× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 60e2b83d21c39f78d1612c2f5a06a943d8b6cc51c1f4a51312b85dff414f4e76
File name: b.exe
Detection ratio: 19 / 61
Analysis date: 2017-05-31 06:18:53 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
AVware VirTool.Win32.Obfuscator.da!j (v) 20170531
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170527
Bkav HW32.Packed.A266 20170530
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170420
Cyren W32/Ransom.EW.gen!Eldorado 20170531
Endgame malicious (high confidence) 20170515
F-Prot W32/Ransom.EW.gen!Eldorado 20170531
Fortinet W32/Kryptik.FSNS!tr 20170531
Sophos ML trojanspy.win32.ursnif.hp 20170519
Malwarebytes Ransom.Cerber 20170531
McAfee GenericR-JVF!E740966FC117 20170531
McAfee-GW-Edition BehavesLike.Win32.Virut.dc 20170531
Panda Trj/Genetic.gen 20170530
Qihoo-360 HEUR/QVM20.1.8139.Malware.Gen 20170531
Rising Malware.Generic.1!tfe (thunder:1:sx17vQoAwGI) 20170531
SentinelOne (Static ML) static engine - malicious 20170516
Symantec ML.Attribute.HighConfidence 20170531
Tencent Win32.Trojan.Raas.Auto 20170531
VIPRE VirTool.Win32.Obfuscator.da!j (v) 20170531
Ad-Aware 20170531
AegisLab 20170531
AhnLab-V3 20170531
Alibaba 20170531
ALYac 20170530
Antiy-AVL 20170531
Arcabit 20170531
Avast 20170531
AVG 20170530
Avira (no cloud) 20170530
BitDefender 20170531
CAT-QuickHeal 20170531
ClamAV 20170531
CMC 20170531
Comodo 20170531
DrWeb 20170531
Emsisoft 20170531
ESET-NOD32 20170531
F-Secure 20170531
GData 20170531
Ikarus 20170530
Jiangmin 20170531
K7AntiVirus 20170531
K7GW 20170531
Kaspersky 20170531
Kingsoft 20170531
Microsoft 20170531
eScan 20170531
NANO-Antivirus 20170531
nProtect 20170531
Palo Alto Networks (Known Signatures) 20170531
Sophos AV 20170531
SUPERAntiSpyware 20170531
Symantec Mobile Insight 20170531
TheHacker 20170528
TrendMicro 20170531
TrendMicro-HouseCall 20170525
Trustlook 20170531
VBA32 20170530
ViRobot 20170531
Webroot 20170531
WhiteArmor 20170524
Yandex 20170530
Zillya 20170530
ZoneAlarm by Check Point 20170531
Zoner 20170531
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2021-01-27 11:31:12
Entry Point 0x00001610
Number of sections 4
PE sections
PE imports
CloseClusterNode
CloseCluster
CopyFileW
CreateNamedPipeW
CreateMailslotW
GetOEMCP
GetTickCount
LoadLibraryA
WaitForSingleObjectEx
MoveFileExA
DeleteFileA
OpenFileMappingA
LoadLibraryExW
GetConsoleTitleA
GetProcAddress
GetPrivateProfileStringW
CreateFileMappingW
CreateMutexA
CreateSemaphoreA
GetGeoInfoA
lstrcpyA
GetTempFileNameA
FindFirstFileW
GetVersionExW
DecodePointer
GetBinaryTypeA
IsBadStringPtrW
FormatMessageW
GetStringTypeW
GetCommandLineW
SetLastError
PathCompactPathW
PathStripPathW
UrlHashW
PathCommonPrefixW
UrlCompareA
UrlGetLocationW
PathCombineA
UrlCombineW
UrlGetPartA
UrlCanonicalizeW
UrlEscapeA
PathIsRootW
FormatEx
Recover
Extend
Format
wsprintfA
LoadCursorA
LoadIconA
LoadStringA
DispatchMessageA
IsCharLowerA
GetPropW
LoadBitmapW
PostMessageA
InsertMenuW
GetMessageW
DrawStateW
CharToOemA
LoadMenuW
GetClassLongA
PeekMessageW
Number of PE resources by type
GASD 4
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2021:01:27 12:31:12+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
229376

LinkerVersion
13.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

Warning
Possibly corrupt Version resource

EntryPoint
0x1610

InitializedDataSize
7680

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 e740966fc117faf76b01600e81a046c0
SHA1 2877355c8ea399ea3d7649e6ab9cb9c8fea12784
SHA256 60e2b83d21c39f78d1612c2f5a06a943d8b6cc51c1f4a51312b85dff414f4e76
ssdeep
6144:KMY2jICh00z3085OnPiPrNnu2B++8jvMbq:1Y2Ead5i25uY++8

authentihash 3d19a37bab027d2274bc6bff604b1ff2f2a6554e813fb62d8e640fa433bb1708
imphash 258c41bebd6099e535ff42aebc4f9bf0
File size 232.5 KB ( 238080 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-31 06:18:53 UTC ( 1 year, 7 months ago )
Last submission 2018-05-03 06:30:41 UTC ( 8 months, 3 weeks ago )
File names b.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs