× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60b9b31afe8b30aa68b46e7614d2fee16529db54ce320bfb50a29b6ba7322a0e
File name: WX1qioY
Detection ratio: 20 / 65
Analysis date: 2018-07-17 03:25:43 UTC ( 8 months ago ) View latest
Antivirus Result Update
Ad-Aware AIT:Trojan.Nymeria.281 20180717
ALYac AIT:Trojan.Nymeria.281 20180717
Arcabit AIT:Trojan.Nymeria.281 20180717
Avira (no cloud) HEUR/AGEN.1028968 20180717
BitDefender AIT:Trojan.Nymeria.281 20180717
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180530
Cybereason malicious.70f2eb 20180225
Emsisoft AIT:Trojan.Nymeria.281 (B) 20180717
Endgame malicious (moderate confidence) 20180711
ESET-NOD32 a variant of Win32/Injector.Autoit.DCM 20180717
F-Secure AIT:Trojan.Nymeria.281 20180717
Fortinet AutoIt/Injector.DCM!tr 20180717
GData AIT:Trojan.Nymeria.281 (2x) 20180717
Sophos ML heuristic 20180601
MAX malware (ai score=86) 20180717
eScan AIT:Trojan.Nymeria.281 20180717
Qihoo-360 HEUR/QVM11.1.8E41.Malware.Gen 20180717
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/AutoIt-AI 20180717
Tencent Win32.Trojan.Inject.Auto 20180717
AegisLab 20180717
AhnLab-V3 20180716
Alibaba 20180713
Antiy-AVL 20180717
Avast 20180716
Avast-Mobile 20180716
AVG 20180716
AVware 20180717
Babable 20180406
Baidu 20180716
Bkav 20180716
CAT-QuickHeal 20180716
ClamAV 20180716
CMC 20180716
Comodo 20180716
Cylance 20180717
Cyren 20180717
DrWeb 20180717
eGambit 20180717
F-Prot 20180717
Ikarus 20180716
Jiangmin 20180717
K7AntiVirus 20180717
K7GW 20180716
Kaspersky 20180717
Kingsoft 20180717
Malwarebytes 20180717
McAfee 20180717
McAfee-GW-Edition 20180717
NANO-Antivirus 20180717
Palo Alto Networks (Known Signatures) 20180717
Panda 20180716
Rising 20180717
SUPERAntiSpyware 20180717
Symantec 20180716
TACHYON 20180717
TheHacker 20180716
TrendMicro 20180717
TrendMicro-HouseCall 20180717
Trustlook 20180717
VBA32 20180716
VIPRE 20180717
ViRobot 20180717
Webroot 20180717
Yandex 20180716
ZoneAlarm by Check Point 20180717
Zoner 20180716
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 3, 3, 8, 1
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-29 21:32:28
Entry Point 0x000D72E0
Number of sections 3
PE sections
Overlays
MD5 52ac2d2ad7e0887da520a4dcb9a36521
File type data
Offset 432128
Size 853005
Entropy 8.00
PE imports
ImageList_Remove
GetSaveFileNameW
LineTo
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
WNetGetConnectionW
VariantInit
EnumProcesses
DragFinish
LoadUserProfileW
VerQueryValueW
FtpOpenFileW
timeGetTime
CoInitialize
Number of PE resources by type
RT_ICON 17
RT_STRING 7
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 30
ENGLISH US 2
PE resources
ExifTool file metadata
UninitializedDataSize
606208

LinkerVersion
10.0

ImageVersion
0.0

FileVersionNumber
3.3.8.1

LanguageCode
English (British)

FileFlagsMask
0x0017

ImageFileCharacteristics
No relocs, Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
159744

EntryPoint
0xd72e0

MIMEType
application/octet-stream

FileVersion
3, 3, 8, 1

TimeStamp
2012:01:29 22:32:28+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

CompiledScript
AutoIt v3 Script: 3, 3, 8, 1

MachineType
Intel 386 or later, and compatibles

CodeSize
274432

FileSubtype
0

ProductVersionNumber
3.3.8.1

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 a4fdde4e1012475468e48593d208eeb4
SHA1 883416f70f2eb5590565c49650b853df49ada725
SHA256 60b9b31afe8b30aa68b46e7614d2fee16529db54ce320bfb50a29b6ba7322a0e
ssdeep
24576:rthEVaU9FD5QbVu5gBJUVk7qvhbLbYuemQ2pUnOMNG44dBx:/EV7F6b2gLUNtLb1DOn14dBx

authentihash 50ec18d9514cdaa0383d264b2c3742c93d6a390f1513caecac0a01a6db7dbee3
imphash 05fc725b9ed37e995841bfab7c978eef
File size 1.2 MB ( 1285133 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (61.2%)
Win32 Dynamic Link Library (generic) (14.8%)
Win32 Executable (generic) (10.2%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.5%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2018-07-17 03:22:01 UTC ( 8 months ago )
Last submission 2018-07-17 03:22:01 UTC ( 8 months ago )
File names WX1qioY
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.