× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5e628c5f6bed373bbc1095ea16b7de022dcc158a8cbb4908f42d1a06fe95d42b
File name: 10b1ab8086e17ed4dd4d9070bebd71b3
Detection ratio: 48 / 68
Analysis date: 2018-08-10 11:41:02 UTC ( 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30938733 20180810
AegisLab Troj.W32.Buzus.lx0C 20180810
AhnLab-V3 Trojan/Win32.Tescrypt.R230733 20180810
ALYac Trojan.GenericKD.30938733 20180810
Antiy-AVL Trojan/Win32.Refinka 20180810
Arcabit Trojan.Generic.D1D8166D 20180810
Avast Win32:Malware-gen 20180810
AVG Win32:Malware-gen 20180810
Avira (no cloud) TR/Skeeyah.eltiw 20180810
AVware Trojan.Win32.Generic!BT 20180810
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9981 20180810
BitDefender Trojan.GenericKD.30938733 20180810
CAT-QuickHeal Trojan.Mauvaise.SL1 20180810
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180810
Cyren W32/Agent.EW.gen!Eldorado 20180810
DrWeb Trojan.DiskFill.41072 20180810
Emsisoft Trojan.GenericKD.30938733 (B) 20180810
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/FlyStudio.HackTool.A potentially unwanted 20180810
F-Prot W32/Agent.EW.gen!Eldorado 20180810
F-Secure Trojan.GenericKD.30938733 20180810
Fortinet W32/Agent.AZAJ!tr 20180810
GData Win32.Trojan.FlyStudio.F 20180810
Ikarus Trojan.Win32.Skeeyah 20180810
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 005246d51 ) 20180810
K7GW Trojan ( 005246d51 ) 20180810
Kaspersky HEUR:Trojan.Win32.Generic 20180810
Malwarebytes Trojan.Agent 20180810
MAX malware (ai score=88) 20180810
McAfee Trojan-FPRJ!10B1AB8086E1 20180810
McAfee-GW-Edition BehavesLike.Win32.Trojan.fh 20180810
Microsoft Trojan:Win32/Tescrypt!rfn 20180810
eScan Trojan.GenericKD.30938733 20180810
NANO-Antivirus Trojan.Win32.FlyStudio.fcuxgn 20180810
Panda Trj/Genetic.gen 20180810
Qihoo-360 HEUR/QVM07.1.172F.Malware.Gen 20180810
Rising PUF.Hacktool!1.B2A6 (RDM+:cmRtazpeNhVz4/8hODUFIlh37X4J) 20180810
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/Agent-AZAJ 20180810
Symantec Trojan.Gen.NPE.2 20180810
VBA32 BScope.Trojan.Tiggre 20180808
VIPRE Trojan.Win32.Generic!BT 20180810
Webroot W32.Trojan.GenKD 20180810
Yandex Trojan.Agent!xzWj7OcDFmU 20180810
Zillya Trojan.GenericKD.Win32.119968 20180809
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180810
Alibaba 20180713
Avast-Mobile 20180810
Babable 20180725
Bkav 20180810
ClamAV 20180810
CMC 20180810
Comodo 20180810
eGambit 20180810
Jiangmin 20180810
Kingsoft 20180810
Palo Alto Networks (Known Signatures) 20180810
SUPERAntiSpyware 20180810
Symantec Mobile Insight 20180809
TACHYON 20180810
Tencent 20180810
TheHacker 20180807
TotalDefense 20180810
TrendMicro 20180810
TrendMicro-HouseCall 20180810
Trustlook 20180810
ViRobot 20180810
Zoner 20180810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-10 17:36:48
Entry Point 0x0009ADD5
Number of sections 4
PE sections
Overlays
MD5 fb7b3ea24df5dd44653458b28c6290f5
File type ASCII text
Offset 1040384
Size 3150
Entropy 5.02
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCloseKey
RegCreateKeyExA
ImageList_Read
ImageList_GetImageCount
ImageList_Duplicate
ImageList_Destroy
ImageList_SetBkColor
Ord(17)
CreatePolygonRgn
SetROP2
PathToRegion
GetWindowOrgEx
PatBlt
SetViewportExtEx
CreatePen
GetBkMode
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
CreateRectRgnIndirect
EndPath
CombineRgn
GetClipBox
GetROP2
GetWindowExtEx
GetClipRgn
GetViewportOrgEx
SelectObject
Rectangle
SetMapMode
GetObjectA
ExcludeClipRect
CreateCompatibleDC
DeleteDC
RestoreDC
SetBkMode
GetSystemPaletteEntries
OffsetViewportOrgEx
GetTextExtentPoint32A
EndDoc
SetWindowOrgEx
StartPage
DeleteObject
BitBlt
GetStretchBltMode
RealizePalette
SetTextColor
GetDeviceCaps
GetCurrentObject
FillRgn
CreateEllipticRgn
CreateDCA
CreateBitmap
RectVisible
CreatePalette
GetStockObject
CreateDIBitmap
GetPolyFillMode
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
GetDIBits
ExtSelectClipRgn
CreateRoundRectRgn
SelectClipRgn
RoundRect
StretchBlt
SetStretchBltMode
SelectPalette
ScaleViewportExtEx
EndPage
CreateRectRgn
LineTo
StartDocA
SetPolyFillMode
CreateCompatibleBitmap
SetWindowExtEx
GetTextColor
CreateSolidBrush
DPtoLP
SetViewportOrgEx
Escape
GetViewportExtEx
BeginPath
GetBkColor
Ellipse
MoveToEx
LPtoDP
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
SetEvent
HeapDestroy
IsBadCodePtr
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
WaitForSingleObject
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
SetLastError
GetSystemTime
GetEnvironmentVariableA
GlobalFindAtomA
HeapAlloc
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
CreateSemaphoreA
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
UnlockFile
GetFileSize
LCMapStringW
DeleteFileA
GetWindowsDirectoryA
WaitForMultipleObjects
GetProcessHeap
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
CompareStringA
FindNextFileA
DuplicateHandle
GetUserDefaultLCID
GetTimeZoneInformation
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
GlobalDeleteAtom
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
WinExec
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetVersion
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
VariantChangeType
UnRegisterTypeLib
RegisterTypeLib
VariantCopyInd
VariantClear
SysAllocString
LoadTypeLib
LHashValOfNameSys
VariantInit
ShellExecuteA
SHGetSpecialFolderPathA
Shell_NotifyIconA
RedrawWindow
GetMessagePos
SetWindowRgn
SetMenuItemBitmaps
DestroyWindow
MoveWindow
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
GetNextDlgTabItem
IsWindow
DispatchMessageA
ClientToScreen
ScrollWindowEx
GrayStringA
WindowFromPoint
GetMessageTime
CallNextHookEx
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
SetScrollPos
LoadIconA
GetWindowTextLengthA
CopyAcceleratorTableA
GetTopWindow
LoadImageA
GetActiveWindow
GetWindowTextA
PtInRect
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
GetMenuState
ShowWindow
DrawFrameControl
CreateIconFromResourceEx
EnableWindow
MapWindowPoints
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
SetParent
SetClipboardData
IsZoomed
GetWindowPlacement
IsIconic
RegisterClassA
TabbedTextOutA
GetWindowLongA
SetTimer
FillRect
CopyRect
GetSysColorBrush
EndPaint
CreateAcceleratorTableA
IsChild
IsDialogMessageA
SetFocus
CreateWindowExA
GetMessageA
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
IntersectRect
SetWindowLongA
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
CreateMenu
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
EnumDisplaySettingsA
SetWindowsHookExA
GetMenuItemCount
DestroyAcceleratorTable
ValidateRect
CreateIconFromResource
GetSystemMenu
GetMenuItemID
SetForegroundWindow
OpenClipboard
EmptyClipboard
ChildWindowFromPointEx
GetScrollRange
EndDialog
GetCapture
SetWindowTextA
AppendMenuA
GetPropA
SetMenu
RegisterClipboardFormatA
SetRectEmpty
CallWindowProcA
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
DestroyIcon
IsWindowVisible
GetDesktopWindow
SetCursorPos
WinHelpA
SetRect
DeleteMenu
InvalidateRect
wsprintfA
DrawTextA
TranslateAcceleratorA
IsRectEmpty
GetClassNameA
GetFocus
CloseClipboard
ModifyMenuA
UnhookWindowsHookEx
SetCursor
waveOutReset
midiStreamProperty
waveOutOpen
waveOutClose
midiOutPrepareHeader
waveOutUnprepareHeader
waveOutPause
waveOutGetNumDevs
waveOutPrepareHeader
midiStreamOpen
midiStreamOut
midiStreamStop
waveOutWrite
midiStreamRestart
midiOutUnprepareHeader
midiOutReset
midiStreamClose
OpenPrinterA
DocumentPropertiesA
ClosePrinter
recv
accept
WSAAsyncSelect
recvfrom
ioctlsocket
getpeername
WSACleanup
closesocket
inet_ntoa
GetFileTitleA
ChooseColorA
GetSaveFileNameA
GetOpenFileNameA
OleUninitialize
CLSIDFromProgID
OleInitialize
CoCreateInstance
OleRun
CLSIDFromString
Number of PE resources by type
RT_BITMAP 15
RT_STRING 11
RT_DIALOG 10
RT_CURSOR 4
RT_GROUP_CURSOR 3
RT_ICON 3
TEXTINCLUDE 3
RT_GROUP_ICON 3
RT_MENU 2
RT_MANIFEST 1
Number of PE resources by language
CHINESE SIMPLIFIED 52
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:04:10 18:36:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
761856

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x9add5

InitializedDataSize
479232

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 10b1ab8086e17ed4dd4d9070bebd71b3
SHA1 247035f5d5a1d782153837036333894eb6fd074b
SHA256 5e628c5f6bed373bbc1095ea16b7de022dcc158a8cbb4908f42d1a06fe95d42b
ssdeep
24576:uqLMFH5BhM6RwyeQvt6ot0h9HyrOOfGOA8:1LMFHa6ReIt0jSrOA

authentihash 8b9ff0c1e656633906a11804044e1a7f96288c1a0534b10113ffe8b218697434
imphash 28178deeb23ca335978bbb93418aba95
File size 1019.1 KB ( 1043534 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-08-10 11:41:02 UTC ( 4 months ago )
Last submission 2018-08-10 11:41:02 UTC ( 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!