× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5c4290aaa92fa42b688b92f5197dcd3a7b227ffbbe79364c94b9efbb4165e5af
File name: tmp637.exe
Detection ratio: 6 / 64
Analysis date: 2018-11-20 14:51:54 UTC ( 4 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181022
Endgame malicious (high confidence) 20181108
Ikarus Trojan-Banker.TrickBot 20181120
Microsoft Trojan:Win32/MereTam.A 20181120
Palo Alto Networks (Known Signatures) generic.ml 20181120
Webroot W32.Trojan.Gen 20181120
Ad-Aware 20181120
AegisLab 20181120
AhnLab-V3 20181120
Alibaba 20180921
ALYac 20181120
Antiy-AVL 20181120
Arcabit 20181120
Avast 20181120
Avast-Mobile 20181120
AVG 20181120
Avira (no cloud) 20181120
Babable 20180918
Baidu 20181120
BitDefender 20181120
Bkav 20181120
CAT-QuickHeal 20181120
ClamAV 20181120
Cybereason 20180225
Cyren 20181120
DrWeb 20181120
eGambit 20181120
Emsisoft 20181120
ESET-NOD32 20181120
F-Prot 20181120
F-Secure 20181120
Fortinet 20181120
GData 20181120
Sophos ML 20181108
Jiangmin 20181120
K7AntiVirus 20181120
K7GW 20181120
Kaspersky 20181120
Kingsoft 20181120
Malwarebytes 20181120
MAX 20181120
McAfee 20181120
McAfee-GW-Edition 20181120
eScan 20181120
NANO-Antivirus 20181120
Panda 20181120
Qihoo-360 20181120
Rising 20181120
SentinelOne (Static ML) 20181011
Sophos AV 20181120
SUPERAntiSpyware 20181114
Symantec 20181120
Symantec Mobile Insight 20181108
TACHYON 20181120
Tencent 20181120
TheHacker 20181118
TrendMicro 20181120
TrendMicro-HouseCall 20181120
Trustlook 20181120
VBA32 20181120
ViRobot 20181120
Yandex 20181119
Zillya 20181119
ZoneAlarm by Check Point 20181120
Zoner 20181120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Description Microsofft checker
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-20 12:18:29
Entry Point 0x00001284
Number of sections 18
PE sections
Overlays
MD5 b8484b649125974cc6ab983849155f75
File type data
Offset 444416
Size 20446
Entropy 3.92
PE imports
CryptEncrypt
CryptImportKey
CryptAcquireContextA
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetModuleHandleA
GetLastError
VirtualQuery
SetUnhandledExceptionFilter
TlsGetValue
ExitProcess
VirtualProtect
Sleep
GetProcAddress
VirtualAlloc
LeaveCriticalSection
MessageBoxA
_cexit
__p__fmode
__p__environ
fwrite
signal
printf
free
_onexit
atexit
abort
_setmode
vfprintf
__getmainargs
calloc
_iob
__set_app_type
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
416768

ImageVersion
1.0

FileVersionNumber
0.1.1.1

UninitializedDataSize
5632

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
2.21

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
2018:11:20 13:18:29+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Microsofft checker

OSVersion
4.0

FileOS
Unknown (0)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
155136

FileSubtype
0

ProductVersionNumber
0.1.1.1

EntryPoint
0x1284

ObjectFileType
Executable application

Execution parents
File identification
MD5 45cd0bd614713fb32991e1e7f3e2b509
SHA1 af814174983242c57dd771ed82fc36b737c38fcf
SHA256 5c4290aaa92fa42b688b92f5197dcd3a7b227ffbbe79364c94b9efbb4165e5af
ssdeep
12288:8bBA6yitrRS80nybUvtRupnlLjnw6YtmA0P:8ltrb0nqcGp7jkbg

authentihash 118067ea6acc4d9a8a3ae42df43c9c0b46fc0364ee999e024d1e4e4cc7f633ea
imphash 5932d5e5d1271dcc492c580f7e99c131
File size 454.0 KB ( 464862 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (45.0%)
Microsoft Visual C++ compiled executable (generic) (26.9%)
Win32 Dynamic Link Library (generic) (10.7%)
Win32 Executable (generic) (7.3%)
OS/2 Executable (generic) (3.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-11-20 14:51:54 UTC ( 4 months ago )
Last submission 2018-11-20 14:51:54 UTC ( 4 months ago )
File names xnivrd.exe
sdlkycg.exe
dmgtpcpo.exe
tmp536.exe
rammst.ein
tmp637.exe
tmp637.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections