× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 51fbd5b228bd304d9d67ae89ba124b5bd9a68983f549b9b426d42c4d6d6640c2
File name: a2ba57feaaefee73494c78f393df68f8
Detection ratio: 44 / 62
Analysis date: 2019-03-07 08:33:00 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKDZ.43399 20190306
AhnLab-V3 Trojan/Win32.Agent.R224787 20190306
ALYac Trojan.GenericKDZ.43399 20190306
Antiy-AVL GrayWare[Adware]/Win32.Adposhel.AY 20190306
Arcabit Trojan.Generic.DA987 20190306
Avast Win32:Adposhel-C [Adw] 20190306
AVG Win32:Adposhel-C [Adw] 20190306
Avira (no cloud) ADWARE/Adposhel.aya 20190306
BitDefender Trojan.GenericKDZ.43399 20190306
Bkav W32.FamVT.AdsCTTc.Worm 20190306
CAT-QuickHeal Trojan.Mauvaise.SL1 20190306
Comodo Application.Win32.Adware.Adposhel.AY@7lnbtm 20190306
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.eaaefe 20190109
Cyren W32/S-eb2065bf!Eldorado 20190306
DrWeb Trojan.Adposhel.25 20190306
Emsisoft Trojan.GenericKDZ.43399 (B) 20190306
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Adware.Adposhel.AY 20190306
F-Secure Adware.ADWARE/Adposhel.aya 20190306
Fortinet Adware/Adposhel 20190306
GData Trojan.GenericKDZ.43399 20190306
Ikarus PUA.Adposhel 20190306
Sophos ML heuristic 20181128
Jiangmin TrojanDropper.Agent.dgmv 20190306
K7AntiVirus Adware ( 0052d87f1 ) 20190306
K7GW Adware ( 0052d87f1 ) 20190306
Kaspersky Trojan-Dropper.Win32.Agent.bjuwvk 20190306
MAX malware (ai score=86) 20190307
McAfee GenericRXFG-PT!A2BA57FEAAEF 20190306
McAfee-GW-Edition BehavesLike.Win32.AdwareAdposhel.tz 20190306
Microsoft BrowserModifier:Win32/Foniad 20190306
eScan Trojan.GenericKDZ.43399 20190306
NANO-Antivirus Trojan.Win32.Adposhel.fabtlt 20190306
Panda Trj/Genetic.gen 20190306
Qihoo-360 HEUR/QVM20.1.AE12.Malware.Gen 20190307
Rising Adware.Adposhel!1.B180 (CLASSIC) 20190306
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Adposhel (PUA) 20190306
Trapmine malicious.high.ml.score 20190228
TrendMicro-HouseCall TROJ_GEN.R003C0OC519 20190306
VBA32 OScope.Malware-Cryptor.Kidep 20190306
ZoneAlarm by Check Point Trojan-Dropper.Win32.Agent.bjuwvk 20190306
AegisLab 20190306
Alibaba 20190306
Avast-Mobile 20190306
Babable 20180917
Baidu 20190305
ClamAV 20190306
CMC 20190306
eGambit 20190307
Kingsoft 20190307
Malwarebytes 20190306
SUPERAntiSpyware 20190306
Symantec Mobile Insight 20190220
TACHYON 20190306
Tencent 20190307
TheHacker 20190304
TotalDefense 20190306
Trustlook 20190307
ViRobot 20190306
Yandex 20190306
Zoner 20190306
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-06 13:16:06
Entry Point 0x000067EF
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
CreateDIBPatternBrushPt
GetDIBColorTable
AddFontResourceA
GetGlyphOutlineW
CreatePen
CreateFontIndirectA
CreatePolygonRgn
AnimatePalette
AddFontResourceW
GetClipBox
GetBitmapBits
GetGlyphOutlineA
GetDeviceGammaRamp
GetDeviceCaps
CreateDCA
DeleteDC
CreateColorSpaceW
GetBoundsRect
GetPixel
GetPixelFormat
CreateDiscardableBitmap
GetBitmapDimensionEx
CreateDCW
CreateBitmapIndirect
CreateHatchBrush
CreatePatternBrush
GetOutlineTextMetricsA
CreateBitmap
CreateFontA
CreatePalette
GetPath
CreateEllipticRgnIndirect
AddFontMemResourceEx
CreateCompatibleDC
CreateFontW
Chord
GetGlyphIndicesA
CreateColorSpaceA
GetGlyphIndicesW
CancelDC
AddFontResourceExW
GetDIBits
DeleteObject
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetACP
FreeLibrary
IsProcessorFeaturePresent
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
GetCurrentProcessId
OpenProcess
UnhandledExceptionFilter
GetCommandLineW
WideCharToMultiByte
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
VirtualProtect
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
TlsFree
GetModuleHandleA
FindFirstFileExA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
DuplicateHandle
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetFileAttributesExW
TerminateProcess
GetModuleFileNameA
GetModuleHandleExW
IsValidCodePage
SetLastError
CreateFileW
CreateProcessW
FindClose
TlsGetValue
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
WriteConsoleW
LeaveCriticalSection
SHGetFileInfoA
SHGetFolderPathW
ExtractIconExA
DragAcceptFiles
DuplicateIcon
ShellExecuteW
SHGetDesktopFolder
DragQueryFileA
SHGetPathFromIDListA
SetFocus
DrawEdge
GetForegroundWindow
IsIconic
DrawTextA
SetPropA
EndDialog
EqualRect
InSendMessage
MoveWindow
CharUpperA
GetMessageW
SetWindowTextA
MessageBeep
DrawFocusRect
DrawFrameControl
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
BeginDeferWindowPos
GetNextDlgTabItem
CreateDialogIndirectParamW
DispatchMessageA
EnableWindow
GetWindowLongA
PostMessageA
ReleaseCapture
GetDlgItemTextA
CallWindowProcA
MessageBoxA
PeekMessageA
DrawTextExA
TranslateMessage
IsWindowEnabled
PostMessageW
GetMenuDefaultItem
GetSysColor
LoadStringA
InsertMenuItemA
ReleaseDC
LoadMenuA
CreatePopupMenu
ShowCaret
SendMessageW
GetSubMenu
GetKeyNameTextA
SetClipboardData
SendDlgItemMessageW
DrawIconEx
IsWindowVisible
GetWindowPlacement
SendMessageA
GetClassInfoW
CloseWindow
GetDlgItem
MonitorFromWindow
ClientToScreen
SetRect
MonitorFromRect
wsprintfA
GetWindowTextLengthA
SetTimer
SetRectEmpty
LoadIconA
DialogBoxIndirectParamW
DefDlgProcA
CharLowerA
IsDlgButtonChecked
TrackPopupMenuEx
EnableMenuItem
DeferWindowPos
LoadImageA
GetCursor
GetFocus
CreateWindowExW
RegisterClassExA
ReplyMessage
DestroyWindow
ReleaseStgMedium
CoCreateGuid
RevokeDragDrop
OleGetClipboard
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:02:06 05:16:06-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
96768

LinkerVersion
13.12

FileTypeExtension
exe

InitializedDataSize
1023488

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x67ef

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 a2ba57feaaefee73494c78f393df68f8
SHA1 5aa8106365e087e56d936cb8f419f8a95d0e4337
SHA256 51fbd5b228bd304d9d67ae89ba124b5bd9a68983f549b9b426d42c4d6d6640c2
ssdeep
6144:iYd6rfHOvViIzttImSr903HkiqcG+ONyLN7Di9GsxJYibH:WuvVflc90EQGGs0sxJYu

authentihash f614507bacd052c5f555c295413cbe2639415129a9ec06ba0d9f4da8304664b1
imphash e9c4f864fdfac66d0cdb9821ef784bab
File size 1.1 MB ( 1117184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2019-03-07 08:33:00 UTC ( 1 month, 1 week ago )
Last submission 2019-03-07 08:33:00 UTC ( 1 month, 1 week ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Searched windows
Runtime DLLs