× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4cc7ed8813e36a69947214b298cbf9daef41ace4455593743756b4eb7f9c4e56
File name: fee6e766a063c1dccab531f43c122352a098db89.bin
Detection ratio: 49 / 66
Analysis date: 2019-04-15 05:10:10 UTC ( 1 month ago )
Antivirus Result Update
Acronis suspicious 20190413
Ad-Aware Gen:Packer.Krucky.B.mgW@a4pmuIi 20190415
AegisLab Trojan.Win32.Generic.4!c 20190415
Alibaba Trojan:Win32/dark.ali1000040 20190402
ALYac Gen:Packer.Krucky.B.mgW@a4pmuIi 20190415
Antiy-AVL Trojan/Win32.Skeeyah 20190415
Arcabit Gen:Packer.Krucky.B.E06D74 20190415
Avast Win32:Malware-gen 20190415
AVG Win32:Malware-gen 20190415
Avira (no cloud) TR/Crypt.XPACK.Gen 20190414
BitDefender Gen:Packer.Krucky.B.mgW@a4pmuIi 20190415
CAT-QuickHeal Trojan.Generic 20190414
Comodo TrojWare.Win32.Pakes.~d7@1m1x6k 20190415
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.9e771c 20190403
Cyren W32/Trojan.WVPV-4312 20190415
DrWeb Trojan.Encoder.11432 20190415
Emsisoft Gen:Packer.Krucky.B.mgW@a4pmuIi (B) 20190415
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Generik.LWWQRUY 20190415
F-Secure Trojan.TR/Crypt.XPACK.Gen 20190414
FireEye Generic.mg.29400fa9e771cea5 20190415
Fortinet W32/Generic.AP.18BB5CC!tr 20190415
GData Gen:Packer.Krucky.B.mgW@a4pmuIi 20190415
Ikarus Gen.Packer.Krucky 20190414
Sophos ML heuristic 20190313
Jiangmin Trojan.Generic.czdws 20190415
K7AntiVirus Riskware ( 0040eff71 ) 20190415
K7GW Riskware ( 0040eff71 ) 20190415
Kaspersky HEUR:Trojan.Win32.Generic 20190415
MAX malware (ai score=87) 20190415
McAfee Artemis!29400FA9E771 20190415
McAfee-GW-Edition BehavesLike.Win32.Spybot.vc 20190415
Microsoft Trojan:Win32/Skeeyah.B!rfn 20190415
eScan Gen:Packer.Krucky.B.mgW@a4pmuIi 20190415
NANO-Antivirus Trojan.Win32.Encoder.fnfpul 20190415
Palo Alto Networks (Known Signatures) generic.ml 20190415
Panda Trj/CI.A 20190414
Qihoo-360 HEUR/QVM19.1.5455.Malware.Gen 20190415
Rising Malware.Heuristic.MLite(100%) (AI-LITE:b6ogRLYq0ekAaokyiFsRig) 20190415
SentinelOne (Static ML) DFI - Malicious PE 20190407
Sophos AV Mal/Generic-S 20190415
Tencent Win32.Trojan.Ransomware.Auto 20190415
Trapmine malicious.high.ml.score 20190325
TrendMicro-HouseCall TROJ_GEN.R002C0WBH19 20190415
VBA32 Hoax.Wanna 20190412
Yandex Packed/FRBR 20190412
Zillya Exploit.MS17.Win32.30 20190412
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190415
AhnLab-V3 20190414
Avast-Mobile 20190414
Babable 20180918
Baidu 20190318
Bkav 20190412
ClamAV 20190414
CMC 20190321
eGambit 20190415
Kingsoft 20190415
Malwarebytes 20190415
SUPERAntiSpyware 20190410
Symantec Mobile Insight 20190410
TACHYON 20190415
TheHacker 20190411
TotalDefense 20190413
Trustlook 20190415
ViRobot 20190415
Zoner 20190415
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT Krunchy
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1996-06-18 00:02:36
Entry Point 0x00230D64
Number of sections 1
PE sections
PE imports
LoadLibraryA
GetProcAddress
Number of PE resources by type
R 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1996:06:18 02:02:36+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x230d64

InitializedDataSize
3682304

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 29400fa9e771cea505028953ab9b7e9e
SHA1 fee6e766a063c1dccab531f43c122352a098db89
SHA256 4cc7ed8813e36a69947214b298cbf9daef41ace4455593743756b4eb7f9c4e56
ssdeep
49152:u/351brhrg83BC4zlDSBzhZAcLi9USYTltCY6e2i/Bt:udgm8AtS/ZRiySIT6ez

authentihash 67028d3fea44b4699950ba6c87ed18a0abefafab34f2a979d79087e7b9f90bc2
imphash 87bed5a7cba00c7e1f4015f1bdae2183
File size 2.2 MB ( 2298880 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID kkrunchy compressed Win32 Executable (84.2%)
Win32 Executable (generic) (8.3%)
Generic Win/DOS Executable (3.7%)
DOS Executable Generic (3.7%)
Tags
peexe krunchy

VirusTotal metadata
First submission 2019-02-16 23:24:03 UTC ( 3 months ago )
Last submission 2019-02-16 23:24:03 UTC ( 3 months ago )
File names fee6e766a063c1dccab531f43c122352a098db89.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections