× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5d953d887abf65fa7c8d3a2336b6ec8e510b1019819e93a6cfc0d767b0c89a4c
File name: pwd.exe
Detection ratio: 20 / 57
Analysis date: 2017-02-13 19:33:26 UTC ( 2 years ago ) View latest
Antivirus Result Update
AegisLab Troj.Gen!c 20170213
Antiy-AVL Trojan/Win32.Agent 20170213
AVware Trojan.Win32.Generic!BT 20170213
CAT-QuickHeal Trojan.IGENERIC 20170213
ESET-NOD32 Python/Riskware.LaZagne.A 20170213
GData Win32.Trojan.Agent.NQO155 20170213
Sophos ML trojan.python.kaazar.a 20170203
Jiangmin Trojan.Generic.aclcm 20170213
K7AntiVirus Trojan ( 005016951 ) 20170213
K7GW Trojan ( 005016951 ) 20170213
McAfee Artemis!F6421A4F5706 20170213
McAfee-GW-Edition BehavesLike.Win32.Downloader.tc 20170213
Panda HackTool/LaZagne.A 20170213
Rising Malware.Undefined!8.C-M4h3NB0gKGI (cloud) 20170213
Sophos AV Generic PUA GF (PUA) 20170213
Symantec Trojan.Gen.2 20170213
Tencent Win32.Risk.Riskware.Ebzu 20170213
TrendMicro-HouseCall TROJ_GEN.R01BH05B417 20170213
VIPRE Trojan.Win32.Generic!BT 20170213
ViRobot Trojan.Win32.Z.Agent.5937424[h] 20170213
Ad-Aware 20170213
AhnLab-V3 20170213
Alibaba 20170213
ALYac 20170213
Arcabit 20170213
Avast 20170213
AVG 20170213
Avira (no cloud) 20170213
Baidu 20170213
BitDefender 20170213
Bkav 20170213
ClamAV 20170213
CMC 20170213
Comodo 20170213
CrowdStrike Falcon (ML) 20170130
Cyren 20170213
DrWeb 20170213
Emsisoft 20170213
Endgame 20170208
F-Prot 20170213
F-Secure 20170213
Fortinet 20170213
Ikarus 20170213
Kaspersky 20170213
Kingsoft 20170213
Malwarebytes 20170213
Microsoft 20170213
eScan 20170213
NANO-Antivirus 20170213
nProtect 20170213
Qihoo-360 20170213
SUPERAntiSpyware 20170213
TheHacker 20170211
TrendMicro 20170213
Trustlook 20170213
VBA32 20170213
WhiteArmor 20170202
Yandex 20170212
Zillya 20170210
Zoner 20170213
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x000014F0
Number of sections 8
PE sections
Overlays
MD5 5e411d016c17d62e452d99605f6c8d3a
File type data
Offset 126464
Size 5810960
Entropy 8.00
PE imports
GetLastError
EnterCriticalSection
GetShortPathNameW
GetModuleFileNameW
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
VirtualProtect
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCommandLineW
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
SetEnvironmentVariableW
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
GetTempPathW
GetSystemTimeAsFileTime
SetDllDirectoryW
TerminateProcess
InitializeCriticalSection
VirtualQuery
CreateProcessW
TlsGetValue
Sleep
FormatMessageA
GetCurrentThreadId
GetEnvironmentVariableW
LeaveCriticalSection
strncmp
__lconv_init
malloc
fseek
_wfindfirst
__wgetmainargs
_wrmdir
fread
fclose
strcat
__dllonexit
__wargv
abort
_setmode
strncpy
fflush
_onexit
_fmode
_vsnwprintf
__winitenv
wcslen
_amsg_exit
_get_osfhandle
strncat
clearerr
wcscmp
_wfindnext
strtok
feof
_lock
_getpid
_findclose
_unlock
ftell
strcpy
_strdup
sprintf
_fileno
exit
__setusermatherr
mbstowcs
_wcmdln
_cexit
memset
_fullpath
strrchr
ferror
free
getenv
setlocale
_wtempnam
vfprintf
_wfopen
calloc
setbuf
strlen
_wstat
_stat
_vsnprintf
_wremove
wcscat
_wmkdir
signal
strchr
memcpy
wcscpy
__argc
fwrite
fprintf
_initterm
__set_app_type
strcmp
_iob
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
39936

LinkerVersion
2.24

FileTypeExtension
exe

InitializedDataSize
85504

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Large address aware, 32-bit, No debug

EntryPoint
0x14f0

OSVersion
4.0

ImageVersion
1.0

UninitializedDataSize
51200

Execution parents
Compressed bundles
File identification
MD5 f6421a4f570656ada4a6c953bdd3c342
SHA1 6571ad4133ca7425d2cfb4d36c65f7aebe13ed94
SHA256 5d953d887abf65fa7c8d3a2336b6ec8e510b1019819e93a6cfc0d767b0c89a4c
ssdeep
98304:uZPsbRtouglcd5daFwiA4+Foa6uJwNHKqt3w42Kt+lQ5I/ke2LhAAhT7sT5LJ:+wo8YFu4+m4JwZS/ItAAhyL

authentihash 08ae663e7475caf8333fa8f54c44d357994e2f78d7bf87fd67996105318b4055
imphash be10bb45cef8dcc6869b921dd20884ae
File size 5.7 MB ( 5937424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2016-12-21 17:14:24 UTC ( 2 years, 1 month ago )
Last submission 2018-09-10 20:53:04 UTC ( 5 months, 1 week ago )
File names FUAwVV5MUqxa9rCC4rcw.exe
iEbjlrzEWCtrW8cmkjaT.exe
laZagne.exe
s.exe
1.com
lazagne_2.0_sitio_web.exe
laZagne.exe
hjxkct.exe
system.exe
emOcFHRnkVUAwEtYEIQ1.exe
gmxc.exe
Fm2ftlarOIjs2KZCbswz.exe.2900.dr
laZagne.exe
5d953d887abf65fa7c8d3a2336b6ec8e510b1019819e93a6cfc0d767b0c89a4c.bin
base.exe
J5szRAzEYrPUYvjDu15x.exe.3156.dr
UKCMs1Ancg1npitGQTi2.exe
antisystem.exe
dump.exe
password.exe
laZagne.exe
laZagne.exe
pwd.exe
L06ZfzU5GyNw2OVwMcnf.exe
ZiI5Ii0tgrJIPUrzvxwS.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Opened mutexes
Runtime DLLs