× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5abe2dba125c2c6f2686f3233dcedf73cd22b5ea4ca4af880cd33356b06207d7
File name: s.1.exe
Detection ratio: 18 / 68
Analysis date: 2018-10-28 01:59:46 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
AVG FileRepMalware 20181027
Bkav W32.eHeur.Malware03 20181025
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181022
Cybereason malicious.59d265 20180225
Cylance Unsafe 20181028
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CPGN 20181027
Fortinet Malicious_Behavior.SB 20181028
Sophos ML heuristic 20180717
Kaspersky UDS:DangerousObject.Multi.Generic 20181028
McAfee-GW-Edition BehavesLike.Win32.Generic.ch 20181027
Microsoft Trojan:Win32/Vigorf.A 20181027
Palo Alto Networks (Known Signatures) generic.ml 20181028
Qihoo-360 Win32/Trojan.bb6 20181028
Symantec ML.Attribute.HighConfidence 20181027
VBA32 Malware-Cryptor.Limpopo 20181026
Webroot W32.Adware.Installcore 20181028
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181027
Ad-Aware 20181028
AegisLab 20181028
AhnLab-V3 20181027
Alibaba 20180921
ALYac 20181028
Antiy-AVL 20181028
Arcabit 20181027
Avast 20181027
Avast-Mobile 20181027
Avira (no cloud) 20181027
Babable 20180918
Baidu 20181026
BitDefender 20181028
CAT-QuickHeal 20181027
ClamAV 20181026
CMC 20181027
Cyren 20181028
DrWeb 20181028
eGambit 20181028
Emsisoft 20181028
F-Prot 20181028
F-Secure 20181027
GData 20181028
Ikarus 20181027
Jiangmin 20181028
K7AntiVirus 20181027
K7GW 20181025
Kingsoft 20181028
Malwarebytes 20181028
MAX 20181028
McAfee 20181028
eScan 20181028
NANO-Antivirus 20181028
Panda 20181027
Rising 20181028
SentinelOne (Static ML) 20181011
Sophos AV 20181027
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181026
TACHYON 20181028
Tencent 20181028
TheHacker 20181025
TotalDefense 20181027
TrendMicro 20181028
TrendMicro-HouseCall 20181027
Trustlook 20181028
VIPRE 20181027
ViRobot 20181027
Yandex 20181026
Zillya 20181026
Zoner 20181027
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-05 14:25:36
Entry Point 0x000055E0
Number of sections 5
PE sections
PE imports
ReportEventA
StretchBlt
StretchDIBits
GetNativeSystemInfo
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
SetProcessShutdownParameters
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
DuplicateHandle
GetLocalTime
GetACP
HeapAlloc
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
lstrcatA
UnhandledExceptionFilter
LoadLibraryExW
WideCharToMultiByte
ExitProcess
SetCommMask
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
SetProcessAffinityMask
GetProcAddress
AddAtomW
EncodePointer
GetProcessHeap
SetStdHandle
lstrcpyW
RaiseException
GetFileSizeEx
GetCPInfo
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetCommandLineA
GetThreadTimes
ExitThread
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
TlsGetValue
Sleep
SetLastError
TlsSetValue
GetProcessTimes
SetComputerNameExW
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
TransparentBlt
AlphaBlend
ShowScrollBar
EndPaint
SendMessageA
GetMessageExtraInfo
PeekMessageA
GetFocus
CopyImage
Number of PE resources by type
RT_BITMAP 2
RT_ICON 2
RT_ACCELERATOR 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
100352

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unknown (A56B)

LinkerVersion
12.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2017:05:05 07:25:36-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
ekhsossg.exe

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

LegalCopyright
Copyright (C) 2017, mtxibimg

MachineType
Intel 386 or later, and compatibles

CodeSize
62464

FileSubtype
0

ProductVersionNumber
3.0.0.0

EntryPoint
0x55e0

ObjectFileType
Executable application

File identification
MD5 e27260159d265da96b3429d3f6b713ee
SHA1 ba161e7fa18bc230fad25e9ac05e1dfca275cdfe
SHA256 5abe2dba125c2c6f2686f3233dcedf73cd22b5ea4ca4af880cd33356b06207d7
ssdeep
3072:BSiqxGLpXG8+WM60LnnGi0v/neUdyIB44J1jdeNFuG:B6xAU8Sg/nLfeNFuG

authentihash 315999f7d062f25a97ae6bdb349707365dba151d5c6c4ee7f9a32b67752a95a2
imphash 84d6aecc8335636cd94e9786683a9462
File size 152.5 KB ( 156160 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-28 01:59:46 UTC ( 4 months, 3 weeks ago )
Last submission 2018-11-08 02:01:39 UTC ( 4 months, 2 weeks ago )
File names s.1.exe
e27260159d265da96b3429d3f6b713ee
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs