× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 509f201becb4c78981a5d27dcf71de0a33b3d30850cd0c790052911c57cb1c72
File name: 4B7.TMP
Detection ratio: 45 / 68
Analysis date: 2018-08-28 23:15:08 UTC ( 7 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Generic.Nymaim.E.7F5BFCE3 20180828
ALYac Generic.Nymaim.E.7F5BFCE3 20180828
Antiy-AVL Trojan/Win32.AGeneric 20180828
Arcabit Generic.Nymaim.E.7F5BFCE3 20180828
Avast FileRepMetagen [Malware] 20180828
AVG FileRepMetagen [Malware] 20180828
Avira (no cloud) HEUR/AGEN.1006920 20180828
AVware Trojan.Win32.Generic!BT 20180823
Babable Malware.HighConfidence 20180822
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180828
BitDefender Generic.Nymaim.E.7F5BFCE3 20180828
Bkav HW32.Packed. 20180828
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.4ac73c 20180225
Cylance Unsafe 20180829
Emsisoft Generic.Nymaim.E.7F5BFCE3 (B) 20180828
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.FDSP 20180828
F-Secure Generic.Nymaim.E.7F5BFCE3 20180829
Fortinet W32/Kryptik.FAFF!tr 20180828
GData Generic.Nymaim.E.7F5BFCE3 20180828
Ikarus Trojan.Win32.Crypt 20180828
Sophos ML heuristic 20180717
Jiangmin Trojan.Generic.brqpq 20180828
K7AntiVirus Trojan ( 004f24ab1 ) 20180828
K7GW Trojan ( 004f24ab1 ) 20180828
Kaspersky HEUR:Trojan.Win32.Generic 20180828
MAX malware (ai score=81) 20180829
McAfee Artemis!DB0961B4AC73 20180828
McAfee-GW-Edition BehavesLike.Win32.Ransomware.cc 20180828
Microsoft TrojanDownloader:Win32/Talalpek.A 20180828
eScan Generic.Nymaim.E.7F5BFCE3 20180828
Panda Trj/GdSda.A 20180828
Qihoo-360 Win32/Trojan.0cd 20180829
Rising Malware.XPACK-HIE/Heur!1.9C48 (CLOUD) 20180828
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Elenoocka-E 20180828
Symantec Packed.Generic.493 20180828
Tencent Win32.Trojan.Kryptik.Wqmr 20180829
TrendMicro TROJ_HPTALAPEK.SMEND 20180828
TrendMicro-HouseCall TROJ_HPTALAPEK.SMEND 20180828
VBA32 BScope.TrojanPSW.Papras 20180828
VIPRE Trojan.Win32.Generic!BT 20180828
Zillya Trojan.Kryptik.Win32.921603 20180828
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180828
AegisLab 20180828
AhnLab-V3 20180828
Alibaba 20180713
Avast-Mobile 20180828
CAT-QuickHeal 20180828
ClamAV 20180828
CMC 20180828
Comodo 20180828
Cyren 20180828
DrWeb 20180828
eGambit 20180829
F-Prot 20180828
Kingsoft 20180829
Malwarebytes 20180828
NANO-Antivirus 20180828
Palo Alto Networks (Known Signatures) 20180829
SUPERAntiSpyware 20180828
Symantec Mobile Insight 20180822
TACHYON 20180828
TheHacker 20180824
TotalDefense 20180828
Trustlook 20180829
ViRobot 20180828
Webroot 20180829
Yandex 20180827
Zoner 20180828
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-24 12:57:49
Entry Point 0x00017855
Number of sections 4
PE sections
PE imports
CloseClusterGroup
CloseCluster
JetCloseDatabase
JetCloseTable
JetCommitTransaction
JetBeginTransaction
GetProcessHeap
CreateWaitableTimerA
GetStartupInfoA
CopyFileW
SystemTimeToFileTime
GetLogicalDriveStringsA
GetModuleHandleA
GetVersionExW
WriteFile
CreateHardLinkA
WaitForSingleObjectEx
IsBadStringPtrA
lstrcpynA
DeleteFileW
GetVersion
GetDiskFreeSpaceA
MoveFileExA
GetProcAddress
WriteConsoleW
SetEnvironmentVariableA
SHGetFileInfoA
ExtractIconA
SHFree
DragAcceptFiles
DuplicateIcon
DragQueryPoint
ShellMessageBoxA
FindExecutableA
SHGetDiskFreeSpaceA
DragFinish
SHChangeNotify
StrChrA
SHGetDataFromIDListA
SHGetDesktopFolder
SHFileOperationA
SHGetMalloc
DllRegisterServer
UrlCreateFromPathA
UrlCombineA
UrlIsA
UrlGetPartA
UrlGetLocationW
PathIsRootA
PathCombineA
UrlIsNoHistoryA
PathCommonPrefixA
UrlHashA
UrlCanonicalizeW
UrlEscapeA
UrlUnescapeA
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:01:24 13:57:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
95232

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

FileTypeExtension
exe

InitializedDataSize
17408

SubsystemVersion
4.0

EntryPoint
0x17855

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 db0961b4ac73c7a92f7d8e0ed992fe2a
SHA1 65c48f1833592cdf699f4ce549a1e9111c5383f6
SHA256 509f201becb4c78981a5d27dcf71de0a33b3d30850cd0c790052911c57cb1c72
ssdeep
1536:xo7Yv2J0vnq+lRS6bcbmSeFg1u7QrMcyBRZRlXlBVIwbzuTrgNlTJRmKA5o7YHsU:xpuIxxbGee1w6EZRlXlVbzX7cpEx+

authentihash 289fd3d0a2b712ba50e0f5e1c4044ba43d74d6c1ed23d42130beb905e456a7f2
imphash 44082215563ef16014c051e6743eec24
File size 111.0 KB ( 113664 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe nxdomain

VirusTotal metadata
First submission 2018-08-28 23:15:08 UTC ( 7 months, 3 weeks ago )
Last submission 2018-08-28 23:15:08 UTC ( 7 months, 3 weeks ago )
File names 4B7.TMP
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
DNS requests
TCP connections
UDP communications