× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5c4070e6995a55b20a6b9b561898d44fe76994cd0eb8acb2802c3b9cb7476f11
File name: Toz2JS.jpg
Detection ratio: 49 / 71
Analysis date: 2019-01-31 19:58:48 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190130
Ad-Aware Trojan.GenericKD.31406325 20190131
AegisLab Trojan.Win32.Propagate.4!c 20190131
AhnLab-V3 Trojan/Win32.Agent.R248960 20190131
ALYac Trojan.GenericKD.31406325 20190131
Antiy-AVL Trojan/Win32.Propagate 20190131
Arcabit Trojan.Generic.D1DF38F5 20190131
Avast Win32:Trojan-gen 20190131
AVG Win32:Trojan-gen 20190131
BitDefender Trojan.GenericKD.31406325 20190131
CAT-QuickHeal Trojan.Fuerboos 20190131
Comodo Malware@#jsw60c19yac5 20190131
Cybereason malicious.3e8bb0 20190109
Cylance Unsafe 20190131
Cyren W32/Trojan.VNRX-5703 20190131
DrWeb Trojan.PWS.Spy.21017 20190131
Emsisoft Trojan.GenericKD.31406325 (B) 20190131
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CTRG 20190131
F-Secure Trojan.GenericKD.31406325 20190131
Fortinet W32/Kryptik.GOVE!tr 20190131
GData Trojan.GenericKD.31406325 20190131
Ikarus Trojan.Win32.Krypt 20190131
Sophos ML heuristic 20181128
Jiangmin TrojanSpy.Noon.ebc 20190131
K7AntiVirus Riskware ( 0040eff71 ) 20190131
K7GW Riskware ( 0040eff71 ) 20190131
Kaspersky Trojan.Win32.Propagate.cgw 20190131
McAfee GenericRXGQ-YQ!9F89F763E8BB 20190131
McAfee-GW-Edition GenericRXGQ-YQ!9F89F763E8BB 20190131
Microsoft Trojan:Win32/Occamy.C 20190131
eScan Trojan.GenericKD.31406325 20190131
NANO-Antivirus Trojan.Win32.Propagate.flbbtk 20190131
Palo Alto Networks (Known Signatures) generic.ml 20190131
Panda Trj/GdSda.A 20190131
Qihoo-360 Win32/Trojan.Dropper.dd5 20190131
Rising Trojan.Fuerboos!8.EFC8 (TFE:5:qzMNZ9RCfuP) 20190131
Sophos AV Mal/Generic-S 20190131
SUPERAntiSpyware Trojan.Agent/Gen-Downloader 20190130
Symantec Downloader 20190131
Tencent Win32.Trojan.Propagate.Hxgj 20190131
Trapmine malicious.moderate.ml.score 20190123
TrendMicro TROJ_GEN.F0C2C00LB18 20190131
TrendMicro-HouseCall TROJ_GEN.F0C2C00LB18 20190131
VBA32 Trojan.Sonbokli 20190131
Webroot W32.Trojan.Gen 20190131
Yandex Trojan.Propagate! 20190129
Zillya Trojan.Propagate.Win32.1090 20190131
ZoneAlarm by Check Point Trojan.Win32.Propagate.cgw 20190131
Alibaba 20180921
Avast-Mobile 20190131
Avira (no cloud) 20190131
Babable 20180918
Baidu 20190131
Bkav 20190130
ClamAV 20190131
CMC 20190131
CrowdStrike Falcon (ML) 20181023
eGambit 20190131
F-Prot 20190131
Kingsoft 20190131
Malwarebytes 20190131
MAX 20190131
SentinelOne (Static ML) 20190124
TACHYON 20190131
TheHacker 20190131
TotalDefense 20190131
Trustlook 20190131
VIPRE 20190131
ViRobot 20190131
Zoner 20190131
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 0.1.0.19
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 11:36:18
Entry Point 0x0000ED20
Number of sections 6
PE sections
PE imports
RegQueryValueA
RegOpenKeyExA
RegCloseKey
GetObjectA
CreateFontIndirectA
GetTextExtentPoint32A
GetStockObject
FreeLibrary
DeleteCriticalSection
GetStartupInfoA
CreateProcessA
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleA
lstrcatA
WaitForSingleObject
SetEvent
GetWindowsDirectoryA
lstrcpyA
Sleep
ResetEvent
GetLogicalDrives
VirtualProtect
GetProcAddress
LoadLibraryA
LeaveCriticalSection
Ord(6197)
Ord(1775)
Ord(4080)
Ord(537)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(2299)
Ord(6883)
Ord(2124)
Ord(2023)
Ord(3626)
Ord(755)
Ord(3798)
Ord(6052)
Ord(3721)
Ord(3610)
Ord(5290)
Ord(2446)
Ord(2370)
Ord(2864)
Ord(5875)
Ord(4441)
Ord(2915)
Ord(5628)
Ord(809)
Ord(795)
Ord(616)
Ord(815)
Ord(641)
Ord(5277)
Ord(2514)
Ord(909)
Ord(4425)
Ord(5199)
Ord(567)
Ord(941)
Ord(4465)
Ord(609)
Ord(2863)
Ord(5300)
Ord(1200)
Ord(3797)
Ord(1105)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(348)
Ord(2982)
Ord(4234)
Ord(825)
Ord(3081)
Ord(4218)
Ord(5307)
Ord(801)
Ord(3574)
Ord(4424)
Ord(540)
Ord(4078)
Ord(2554)
Ord(556)
Ord(6376)
Ord(3584)
Ord(1727)
Ord(2365)
Ord(543)
Ord(2642)
Ord(696)
Ord(2379)
Ord(2725)
Ord(3874)
Ord(4998)
Ord(823)
Ord(5572)
Ord(656)
Ord(3749)
Ord(2512)
Ord(470)
Ord(541)
Ord(2578)
Ord(4274)
Ord(394)
Ord(6143)
Ord(2859)
Ord(3259)
Ord(4079)
Ord(1146)
Ord(3147)
Ord(2860)
Ord(6375)
Ord(324)
Ord(2621)
Ord(4398)
Ord(1088)
Ord(3262)
Ord(1576)
Ord(2614)
Ord(4353)
Ord(2575)
Ord(803)
Ord(5065)
Ord(4407)
Ord(4275)
Ord(3663)
Ord(3346)
Ord(858)
Ord(2396)
Ord(6358)
Ord(3831)
Ord(6374)
Ord(5280)
Ord(3825)
Ord(926)
Ord(1089)
Ord(2985)
Ord(3922)
Ord(2818)
Ord(4160)
Ord(4376)
Ord(3402)
Ord(3582)
Ord(800)
Ord(535)
Ord(2411)
Ord(3830)
Ord(2122)
Ord(2385)
Ord(3619)
Ord(663)
Ord(3079)
Ord(4396)
Ord(6334)
Ord(6880)
Ord(2055)
Ord(4837)
Ord(5241)
Ord(1776)
Ord(2648)
Ord(5714)
Ord(5289)
Ord(4185)
Ord(4622)
Ord(561)
Ord(5261)
Ord(2302)
Ord(924)
Ord(4486)
Ord(4698)
Ord(2976)
Ord(5163)
Ord(6055)
Ord(6199)
Ord(5265)
Ord(4673)
Ord(5302)
Ord(860)
Ord(5731)
??0Init@ios_base@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1_Winit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0_Winit@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1Init@ios_base@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
_except_handler3
_acmdln
_XcptFilter
__CxxFrameHandler
_setmbcp
_exit
_adjust_fdiv
memset
__p__commode
__dllonexit
_onexit
_controlfp
strcpy
__p__fmode
_mbsstr
__getmainargs
exit
_initterm
strlen
__setusermatherr
__set_app_type
ShellExecuteA
RedrawWindow
GetParent
PostMessageA
EnumWindows
ReleaseCapture
CopyIcon
KillTimer
MessageBeep
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
InflateRect
EnableWindow
SetCapture
DrawIcon
SetWindowLongA
GetSysColor
GetDC
DestroyCursor
ReleaseDC
SendMessageA
GetClientRect
IsIconic
InvalidateRect
SetTimer
LoadCursorA
LoadIconA
FlashWindow
GetSystemMenu
SetCursor
PtInRect
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
0.1.0.19

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Taiwan (Big5)

InitializedDataSize
118784

EntryPoint
0xed20

MIMEType
application/octet-stream

FileVersion
0.1.0.19

TimeStamp
2016:12:06 11:36:18+00:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ASUSTeK Computer Inc.

CodeSize
61440

FileSubtype
0

ProductVersionNumber
0.1.0.19

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9f89f763e8bb0bf8ce0ab174f5c481ba
SHA1 7cda1d995ccc084738ccadcbee298425a69dedd3
SHA256 5c4070e6995a55b20a6b9b561898d44fe76994cd0eb8acb2802c3b9cb7476f11
ssdeep
3072:74vhjxMapBECJj+iqM8dTxoze71zPjuPd4ySKeXLLrrMuwopmItD9Cg:74vhjxMapBHjvl2Txoze71zPjuPd4y18

authentihash 449e8aab1545df5e1a92a9c32d61a56174ac56d5542cecea7f69c8c5583a5555
imphash 9510ff1fadb140d5ef11ef34d3a1d018
File size 180.0 KB ( 184320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-10 18:21:33 UTC ( 5 months, 1 week ago )
Last submission 2019-02-12 20:19:07 UTC ( 3 months, 1 week ago )
File names 5c4070e6995a55b20a6b9b561898d44fe76994cd0eb8acb2802c3b9cb7476f11.exe
Toz2JS.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs