× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5959810529d51309bb770063dfb8e26f539c8313ac5048497bab300977131bce
File name: e55c9255717e9a150d334b6a379e6c89.virus
Detection ratio: 60 / 72
Analysis date: 2019-04-26 13:35:23 UTC ( 4 weeks, 1 day ago )
Antivirus Result Update
Acronis suspicious 20190425
Ad-Aware Worm.Generic.592865 20190426
AegisLab Trojan.Win32.Cosmu.tpNL 20190426
AhnLab-V3 Trojan/Win32.HDC.C40379 20190426
ALYac Worm.Generic.592865 20190426
Antiy-AVL Worm[P2P]/Win32.Sytro 20190426
Arcabit Worm.Generic.D90BE1 20190426
Avast Win32:Malware-gen 20190426
AVG Win32:Malware-gen 20190426
Avira (no cloud) WORM/Systro.M 20190426
Baidu Win32.Trojan.Agent.aaw 20190318
BitDefender Worm.Generic.592865 20190426
Bkav W32.SolternSytro.Worm 20190425
CAT-QuickHeal Worm.Soltern.A.mue 20190426
ClamAV Win.Worm.Sytro-15 20190426
CMC P2P-Worm.Win32.Sytro!O 20190321
Comodo Worm.Win32.Soltern.O@2b05 20190426
CrowdStrike Falcon (ML) win/malicious_confidence_70% (D) 20190212
Cybereason malicious.5717e9 20190417
Cylance Unsafe 20190426
Cyren W32/Sytro.TPTC-5751 20190426
DrWeb Win32.HLLW.Sytro.30 20190426
Emsisoft Worm.Generic.592865 (B) 20190426
Endgame malicious (moderate confidence) 20190403
ESET-NOD32 Win32/Soltern.O 20190426
F-Prot W32/Sytro.M@p2p 20190426
F-Secure Worm.WORM/Systro.M 20190426
FireEye Worm.Generic.592865 20190426
Fortinet W32/Generic.AC.224186!tr 20190426
GData Worm.Generic.592865 20190426
Ikarus Virus.Win32.Sytro 20190426
Sophos ML heuristic 20190313
Jiangmin Worm/P2P.Sytro.m 20190426
K7AntiVirus Trojan ( 004d25161 ) 20190426
K7GW Trojan ( 004d25161 ) 20190426
Kaspersky Trojan.Win32.Cosmu.disn 20190426
Malwarebytes Worm.Agent 20190426
MAX malware (ai score=86) 20190426
MaxSecure Worm.Sytro.k 20190426
McAfee W32/Sytro.worm.gen!p2p 20190426
McAfee-GW-Edition BehavesLike.Win32.Sytro.cc 20190426
Microsoft Worm:Win32/Soltern.O 20190426
eScan Worm.Generic.592865 20190426
NANO-Antivirus Trojan.Win32.Sytro.fyca 20190426
Qihoo-360 Worm.Win32.Sytro.D 20190426
Rising Worm.P2p.Sytro.m (RDM+:cmRtazqGEmm8K7+6BoR3p4DT/Cm+) 20190426
SentinelOne (Static ML) DFI - Suspicious PE 20190420
Sophos AV W32/Systro-M 20190426
SUPERAntiSpyware Worm.Sytro/Variant 20190423
Symantec W32.HLLW.Electron 20190426
TheHacker W32/Sytro.m 20190421
TotalDefense Win32/Detox.D 20190426
Trapmine malicious.high.ml.score 20190325
TrendMicro WORM_SYTRO.M 20190426
TrendMicro-HouseCall WORM_SYTRO.M 20190426
VBA32 BScope.TrojanDropper.Delf 20190426
ViRobot Worm.Win32.P2P-Sytro.142848 20190426
Yandex Worm.P2P.Sytro!lDGVLBIveWQ 20190426
Zillya Worm.Sytro.Win32.40 20190424
ZoneAlarm by Check Point Trojan.Win32.Cosmu.disn 20190426
Alibaba 20190425
Avast-Mobile 20190426
Babable 20190424
eGambit 20190426
Kingsoft 20190426
Palo Alto Networks (Known Signatures) 20190426
Panda 20190426
Symantec Mobile Insight 20190418
TACHYON 20190426
Tencent 20190426
Trustlook 20190426
Webroot 20190426
Zoner 20190426
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0007D3E0
Number of sections 3
PE sections
Overlays
MD5 14b18ddc6fe3121bf6dd68ba61328c01
File type data
Offset 142848
Size 4173
Entropy 7.95
PE imports
LoadLibraryA
ExitProcess
GetProcAddress
RegCloseKey
VariantClear
CharNextA
Number of PE resources by type
RT_STRING 6
RT_RCDATA 2
Number of PE resources by language
NEUTRAL 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
143360

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
4096

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x7d3e0

OSVersion
1.0

ImageVersion
0.0

UninitializedDataSize
368640

File identification
MD5 e55c9255717e9a150d334b6a379e6c89
SHA1 15ab3a5ff6107d2aa9efae77f886fa4aa3f1ddc5
SHA256 5959810529d51309bb770063dfb8e26f539c8313ac5048497bab300977131bce
ssdeep
3072:t3gbYiGULALwoOZ6CVLWX5XPK7XCz39yfgUvIDx5ZfeoE2B:tYYiGULALwFypy7XCz9yIUAw2B

authentihash 3f977cdb1a43017e5862782c23dfd96ac2dd96e8a1ad41286af76e3f131a7b04
imphash d7b2934b89bc50c5c343ad84032de88e
File size 143.6 KB ( 147021 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (32.6%)
Win32 EXE Yoda's Crypter (32.0%)
DOS Borland compiled Executable (generic) (12.0%)
Win32 Dynamic Link Library (generic) (7.9%)
Win32 Executable (generic) (5.4%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2019-04-26 13:35:23 UTC ( 4 weeks, 1 day ago )
Last submission 2019-04-26 13:35:23 UTC ( 4 weeks, 1 day ago )
File names e55c9255717e9a150d334b6a379e6c89.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!