× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5fb9ba95e1045eb79194c3be82ec90ee835152057a91bb77bca908d1c64b89f6
File name: status.exe.1
Detection ratio: 9 / 71
Analysis date: 2019-01-21 12:59:08 UTC ( 1 month, 4 weeks ago ) View latest
Antivirus Result Update
Cylance Unsafe 20190121
eGambit Unsafe.AI_Score_73% 20190121
Endgame malicious (moderate confidence) 20181108
Qihoo-360 HEUR/QVM11.1.B20F.Malware.Gen 20190121
Rising Ransom.Foreign!8.292/N3#79% (RDM+:cmRtazpSPpsTqtasRnN0cuWzfwGf) 20190121
Symantec Packed.Generic.534 20190121
TheHacker Posible_Worm32 20190118
Trapmine malicious.high.ml.score 20190102
VBA32 BScope.Trojan.Chapak 20190121
Acronis 20190119
Ad-Aware 20190121
AegisLab 20190121
AhnLab-V3 20190121
Alibaba 20180921
ALYac 20190121
Antiy-AVL 20190121
Arcabit 20190121
Avast 20190121
Avast-Mobile 20190120
AVG 20190121
Avira (no cloud) 20190121
AVware 20180925
Babable 20180917
Baidu 20190120
BitDefender 20190121
Bkav 20190121
CAT-QuickHeal 20190120
ClamAV 20190121
CMC 20190121
Comodo 20190121
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190121
DrWeb 20190121
Emsisoft 20190121
ESET-NOD32 20190121
F-Prot 20190121
F-Secure 20190121
Fortinet 20190121
GData 20190121
Ikarus 20190121
Sophos ML 20181128
Jiangmin 20190121
K7AntiVirus 20190121
K7GW 20190121
Kaspersky 20190121
Kingsoft 20190121
Malwarebytes 20190121
MAX 20190121
McAfee 20190121
McAfee-GW-Edition 20190120
Microsoft 20190121
eScan 20190121
NANO-Antivirus 20190121
Palo Alto Networks (Known Signatures) 20190121
Panda 20190120
SentinelOne (Static ML) 20190118
Sophos AV 20190121
SUPERAntiSpyware 20190116
TACHYON 20190120
Tencent 20190121
TotalDefense 20190120
TrendMicro 20190121
TrendMicro-HouseCall 20190121
Trustlook 20190121
ViRobot 20190121
Webroot 20190121
Yandex 20190120
Zillya 20190118
ZoneAlarm by Check Point 20190121
Zoner 20190120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-27 06:46:45
Entry Point 0x000408D0
Number of sections 3
PE sections
PE imports
ReportEventA
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
GradientFill
Ord(179)
GetPropW
WinHttpOpen
Number of PE resources by type
RT_ICON 2
RT_STRING 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
DANISH DEFAULT 7
PE resources
ExifTool file metadata
UninitializedDataSize
167936

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
No relocs, Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
8192

EntryPoint
0x408d0

MIMEType
application/octet-stream

TimeStamp
2017:11:27 07:46:45+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
nogeke.exe

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
94208

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 66226898a64ac8157180452479dd366f
SHA1 21ce0de6107bf1b469485ad9124e31bff36b26b2
SHA256 5fb9ba95e1045eb79194c3be82ec90ee835152057a91bb77bca908d1c64b89f6
ssdeep
3072:KRrM87HtGUTuCcmwBDQWVa8ll98X7p2lG:387NGUTuCcmGVaClk7p28

authentihash 875cd1b0102fbb366678893a79e9da4f04979011f72f46efb383803e1c761e54
imphash bfcee32e0ef1092d8772355a8312be54
File size 98.5 KB ( 100864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (61.2%)
Win32 Dynamic Link Library (generic) (14.8%)
Win32 Executable (generic) (10.2%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2019-01-21 12:59:08 UTC ( 1 month, 4 weeks ago )
Last submission 2019-01-21 12:59:08 UTC ( 1 month, 4 weeks ago )
File names status.exe.1
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications