× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5c86e22b1617a15cf77d73c0a4bd696e02f807ff3e124c0abf9e04d54d9c76bf
File name: dttcodexgigas.d48c3813f6133dd58ec6ac67e2045a9a36995921
Detection ratio: 15 / 69
Analysis date: 2018-11-28 05:28:07 UTC ( 3 months, 2 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20181128
AVG FileRepMalware 20181128
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20181022
Cylance Unsafe 20181128
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CSJE 20181128
Fortinet W32/GenKryptik.CSIE!tr 20181128
Sophos ML heuristic 20181108
Kaspersky UDS:DangerousObject.Multi.Generic 20181128
Malwarebytes Trojan.MalPack 20181128
Microsoft Trojan:Win32/Cloxer.D!cl 20181127
Palo Alto Networks (Known Signatures) generic.ml 20181128
Qihoo-360 HEUR/QVM10.2.7FF9.Malware.Gen 20181128
Trapmine suspicious.low.ml.score 20181126
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181128
Ad-Aware 20181128
AegisLab 20181128
AhnLab-V3 20181127
Alibaba 20180921
ALYac 20181128
Antiy-AVL 20181128
Arcabit 20181127
Avast-Mobile 20181127
Avira (no cloud) 20181127
Babable 20180918
Baidu 20181128
BitDefender 20181128
Bkav 20181127
CAT-QuickHeal 20181127
ClamAV 20181127
CMC 20181127
Comodo 20181128
Cybereason 20180225
Cyren 20181128
DrWeb 20181128
eGambit 20181128
Emsisoft 20181128
F-Prot 20181128
F-Secure 20181128
GData 20181128
Ikarus 20181127
Jiangmin 20181128
K7AntiVirus 20181127
K7GW 20181128
Kingsoft 20181128
MAX 20181128
McAfee 20181128
McAfee-GW-Edition 20181128
eScan 20181128
NANO-Antivirus 20181128
Panda 20181127
Rising 20181128
SentinelOne (Static ML) 20181011
Sophos AV 20181128
SUPERAntiSpyware 20181128
Symantec 20181128
Symantec Mobile Insight 20181121
TACHYON 20181128
Tencent 20181128
TheHacker 20181126
TotalDefense 20181127
TrendMicro 20181128
TrendMicro-HouseCall 20181128
Trustlook 20181128
VBA32 20181127
ViRobot 20181128
Webroot 20181128
Yandex 20181127
Zillya 20181127
Zoner 20181128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-04 13:16:44
Entry Point 0x0000B377
Number of sections 4
PE sections
PE imports
EndPath
FillPath
StretchBlt
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
EnumTimeFormatsA
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
TlsGetValue
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
GetSystemTimes
TerminateProcess
WriteConsoleA
FindAtomA
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetUserDefaultLCID
AddAtomW
IsValidLocale
GetProcAddress
GetFileType
TlsSetValue
CreateFileA
ExitProcess
GetLocaleInfoW
LeaveCriticalSection
GetLastError
LCMapStringW
FindFirstChangeNotificationA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
WriteConsoleOutputCharacterW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetMonitorInfoW
CreateWindowExA
LoadIconA
GetRegisteredRawInputDevices
SetParent
GetThreadDesktop
PeekMessageA
ScrollWindow
GetAltTabInfoW
SwitchDesktop
GetNextDlgGroupItem
GetRawInputDeviceInfoW
PE exports
Number of PE resources by type
RT_ICON 6
RT_DIALOG 1
RT_STRING 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SERBIAN DEFAULT 12
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
417280

EntryPoint
0xb377

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2018, uecijxkejve

FileVersion
1.6.6.1

TimeStamp
2017:08:04 15:16:44+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
uyonamro

ProductVersion
1.4.2.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
122368

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 9c42950a4b8a0edf13293f27247cd4b5
SHA1 d48c3813f6133dd58ec6ac67e2045a9a36995921
SHA256 5c86e22b1617a15cf77d73c0a4bd696e02f807ff3e124c0abf9e04d54d9c76bf
ssdeep
6144:Qdkfo/wpeG5LXxJrH1TZvmP0Yemmuf7Gs:ykA/wVBBJbvW0YGuf7G

authentihash 63e37ea03a5a957398d579d8d38b9c01978d2ab0758534bbfc5b3992e405fac1
imphash 4d3fe94b543009bf7aefb562cdc66f90
File size 370.5 KB ( 379392 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-28 05:28:07 UTC ( 3 months, 2 weeks ago )
Last submission 2018-11-28 05:28:07 UTC ( 3 months, 2 weeks ago )
File names dttcodexgigas.d48c3813f6133dd58ec6ac67e2045a9a36995921
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs