× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 618af83175e0eb01a1e48af4955800f7053926ca11a15124a71628d713f2f99c
File name: 618af83175e0eb01a1e48af4955800f7053926ca11a15124a71628d713f2f99c
Detection ratio: 44 / 67
Analysis date: 2017-10-24 05:41:31 UTC ( 1 year, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Generic.22548711 20171024
AegisLab Troj.W32.Refinka!c 20171024
ALYac Gen:Variant.Razy.221334 20171024
Antiy-AVL Trojan/Win32.Refinka 20171024
Arcabit Trojan.Generic.D15810E7 20171024
Avast Win32:Malware-gen 20171024
AVG Win32:Malware-gen 20171024
Avira (no cloud) TR/Crypt.Xpack.ulkzc 20171023
AVware Trojan.Win32.Generic!BT 20171024
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9982 20171024
BitDefender Trojan.Generic.22548711 20171024
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171024
Cyren W32/Trojan.VUQS-1798 20171024
DrWeb Trojan.PWS.Panda.11620 20171024
eGambit malicious_confidence_100% 20171024
Emsisoft Trojan.Generic.22548711 (B) 20171024
Endgame malicious (high confidence) 20171016
ESET-NOD32 a variant of Win32/Kryptik.FYBH 20171024
F-Secure Trojan.Generic.22548711 20171024
Fortinet W32/Kryptik.FXWM!tr 20171024
GData Trojan.Generic.22548711 20171024
Ikarus Trojan.Win32.Crypt 20171023
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 00519fb31 ) 20171024
K7GW Trojan ( 00519fb31 ) 20171024
Kaspersky Trojan.Win32.Refinka.ghc 20171024
MAX malware (ai score=100) 20171024
McAfee Artemis!EC3F595558BC 20171024
McAfee-GW-Edition BehavesLike.Win32.FakeAlert.ch 20171024
Microsoft Trojan:Win32/Dynamer!rfn 20171024
eScan Trojan.Generic.22548711 20171024
Palo Alto Networks (Known Signatures) generic.ml 20171024
Panda Trj/CI.A 20171023
Qihoo-360 Win32/Trojan.24b 20171024
Rising Malware.Heuristic!ET#98% (RDM+:cmRtazpBuFi9Tz7eBRg9hbpChzMu) 20171024
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/Elenoocka-E 20171024
Symantec Packed.Generic.493 20171024
Tencent Win32.Trojan.Refinka.Akyx 20171024
TrendMicro Ransom_HPCERBER.SMONT4 20171024
TrendMicro-HouseCall Ransom_HPCERBER.SMONT4 20171024
VIPRE Trojan.Win32.Generic!BT 20171024
ZoneAlarm by Check Point Trojan.Win32.Refinka.ghc 20171024
AhnLab-V3 20171023
Avast-Mobile 20171024
Bkav 20171023
CAT-QuickHeal 20171020
ClamAV 20171024
CMC 20171023
Comodo 20171024
F-Prot 20171024
Jiangmin 20171024
Kingsoft 20171024
Malwarebytes 20171024
NANO-Antivirus 20171024
nProtect 20171024
SUPERAntiSpyware 20171024
Symantec Mobile Insight 20171011
TheHacker 20171024
TotalDefense 20171023
Trustlook 20171024
VBA32 20171023
ViRobot 20171024
Webroot 20171024
WhiteArmor 20171016
Yandex 20171023
Zillya 20171023
Zoner 20171024
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-19 03:22:40
Entry Point 0x0000460F
Number of sections 4
PE sections
PE imports
AuthzFreeResourceManager
AuthzAddSidsToContext
AuthzFreeAuditEvent
AuthzFreeContext
Ctl3dRegister
Ctl3dGetVer
Ctl3dCtlColor
GetNumberFormatA
CreateProcessA
CreateSemaphoreA
OpenJobObjectW
GetModuleHandleA
OpenEventW
GetEnvironmentStringsA
SleepEx
CreateJobObjectW
CreateDirectoryW
SetErrorMode
CloseHandle
OpenMutexW
ReadProcessMemory
CreateFileA
GetProcAddress
lstrcmpW
GetLocalTime
UpdateResourceA
SHGetFileInfoA
SHGetFolderPathW
StrChrW
SHEmptyRecycleBinW
DllGetClassObject
SHBrowseForFolderW
ShellAboutA
SHChangeNotify
ShellMessageBoxA
SHCreateShellItem
SHQueryRecycleBinA
SHAlloc
DragQueryFileA
FindExecutableA
SHGetMalloc
ShellExecuteA
SHFileOperationA
Number of PE resources by type
RT_RCDATA 10
Number of PE resources by language
NEUTRAL 10
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:10:19 04:22:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
24576

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x460f

InitializedDataSize
147456

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 ec3f595558bc7d17451853bbec2d42e5
SHA1 d21ad877667fe6e34ef19b834ad0fa57593a3131
SHA256 618af83175e0eb01a1e48af4955800f7053926ca11a15124a71628d713f2f99c
ssdeep
3072:toeovFoqvGsFDErn3YC7BFAfaWLiuiPwKnGYEQuGu/M9:+vvGsK3YC7P4UPwKnGYEQuR0

authentihash b8db01091043cceef657bc3408a10ba8cc44591f5d75a0e968e549a03b0ccb96
imphash f78f694ba30c48a52b36c66c70905dd6
File size 172.0 KB ( 176128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-23 20:55:25 UTC ( 1 year, 5 months ago )
Last submission 2017-10-24 05:41:31 UTC ( 1 year, 5 months ago )
File names ec3f595558bc7d17451853bbec2d42e5.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications