× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 51d0082478c8af3335d7b5a16d9df91270ecd52f02e046a68ee0d9c59711b05a
File name: e758da6c5b761fc748ccee45f762cd22.virus
Detection ratio: 47 / 69
Analysis date: 2019-01-06 06:28:02 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.312986 20190106
AhnLab-V3 Trojan/Win32.Trickbot.C2742174 20190105
ALYac Gen:Variant.Ursu.312986 20190106
Antiy-AVL Trojan/Win32.TrickBot 20190105
Arcabit Trojan.Ursu.D4C69A 20190106
Avast Win32:Malware-gen 20190106
AVG Win32:Malware-gen 20190106
Avira (no cloud) TR/TrickBot.aqy 20190106
BitDefender Gen:Variant.Ursu.312986 20190106
CAT-QuickHeal Trojan.IGENERIC 20190105
ClamAV Win.Packer.Trickbot-6683856-3 20190106
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181022
Cybereason malicious.93969a 20180225
Cylance Unsafe 20190106
Cyren W32/Downloader.AWTD-2243 20190106
DrWeb Trojan.DownLoader27.8260 20190106
Emsisoft Gen:Variant.Ursu.312986 (B) 20190106
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/TrickBot.AX 20190105
F-Prot W32/Downldr2.JABA 20190106
F-Secure Gen:Variant.Ursu.312986 20190106
Fortinet W32/Kryptik.GLNT!tr 20190106
GData Win32.Trojan-Spy.TrickBot.C1JOJ4 20190106
Ikarus Trojan-Banker.TrickBot 20190105
Jiangmin Trojan.Banker.Trickster.cp 20190106
K7AntiVirus Trojan ( 005360611 ) 20190106
K7GW Trojan ( 005360611 ) 20190105
Kaspersky Trojan-Banker.Win32.Trickster.sp 20190106
MAX malware (ai score=80) 20190106
McAfee Trojan-FQEV!E758DA6C5B76 20190106
McAfee-GW-Edition Trojan-FQEV!E758DA6C5B76 20190106
Microsoft Trojan:Win32/MereTam.A 20190106
eScan Gen:Variant.Ursu.312986 20190106
NANO-Antivirus Trojan.Win32.Trickster.firwgz 20190106
Panda Trj/GdSda.A 20190105
Qihoo-360 HEUR/QVM20.1.5C0D.Malware.Gen 20190106
Rising Trojan.TrickBot!8.E313 (C64:YzY0Oorob9ZXTGL/) 20190106
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Trickbo-B 20190106
Symantec ML.Attribute.HighConfidence 20190105
TACHYON Banker/W32.Trickster.570469 20190106
VBA32 TrojanBanker.Trickster 20190104
VIPRE Trojan.Win32.Generic!BT 20190106
Yandex Trojan.PWS.Trickster! 20181229
Zillya Trojan.Trickster.Win32.1080 20190105
ZoneAlarm by Check Point Trojan-Banker.Win32.Trickster.sp 20190106
Zoner Trojan.Trickbot 20190106
Acronis 20181227
AegisLab 20190106
Alibaba 20180921
Avast-Mobile 20190105
Baidu 20190104
Bkav 20190104
CMC 20190105
Comodo 20190106
eGambit 20190106
Sophos ML 20181128
Kingsoft 20190106
Palo Alto Networks (Known Signatures) 20190106
SUPERAntiSpyware 20190102
Tencent 20190106
TheHacker 20190104
TotalDefense 20190105
Trapmine 20190103
TrendMicro 20190106
TrendMicro-HouseCall 20190106
Trustlook 20190106
ViRobot 20190106
Webroot 20190106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-05 14:12:47
Entry Point 0x000014E0
Number of sections 16
PE sections
Overlays
MD5 8a54fa2ed0580b53f23e4fc56e19a59d
File type data
Offset 495104
Size 75365
Entropy 4.33
PE imports
GetLastError
EnterCriticalSection
ReleaseMutex
TryEnterCriticalSection
ResumeThread
SetEvent
QueryPerformanceCounter
WaitForSingleObject
GetTickCount
TlsAlloc
GetHandleInformation
LoadLibraryA
DeleteCriticalSection
GetAtomNameA
SetThreadPriority
GetCurrentProcessId
AddAtomA
GetCurrentProcess
UnhandledExceptionFilter
TlsGetValue
VirtualProtect
SetProcessAffinityMask
WaitForMultipleObjects
InterlockedCompareExchange
GetThreadContext
GetCurrentThread
SuspendThread
CreateMutexA
InterlockedExchangeAdd
CreateSemaphoreA
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
DuplicateHandle
GetThreadPriority
SetThreadContext
TerminateProcess
GetProcessAffinityMask
ReleaseSemaphore
ResetEvent
InitializeCriticalSection
VirtualQuery
CreateEventA
FindAtomA
InterlockedDecrement
Sleep
TlsSetValue
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
SendMessageA
InSendMessage
strncmp
__lconv_init
malloc
realloc
memset
__dllonexit
_cexit
abort
fprintf
_setjmp3
printf
_fmode
_endthreadex
_amsg_exit
fputc
fwrite
_lock
_onexit
__initenv
fputs
_strdup
sprintf
memcmp
strlen
exit
__setusermatherr
_acmdln
longjmp
_unlock
free
vfprintf
__getmainargs
calloc
_write
memcpy
memmove
signal
strchr
_beginthreadex
_initterm
__set_app_type
strcmp
_ftime
_iob
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:10:05 15:12:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
87040

LinkerVersion
2.23

FileTypeExtension
exe

InitializedDataSize
409088

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit

EntryPoint
0x14e0

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
1536

File identification
MD5 e758da6c5b761fc748ccee45f762cd22
SHA1 faa249593969a4ba3d0cfc53f39c75bd5cf2248d
SHA256 51d0082478c8af3335d7b5a16d9df91270ecd52f02e046a68ee0d9c59711b05a
ssdeep
12288:apmNBenQQWXxsOfBfZXiXMIfqCfImT4wRMbGx:fc+XJBVicIf/ImTxRMbGx

authentihash ac08eac3414166b507b9527a36e63cd4aeb82183960db56d6f78f0909cf7fd86
imphash 431319b8294b160536d8e6546db68400
File size 557.1 KB ( 570469 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-01-06 06:28:02 UTC ( 1 month, 1 week ago )
Last submission 2019-01-06 06:28:02 UTC ( 1 month, 1 week ago )
File names e758da6c5b761fc748ccee45f762cd22.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!