× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4f23f484583424307150a15a115737392124ccd63f581de5694b467d566355ab
Detection ratio: 45 / 69
Analysis date: 2018-09-29 09:50:43 UTC ( 3 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31185363 20180929
AhnLab-V3 Malware/Win32.Ransom.C2689267 20180928
ALYac Trojan.GenericKD.31185363 20180929
Antiy-AVL Trojan[PSW]/Win32.Coins 20180929
Arcabit Trojan.Generic.D1DBD9D3 20180929
Avast Win32:Trojan-gen 20180929
AVG Win32:Trojan-gen 20180929
Avira (no cloud) HEUR/AGEN.1031551 20180928
BitDefender Trojan.GenericKD.31185363 20180929
CAT-QuickHeal Trojan.IGENERIC 20180928
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180929
Cyren W32/Trojan.HXNK-5417 20180929
DrWeb Trojan.PWS.Stealer.24300 20180929
Emsisoft Trojan.GenericKD.31185363 (B) 20180929
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GKHQ 20180929
F-Secure Trojan.GenericKD.31185363 20180929
Fortinet W32/Kryptik.GKQG!tr 20180929
GData Trojan.GenericKD.31185363 20180929
Ikarus Trojan.Win32.Krypt 20180929
Sophos ML heuristic 20180717
Jiangmin Trojan.PSW.Coins.bcm 20180929
K7AntiVirus Trojan ( 0053b7781 ) 20180929
K7GW Trojan ( 0053b7781 ) 20180929
Kaspersky Trojan-PSW.Win32.Coins.isl 20180929
MAX malware (ai score=98) 20180929
McAfee RDN/Generic PWS.y 20180929
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20180929
Microsoft Trojan:Win32/Dynamer!rfn 20180929
eScan Trojan.GenericKD.31185363 20180929
NANO-Antivirus Trojan.Win32.Coins.fhwuhs 20180929
Palo Alto Networks (Known Signatures) generic.ml 20180929
Panda Trj/CI.A 20180929
Qihoo-360 HEUR/QVM20.1.7ECB.Malware.Gen 20180929
Rising Downloader.Godzilla!8.E3AB (CLOUD) 20180929
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Generic PUA PK (PUA) 20180929
Symantec Trojan.Gen.2 20180928
Tencent Win32.Trojan-qqpass.Qqrob.Wqwu 20180929
TrendMicro Ransom.Win32.BITPAYMER.SM.hp 20180929
TrendMicro-HouseCall Ransom.Win32.BITPAYMER.SM.hp 20180929
VBA32 BScope.Trojan.Fuerboos 20180928
Zillya Trojan.GenericKD.Win32.167167 20180928
ZoneAlarm by Check Point Trojan-PSW.Win32.Coins.isl 20180925
AegisLab 20180929
Alibaba 20180921
Avast-Mobile 20180928
AVware 20180925
Babable 20180918
Baidu 20180929
Bkav 20180928
ClamAV 20180929
CMC 20180929
Comodo 20180929
Cybereason 20180225
eGambit 20180929
F-Prot 20180929
Kingsoft 20180929
Malwarebytes 20180929
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180929
TheHacker 20180927
TotalDefense 20180929
Trustlook 20180929
VIPRE 20180929
ViRobot 20180929
Webroot 20180929
Yandex 20180927
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-27 15:01:19
Entry Point 0x00002AFB
Number of sections 3
PE sections
PE imports
ImageList_Write
LBItemFromPt
CreateStatusWindow
MakeDragList
ImageList_GetIconSize
FlatSB_SetScrollInfo
InitCommonControls
ImageList_SetImageCount
InitMUILanguage
CreatePropertySheetPage
DPA_GetPtr
FlatSB_SetScrollPos
ImageList_Copy
ImageList_DragEnter
GetLastError
GetNumberOfConsoleInputEvents
DebugActiveProcessStop
RemoveLocalAlternateComputerNameA
FreeUserPhysicalPages
GetModuleHandleA
OpenProcess
GetAtomNameA
SetSystemPowerState
DeleteFileA
QueryPerformanceCounter
FindClose
_lopen
ExitProcess
VirtualProtect
GetTickCount
GetProcAddress
VirtualAlloc
LoadLibraryA
WritePrivateProfileStringW
OleUninitialize
OleCreateStaticFromData
OleInitialize
PropVariantChangeType
OleCreateLink
PropSysAllocString
RegisterDragDrop
CoCreateInstance
CoGetProcessIdentifier
StgOpenStorageOnHandle
OleSave
HGLOBAL_UserMarshal
CoQueryAuthenticationServices
OleDuplicateData
OleRun
SetFocus
IsWindow
SetTaskmanWindow
GetMenu
IMPGetIMEA
ShowCursor
ReleaseCapture
SetCaretPos
GetCapture
MessageBoxA
GetClassNameA
DdeInitializeW
PostQuitMessage
DefWindowProcA
MessageBoxW
GetDlgItemInt
LoadMenuW
ArrangeIconicWindows
InvalidateRect
VerFindFileW
VerInstallFileA
VerQueryValueW
GetFileVersionInfoSizeW
VerInstallFileW
VerQueryValueA
IsValidDevmodeA
DEVICEMODE
DeletePrintProvidorA
WaitForPrinterChange
AddFormA
EnumPrinterDataW
DeletePortW
DeletePrinterDriverExA
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:08:27 16:01:19+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
142848

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
4608

ImageFileCharacteristics
Executable, No symbols, 32-bit

EntryPoint
0x2afb

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 6b80ef60ec71fa590a89028232145f0c
SHA1 fa4dbad2fc20fd970cb9febee3ded0291ef22f82
SHA256 4f23f484583424307150a15a115737392124ccd63f581de5694b467d566355ab
ssdeep
3072:KjljVFOdeQP+bH6MsVcywBnrn9kPhx084audZK:ukea+baMsVlErn9QIaudo

authentihash 731d0de12b96f5b343e76e78738dfcc6a810a7a856480e1e3b841602dc274aba
imphash 512bfefa7de008111a524b0c0e25999b
File size 145.0 KB ( 148480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-08-28 19:27:29 UTC ( 4 months, 3 weeks ago )
Last submission 2018-08-28 19:27:29 UTC ( 4 months, 3 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications