× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4e1057d1e7c3092cdc5d519ef2323606055dd094faa704a590409f33fc303709
File name: 5e470e065810ee21dac5cac7d0b54e0f
Detection ratio: 32 / 71
Analysis date: 2018-12-30 17:48:04 UTC ( 3 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ulise.21070 20181230
AhnLab-V3 Trojan/Win32.Agent.C2908305 20181230
ALYac Gen:Variant.Ulise.21070 20181230
Arcabit Trojan.Ulise.D524E 20181230
Avast Win32:MalwareX-gen [Trj] 20181230
AVG Win32:MalwareX-gen [Trj] 20181230
BitDefender Gen:Variant.Ulise.21070 20181230
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20181022
Cylance Unsafe 20181230
Emsisoft Gen:Variant.Ulise.21070 (B) 20181230
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GODZ 20181230
F-Secure Gen:Variant.Ulise.21070 20181230
Fortinet W32/GenKryptik.CVGC!tr 20181230
GData Gen:Variant.Ulise.21070 20181230
Kaspersky Trojan-Spy.Win32.Ursnif.agag 20181230
MAX malware (ai score=85) 20181230
McAfee GenericRXGS-RV!5E470E065810 20181230
Microsoft Trojan:Win32/Cloxer.D!cl 20181230
eScan Gen:Variant.Ulise.21070 20181230
Palo Alto Networks (Known Signatures) generic.ml 20181230
Panda Trj/GdSda.A 20181230
Qihoo-360 Win32/Trojan.Spy.18d 20181230
Rising Malware.Obscure/Heur!1.9E03 (CLASSIC) 20181230
Symantec ML.Attribute.HighConfidence 20181229
Tencent Win32.Trojan-spy.Ursnif.Sxop 20181230
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.R04AC0WLT18 20181230
TrendMicro-HouseCall TROJ_GEN.R04AC0WLT18 20181230
VBA32 BScope.Trojan.Chapak 20181229
Webroot W32.Adware.Installcore 20181230
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.agag 20181230
Acronis 20181227
AegisLab 20181230
Alibaba 20180921
Antiy-AVL 20181230
Avast-Mobile 20181230
Avira (no cloud) 20181230
Babable 20180918
Baidu 20181207
Bkav 20181227
CAT-QuickHeal 20181230
ClamAV 20181230
CMC 20181229
Comodo 20181230
Cybereason 20180225
Cyren 20181230
DrWeb 20181230
eGambit 20181230
F-Prot 20181230
Ikarus 20181230
Sophos ML 20181128
Jiangmin 20181230
K7AntiVirus 20181230
K7GW 20181230
Kingsoft 20181230
Malwarebytes 20181230
McAfee-GW-Edition 20181230
NANO-Antivirus 20181230
SentinelOne (Static ML) 20181223
Sophos AV 20181230
SUPERAntiSpyware 20181226
Symantec Mobile Insight 20181225
TACHYON 20181230
TheHacker 20181230
TotalDefense 20181230
Trustlook 20181230
VIPRE 20181230
ViRobot 20181230
Yandex 20181229
Zillya 20181228
Zoner 20181230
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-01 13:56:48
Entry Point 0x00004945
Number of sections 7
PE sections
PE imports
GetSecurityDescriptorDacl
ReportEventW
GetStdHandle
FileTimeToDosDateTime
GetConsoleOutputCP
GetHandleInformation
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
lstrcatW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FatalExit
InterlockedDecrement
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetProcessWorkingSetSize
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetProcessAffinityMask
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetProcAddress
lstrcpyW
GetFileInformationByHandle
lstrcpyA
DuplicateHandle
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
SetProcessShutdownParameters
GetEnvironmentStringsW
GetCommTimeouts
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetCommConfig
GetModuleHandleW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
SetComputerNameExW
VirtualAlloc
TransparentBlt
ShellAboutA
ShellExecuteW
Ord(179)
SendMessageA
GetScrollRange
LoadImageW
DestroyIcon
SetScrollRange
WinHttpWriteData
WinHttpCloseHandle
PE exports
Number of PE resources by type
RT_ICON 4
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
146432

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2018:01:01 14:56:48+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dahugivev.exe

ProductVersion
9.6.6.91

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

LegalCopyright
Copyright (C) 2018, vaxurobaredodip

MachineType
Intel 386 or later, and compatibles

CodeSize
123904

FileSubtype
0

ProductVersionNumber
3.0.0.0

EntryPoint
0x4945

ObjectFileType
Executable application

File identification
MD5 5e470e065810ee21dac5cac7d0b54e0f
SHA1 31ca6805a95330632b33cfce76902cfe49595d94
SHA256 4e1057d1e7c3092cdc5d519ef2323606055dd094faa704a590409f33fc303709
ssdeep
6144:/YSFCd/9AxgZsmk4u41LCwTqVD+HXRbk:/YSFCdl5uMLaVD+Hhbk

authentihash b86b4677dd8dd0e78885b903a18ef8d3e5ce67a95d762ff5ab1138dacb7d480e
imphash 5d423bef809cc91651a8042587e6c843
File size 257.5 KB ( 263680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-30 17:48:04 UTC ( 3 months, 3 weeks ago )
Last submission 2018-12-30 17:48:04 UTC ( 3 months, 3 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Code injections in the following processes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications