× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4f1b1bb334050c94414136165741f14e2577e9b6bd8cd88477a90daf0fcd4347
File name: 2ecc258c891aa1ad73a428bdb4bf2d84.virus
Detection ratio: 40 / 68
Analysis date: 2018-01-05 03:58:14 UTC ( 1 year, 3 months ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Jimmy.R216858 20180104
ALYac Gen:Variant.Ursu.48329 20180105
Antiy-AVL Trojan/Win32.TSGeneric 20180103
Arcabit Trojan.Ursu.DBCC9 20180105
Avast Win32:Malware-gen 20180105
AVG Win32:Malware-gen 20180105
Avira (no cloud) TR/Crypt.Xpack.umysw 20180105
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9948 20180104
BitDefender Gen:Variant.Ursu.48329 20180105
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20171016
Cylance Unsafe 20180105
Cyren W32/Trojan.EWTY-4436 20180105
DrWeb Trojan.DownLoader26.7289 20180105
eGambit Unsafe.AI_Score_93% 20180105
Emsisoft Gen:Variant.Ursu.48329 (B) 20180105
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.GBBG 20180105
F-Secure Gen:Variant.Ursu.48329 20180105
Fortinet W32/Kryptik.GBCA!tr 20180105
GData Gen:Variant.Ursu.48329 20180105
Ikarus Trojan.Win32.Crypt 20180104
Sophos ML heuristic 20170914
Jiangmin Trojan.Delikle.bv 20180105
Kaspersky Trojan-Banker.Win32.Jimmy.pk 20180105
Malwarebytes Trojan.MalPack.Generic 20180105
MAX malware (ai score=81) 20180105
McAfee Artemis!2ECC258C891A 20180102
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.dc 20180105
eScan Gen:Variant.Ursu.48329 20180105
NANO-Antivirus Trojan.Win32.Jimmy.ewodkk 20180105
Panda Trj/CI.A 20180104
Qihoo-360 HEUR/QVM10.1.50B9.Malware.Gen 20180105
Rising Malware.Obscure/Heur!1.9E03 (CLASSIC) 20180105
Sophos AV Mal/Generic-S 20180105
Symantec Trojan.Gen 20180105
Tencent Suspicious.Heuristic.Gen.b.0 20180105
TrendMicro-HouseCall TROJ_GEN.R004H0CA418 20180105
VBA32 BScope.Malware-Cryptor.Hlux 20180104
VIPRE Trojan.Win32.Generic!BT 20180105
ZoneAlarm by Check Point Trojan-Banker.Win32.Jimmy.pk 20180105
Ad-Aware 20171225
AegisLab 20180105
Alibaba 20180105
Avast-Mobile 20180104
AVware 20180103
Bkav 20180104
CAT-QuickHeal 20180104
ClamAV 20180104
CMC 20180104
Comodo 20180105
Cybereason 20171103
F-Prot 20180105
K7AntiVirus 20180105
K7GW 20180104
Kingsoft 20180105
Microsoft 20180104
nProtect 20180105
Palo Alto Networks (Known Signatures) 20180105
SentinelOne (Static ML) 20171224
SUPERAntiSpyware 20180105
TheHacker 20180103
TotalDefense 20180104
TrendMicro 20180105
Trustlook 20180105
ViRobot 20180105
Webroot 20180105
WhiteArmor 20171226
Yandex 20171229
Zillya 20180104
Zoner 20180105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017, erterteretrt

Internal name hrtoeruy.exe
File version 1.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-30 05:27:04
Entry Point 0x00002FCB
Number of sections 5
PE sections
PE imports
GetUserNameA
InitiateSystemShutdownA
GetSecurityDescriptorControl
OpenEventLogA
LookupPrivilegeNameW
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
HeapDestroy
GetProcessTimes
TlsAlloc
GetEnvironmentStringsW
GetLocaleInfoW
GetModuleFileNameA
RtlUnwind
SetConsoleCtrlHandler
GetACP
HeapSetInformation
GetCurrentProcess
EnumSystemLocalesA
GetLocaleInfoA
LocalAlloc
AddAtomA
lstrcatA
UnhandledExceptionFilter
GetModuleHandleW
WideCharToMultiByte
ExitProcess
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
EncodePointer
GetCurrentThread
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
DecodePointer
IsProcessorFeaturePresent
GetProcessWorkingSetSize
IsValidLocale
ExitThread
HeapReAlloc
GetStringTypeW
GetProcAddress
GetOEMCP
IsDebuggerPresent
TerminateProcess
GetProcessAffinityMask
IsValidCodePage
HeapCreate
FatalAppExitA
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
GetCurrentProcessId
SetLastError
InterlockedIncrement
AlphaBlend
TransparentBlt
GradientFill
Number of PE resources by type
RT_ICON 2
DSCPS 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 5
ENGLISH UK 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (British)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1185280

EntryPoint
0x2fcb

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2017:12:30 06:27:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
hrtoeruy.exe

ProductVersion
1.0.0.0

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2017, erterteretrt

MachineType
Intel 386 or later, and compatibles

CodeSize
112128

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 2ecc258c891aa1ad73a428bdb4bf2d84
SHA1 41c70d41abb34f8a078b7ad66d6390d4148106a1
SHA256 4f1b1bb334050c94414136165741f14e2577e9b6bd8cd88477a90daf0fcd4347
ssdeep
6144:SnwXoyMzZQqkcZ1gYjsoaH11qsI1rkPLWsC:xoyMzZQvcZ17jQH1ioaj

authentihash cd1eb99f424444824f298456d58ed89cc07b07fb8855fbfb890c934056a660fa
imphash 493613312b0cb45009e35494096bd911
File size 234.5 KB ( 240128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2018-01-05 03:58:14 UTC ( 1 year, 3 months ago )
Last submission 2018-01-05 03:58:14 UTC ( 1 year, 3 months ago )
File names hrtoeruy.exe
2ecc258c891aa1ad73a428bdb4bf2d84.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!