× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5b19a7108cf0b2f423e91c66a85841932df1bcb3c909e40ccc170a8c782a026f
File name: .
Detection ratio: 31 / 65
Analysis date: 2019-04-07 18:24:15 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190330
Ad-Aware Trojan.GenericKDZ.54980 20190407
Arcabit Trojan.Generic.DD6C4 20190407
Avast Win32:CoinminerX-gen [Trj] 20190407
AVG Win32:CoinminerX-gen [Trj] 20190407
BitDefender Trojan.GenericKDZ.54980 20190407
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.f2ea76 20190403
eGambit Unsafe.AI_Score_99% 20190407
Emsisoft Trojan.GenericKDZ.54980 (B) 20190407
Endgame malicious (high confidence) 20190403
ESET-NOD32 a variant of Win32/Kryptik.GRRK 20190407
FireEye Generic.mg.dc71973d48f1baad 20190407
Fortinet W32/Generic.AP.297ADE!tr 20190407
GData Trojan.GenericKDZ.54980 20190407
Sophos ML heuristic 20190313
Jiangmin Trojan.Banker.RTM.gd 20190407
Kaspersky HEUR:Trojan-Banker.Win32.RTM.gen 20190407
Malwarebytes Spyware.Gootkit 20190407
MAX malware (ai score=88) 20190407
McAfee GenericRXHI-WO!DC71973D48F1 20190407
McAfee-GW-Edition BehavesLike.Win32.Dropper.kc 20190407
eScan Trojan.GenericKDZ.54980 20190407
NANO-Antivirus Trojan.Win32.GenKryptik.fouttk 20190407
Qihoo-360 HEUR/QVM19.1.5EC7.Malware.Gen 20190407
Rising Backdoor.Tofsee!8.1E9/N3#92% (RDM+:cmRtazpg1reOnDzB+ALCyQl8SK8C) 20190407
SentinelOne (Static ML) DFI - Malicious PE 20190317
Sophos AV Mal/Elenoocka-G 20190407
Trapmine malicious.high.ml.score 20190325
VBA32 BScope.Trojan.Zbot.4821 20190405
ZoneAlarm by Check Point HEUR:Trojan-Banker.Win32.RTM.gen 20190407
AegisLab 20190407
AhnLab-V3 20190407
Alibaba 20190402
Antiy-AVL 20190407
Avast-Mobile 20190407
Avira (no cloud) 20190407
Babable 20180918
Baidu 20190318
Bkav 20190405
CAT-QuickHeal 20190407
ClamAV 20190407
CMC 20190321
Comodo 20190407
Cyren 20190407
DrWeb 20190407
F-Secure 20190407
Ikarus 20190407
K7AntiVirus 20190407
K7GW 20190407
Kingsoft 20190407
Microsoft 20190407
Palo Alto Networks (Known Signatures) 20190407
Panda 20190407
SUPERAntiSpyware 20190404
Symantec Mobile Insight 20190325
TACHYON 20190407
Tencent 20190407
TheHacker 20190405
TotalDefense 20190407
TrendMicro-HouseCall 20190407
Trustlook 20190407
ViRobot 20190407
Yandex 20190404
Zillya 20190405
Zoner 20190406
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-31 03:26:56
Entry Point 0x00002000
Number of sections 5
PE sections
PE imports
AuthzInitializeContextFromSid
AuthzFreeResourceManager
AuthzAddSidsToContext
AuthzFreeAuditEvent
AuthzFreeContext
CoRegCleanup
ComPlusMigrate
DowngradeAPL
SetSetupSave
SetSetupOpen
GetSystemTime
GetShortPathNameW
VirtualAllocEx
RemoveDirectoryW
CreateJobObjectW
LoadLibraryExA
GetCurrentDirectoryW
AddAtomA
DeleteFileW
VirtualProtectEx
CreateFileMappingW
MapViewOfFile
GetModuleHandleA
WriteFile
CreateMutexW
GetACP
MoveFileExA
MoveFileA
CreateEventW
WriteConsoleA
OpenJobObjectW
AllocConsole
Sleep
GetCurrentThreadId
SetLastError
InterlockedIncrement
AlphaBlend
DllInitialize
GradientFill
TraceSQLConnect
TraceSQLError
TraceSQLBindCol
SHGetFileInfoA
ExtractIconA
SHGetDataFromIDListW
DragQueryFileW
SHGetFolderPathW
Shell_NotifyIconW
SHDefExtractIconW
FindExecutableW
SHQueryRecycleBinA
StrStrW
ShellAboutW
StrChrA
DllRegisterServer
ShellExecuteA
SHFileOperationA
UrlHashW
UrlIsA
PathIsURLA
PathIsRootA
UrlCombineW
PathCombineA
PathCommonPrefixA
UrlUnescapeW
UrlGetPartA
UrlCanonicalizeW
UrlCreateFromPathW
UrlCompareW
InsertMenuA
CreateWindowExA
LoadCursorA
PeekMessageW
DispatchMessageA
PostMessageA
GetPropW
LoadBitmapW
DrawStateA
DialogBoxParamW
CharToOemW
GetDlgItemTextW
IsDialogMessageA
LoadIconA
Number of PE resources by type
KAR 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:03:31 05:26:56+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
26112

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x2000

InitializedDataSize
40960

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 dc71973d48f1baadf48074629e17335a
SHA1 392dfc1f2ea7686936403f6bb95a3028fa515801
SHA256 5b19a7108cf0b2f423e91c66a85841932df1bcb3c909e40ccc170a8c782a026f
ssdeep
1536:V0z0M7LgiPUtx1c12mFt4SvfrVvJqc9LXWCHi:yABHO1tFt4SrVvJqAL1H

authentihash e4009eb4c347e6e84f69952933ab2d7c61d751763312e1daf0716da004839c65
imphash 11b2c3155d2e4994db1a21f469b506b5
File size 66.5 KB ( 68096 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (43.3%)
Win32 Dynamic Link Library (generic) (21.7%)
Win32 Executable (generic) (14.9%)
OS/2 Executable (generic) (6.7%)
Generic Win/DOS Executable (6.6%)
Tags
peexe

VirusTotal metadata
First submission 2019-04-07 18:24:15 UTC ( 1 month, 2 weeks ago )
Last submission 2019-04-07 18:24:15 UTC ( 1 month, 2 weeks ago )
File names .
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Moved files
Runtime DLLs