandex 20171220
Zillya 20171219
ZoneAlarm by Check Point 20171220
Zoner 20171220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-09-02 22:32:30
Entry Point 0x00009FE0
Number of sections 4
PE sections
PE imports
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
GetLastError
HeapFree
GetStdHandle
SetHandleCount
lstrlenA
GetOEMCP
HeapDestroy
HeapAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
GetCurrentDirectoryA
lstrcatA
WideCharToMultiByte
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetTempPathA
GetCPInfo
MapViewOfFile
GetModuleHandleA
lstrcmpA
WriteFile
GetStartupInfoA
GetACP
TerminateProcess
HeapCreate
VirtualFree
Sleep
GetFileType
CreateFileA
ExitProcess
GetVersion
VirtualAlloc
ExtractIconA
SetFocus
MapWindowPoints
RegisterClassA
UpdateWindow
GetScrollRange
EndDialog
BeginPaint
GetScrollPos
PostQuitMessage
DefWindowProcA
ShowWindow
MessageBeep
MessageBoxW
DispatchMessageA
EndPaint
SetMenu
SetDlgItemTextA
PostMessageA
SetMenuItemInfoA
ModifyMenuA
MessageBoxA
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetDlgItemTextW
GetDlgItemInt
RegisterClassExA
GetCursorPos
GetDlgCtrlID
SetWindowTextA
ShowCaret
PtInRect
SendMessageA
GetClientRect
CreateWindowExA
SetScrollRange
EnableMenuItem
FrameRect
wsprintfA
SetTimer
LoadCursorA
LoadIconA
GetActiveWindow
GetDesktopWindow
LockWindowUpdate
GetClassNameA
RedrawWindow
GetMessageA
EndDeferWindowPos
OpenClipboard
DestroyWindow
Number of PE resources by type
RT_BITMAP 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
FINNISH DEFAULT 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
5.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.1.4

LanguageCode
Unknown (050A)

FileFlagsMask
0x0000

FileDescription
GrapFirebox 1.4

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unknown (07B0)

InitializedDataSize
325632

EntryPoint
0x9fe0

OriginalFileName
firebox.exe

MIMEType
application/octet-stream

LegalCopyright
Firebox Corporation. All rights reserv

FileVersion
1,1,1,4 (ttm.030817-104)

TimeStamp
2015:09:02 23:32:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
GrapFirebox

ProductVersion
1.1.1.4

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Firebox Corporation

CodeSize
94720

ProductName
Firebox Operate

ProductVersionNumber
1.1.1.4

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 0dfa92ec349bd040f31e4b1d05c9263d
SHA1 e77f9fe8eea05b34a5399b3317cff38839c21d0f
SHA256 4b38b703b848f6a750fb20919e3b4c05e5f0a2672f4f3b75b95e8a899c24326e
ssdeep
6144:toFpWLr3vfFvuRoew95/Lx/xfe3f6JYS6K/+GjKqZpit4F9Ue1yCAVmy7:toFILbNvunwP1t61KGZoit4we15AMy7

authentihash 22cb8af625a017cb6acc9809b71e645acb269c53367c161c4e806297e945f07a
imphash 9fb5bdb26dc4edc75c09f13aca0a4ac5
File size 409.5 KB ( 419328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.3%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-20 16:19:53 UTC ( 1 year, 4 months ago )
Last submission 2018-02-05 16:03:08 UTC ( 1 year, 2 months ago )
File names trlhpdr.png
h-k.exe
trickloader.exe
0dfa92ec349bd040f31e4b1d05c9263d
h-k.exe
iejcjr.exe
1024-e77f9fe8eea05b34a5399b3317cff38839c21d0f
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications