× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5939cd1180a8c0f250d84df369516606bfecb8b18de794c666804167da0266cb
File name: 1F0000.mem
Detection ratio: 44 / 69
Analysis date: 2018-12-24 00:38:23 UTC ( 2 months ago ) View latest
Antivirus Result Update
Acronis malware 20181222
Ad-Aware Gen:Variant.Graftor.497274 20181223
AegisLab Trojan.Win32.Graftor.4!c 20181223
AhnLab-V3 Trojan/Win32.Trickbot.C2618725 20181223
ALYac Gen:Variant.Graftor.497274 20181223
Antiy-AVL Trojan/Win32.Totbrick 20181223
Arcabit Trojan.Graftor.D7967A 20181223
Avast Win32:BankerX-gen [Trj] 20181223
AVG Win32:BankerX-gen [Trj] 20181223
Avira (no cloud) HEUR/AGEN.1035581 20181223
BitDefender Gen:Variant.Graftor.497274 20181223
ClamAV Win.Trojan.Trickbot-6335790-0 20181223
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.5c384d 20180225
Cylance Unsafe 20181224
Emsisoft Gen:Variant.Graftor.497274 (B) 20181224
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/TrickBot.AQ 20181223
F-Prot W32/FakeAlert.FY.gen!Eldorado 20181224
F-Secure Gen:Variant.Graftor.497274 20181224
Fortinet W32/Generic.AP.157C834!tr 20181224
GData Gen:Variant.Graftor.497274 20181224
Ikarus Trojan-Banker.TrickBot 20181224
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 0052f2dc1 ) 20181223
K7GW Trojan ( 0052f2dc1 ) 20181223
Kaspersky Trojan.Win32.Trickster.dme 20181224
MAX malware (ai score=100) 20181224
McAfee Trojan-FPWA!4CC503CF9D77 20181223
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.ch 20181223
Microsoft Trojan:Win32/Totbrick.H 20181223
eScan Gen:Variant.Graftor.497274 20181223
NANO-Antivirus Trojan.Win32.TrickBot.flghlb 20181223
Palo Alto Networks (Known Signatures) generic.ml 20181224
Panda Trj/GdSda.A 20181223
Rising Trojan.TrickBot!8.E313 (RDM+:cmRtazpC87bH42CLPVkJKkDDG7W7) 20181223
SentinelOne (Static ML) static engine - malicious 20181223
Sophos AV Mal/Generic-S 20181223
Symantec ML.Attribute.HighConfidence 20181222
Trapmine malicious.high.ml.score 20181205
TrendMicro TROJ_GEN.R020C0DLM18 20181223
TrendMicro-HouseCall TROJ_GEN.R020C0DLM18 20181223
VBA32 BScope.Trojan.Totbrick 20181222
ZoneAlarm by Check Point Trojan.Win32.Trickster.dme 20181223
Alibaba 20180921
Avast-Mobile 20181223
Babable 20180918
Baidu 20181207
Bkav 20181221
CAT-QuickHeal 20181223
CMC 20181223
Comodo 20181223
Cyren 20181224
DrWeb 20181224
eGambit 20181224
Jiangmin 20181223
Kingsoft 20181224
Malwarebytes 20181224
Qihoo-360 20181224
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181223
Tencent 20181224
TheHacker 20181220
Trustlook 20181224
ViRobot 20181223
Webroot 20181224
Yandex 20181223
Zillya 20181222
Zoner 20181223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-12-21 12:24:25
Entry Point 0x0000AD56
Number of sections 5
PE sections
PE imports
CryptDestroyKey
RegCreateKeyExW
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
RegSetValueExW
CryptSetKeyParam
CryptEncrypt
RegOpenKeyW
CryptDecrypt
RegQueryValueExW
CryptImportKey
CryptStringToBinaryA
GetSystemTime
GetLastError
SystemTimeToFileTime
GetModuleFileNameW
WaitForSingleObject
QueryPerformanceCounter
GetTickCount
LoadLibraryA
lstrlenW
GetCurrentProcess
GetWindowsDirectoryW
GetCurrentProcessId
UnhandledExceptionFilter
DeleteFileA
GetVolumeInformationW
GetStartupInfoW
GetProcAddress
InterlockedCompareExchange
GetTempPathA
LoadLibraryW
GetModuleHandleA
GetSystemDirectoryW
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
LocalFree
TerminateProcess
CreateProcessA
CreateProcessW
InterlockedDecrement
Sleep
GetFullPathNameW
CreateFileA
GetCurrentThreadId
SysAllocString
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
SHGetFolderPathW
wsprintfA
wsprintfW
WinHttpSetOption
WinHttpConnect
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
setsockopt
getaddrinfo
gethostname
socket
recv
inet_addr
send
WSACleanup
WSAStartup
freeaddrinfo
connect
htonl
inet_ntoa
htons
closesocket
getpeername
__wgetmainargs
malloc
sscanf
rand
??1type_info@@UAE@XZ
srand
wcsftime
memset
_vsnwprintf
_amsg_exit
?terminate@@YAXXZ
strtok
??2@YAPAXI@Z
memcpy
exit
sprintf
realloc
__setusermatherr
_controlfp
_XcptFilter
_cexit
_CxxThrowException
tolower
_wtoi
__p__commode
_itow
??3@YAXPAX@Z
free
_time64
atoi
_initterm
??_V@YAXPAX@Z
_vsnprintf
strstr
__p__fmode
_localtime64
_exit
_wcmdln
__set_app_type
RtlUnwind
CoInitializeEx
CoInitializeSecurity
Number of PE resources by type
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:12:21 13:24:25+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
146944

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
28672

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0xad56

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 4cc503cf9d77673137693cb666a4c25c
SHA1 39f3e605c384d32af263a901896487d86d4ba861
SHA256 5939cd1180a8c0f250d84df369516606bfecb8b18de794c666804167da0266cb
ssdeep
3072:SPnea52pWxUPVYmrHjqhQFCoKQWWqQPRlDm9jIkDpKROUZp3LCQyzCSqYg0r:SPnr52pbPaqHemFCo4WqARM9jIkDoL1+

authentihash d327463fbe36eeeaa6d4d3b3c7daeba97e7beb2c24d2ec6a3422b1304b829d2f
imphash 25bf9a93cd1c021383748f90b0bc1193
File size 172.5 KB ( 176640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-22 11:09:49 UTC ( 2 months ago )
Last submission 2018-12-22 11:09:49 UTC ( 2 months ago )
File names 1F0000.mem
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections