× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 59b603b211b6a4a76f7b025f6bfd414819a9639df45f9d3e70dd4ece1ba7c6b6
File name: b56e5bac235a1166ae4cc04f4368562a
Detection ratio: 49 / 71
Analysis date: 2019-01-05 04:04:24 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoruns.GenericKDS.31340149 20190105
AegisLab Trojan.Win32.Trickster.4!c 20190104
AhnLab-V3 Trojan/Win32.Trickbot.C2814250 20190104
Antiy-AVL Trojan[Banker]/Win32.Trickster 20190105
Arcabit Trojan.Autoruns.GenericS.D1DE3675 20190105
Avast Win32:Malware-gen 20190105
AVG Win32:Malware-gen 20190105
Avira (no cloud) HEUR/AGEN.1036724 20190104
BitDefender Trojan.Autoruns.GenericKDS.31340149 20190105
Bkav HW32.Packed. 20190104
CAT-QuickHeal Trojan.IGENERIC 20190104
ClamAV Win.Packer.Trickbot-6683856-3 20190105
Comodo Malware@#193zikgy2sb1o 20190105
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20190105
Cyren W32/Trojan.SSBI-2072 20190105
DrWeb Trojan.DownLoader27.14217 20190105
Emsisoft Trojan.Autoruns.GenericKDS.31340149 (B) 20190104
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GMKM 20190104
F-Secure Trojan.Autoruns.GenericKDS.31340149 20190104
Fortinet W32/GenKryptik.CQCJ!tr 20190104
GData Trojan.Autoruns.GenericKDS.31340149 20190104
Ikarus Trojan-Banker.TrickBot 20190104
Sophos ML heuristic 20181128
Jiangmin Trojan.Banker.Trickster.em 20190104
K7AntiVirus Riskware ( 0040eff71 ) 20190104
K7GW Riskware ( 0040eff71 ) 20190104
Kaspersky HEUR:Trojan.Win32.Generic 20190104
MAX malware (ai score=92) 20190105
McAfee Trojan-FQGT!B56E5BAC235A 20190104
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.fc 20190104
Microsoft Trojan:Win32/MereTam.A 20190104
eScan Trojan.Autoruns.GenericKDS.31340149 20190104
NANO-Antivirus Trojan.Win32.Kryptik.fjzdjh 20190104
Palo Alto Networks (Known Signatures) generic.ml 20190105
Panda Trj/CI.A 20190104
Qihoo-360 Win32/Trojan.05f 20190105
Rising Trojan.GenKryptik!8.AA55 (CLOUD) 20190104
Sophos AV Mal/Generic-S 20190104
Symantec Trojan.Gen.2 20190104
TACHYON Trojan/W32.TrickBot.388096 20190104
Tencent Win32.Trojan-banker.Trickster.Pepq 20190105
Trapmine malicious.moderate.ml.score 20190103
TrendMicro TROJ_GEN.R002C0DK818 20190104
TrendMicro-HouseCall TROJ_GEN.R002C0DK818 20190104
VBA32 BScope.Trojan.MereTam 20190104
Webroot W32.Trojan.Gen 20190105
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190105
Acronis 20181227
Alibaba 20180921
Avast-Mobile 20190104
AVware 20180925
Babable 20180918
Baidu 20190104
CMC 20190104
Cybereason 20180225
eGambit 20190105
F-Prot 20190104
Kingsoft 20190105
Malwarebytes 20190104
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190102
TheHacker 20190104
TotalDefense 20190104
Trustlook 20190105
VIPRE 20190105
ViRobot 20190105
Yandex 20181229
Zillya 20190105
Zoner 20190105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-05 17:05:35
Entry Point 0x000012A0
Number of sections 9
PE sections
PE imports
GetLastError
EnterCriticalSection
WaitForSingleObject
ExitProcess
TlsAlloc
VirtualProtect
LoadLibraryA
DeleteCriticalSection
ReleaseSemaphore
InterlockedDecrement
GetProcAddress
CreateSemaphoreA
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
CloseHandle
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
TlsSetValue
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
__p__fmode
malloc
__p__environ
realloc
atexit
abort
_setmode
printf
_cexit
fputc
fwrite
_onexit
fputs
_strdup
sprintf
memcmp
strchr
free
vfprintf
__getmainargs
calloc
_write
memcpy
signal
__set_app_type
strcmp
_iob
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:11:05 09:05:35-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
84992

LinkerVersion
2.23

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, No debug

EntryPoint
0x12a0

InitializedDataSize
387072

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
512

File identification
MD5 b56e5bac235a1166ae4cc04f4368562a
SHA1 bc6d76f71050c274e08731fc051dd22a92a8d989
SHA256 59b603b211b6a4a76f7b025f6bfd414819a9639df45f9d3e70dd4ece1ba7c6b6
ssdeep
6144:FwnzoMXB0YUtJ0P0B3mvfb5AlZjqDZ/uQsnL/8oVpUn:FwzowB0ptJ0NHbeZj4u+

authentihash 9090c57c27f9b7792c7a9b0050cbd5e93a15b45d460c5980af8377c2f0405eae
imphash 872bf67d5a58f8d58b8e202f5fc2f311
File size 379.0 KB ( 388096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Microsoft Visual C++ compiled executable (generic) (49.0%)
Win32 Dynamic Link Library (generic) (19.5%)
Win32 Executable (generic) (13.3%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-05 20:15:58 UTC ( 3 months, 1 week ago )
Last submission 2018-11-05 20:15:58 UTC ( 3 months, 1 week ago )
File names UMnND2l.exe
UMnND2l.exe
ULnNC2l.exe
LNZtGpAu33GLtZRgEP.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections