× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 61a694242f32acfc73d69107a683313ae8eb6be07bf2ba89303c6d5192fdbdaa
File name: a0275202.exe
Detection ratio: 29 / 69
Analysis date: 2019-02-12 12:56:13 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
AegisLab Trojan.Win32.Stealer.4!c 20190212
Avast Win64:Malware-gen 20190212
AVG Win64:Malware-gen 20190212
Avira (no cloud) TR/Spy.Stealer.royix 20190212
Cylance Unsafe 20190212
Cyren W64/Trojan.ESRJ-0087 20190212
DrWeb Trojan.PWS.Siggen2.9962 20190212
ESET-NOD32 Python/PSW.Stealer.AD 20190212
F-Secure Trojan.TR/Spy.Stealer.royix 20190212
Fortinet W32/Stealer.IQN!tr 20190212
GData Win64.Trojan.Agent.UQ1PNO 20190212
Ikarus Trojan.Spy.Stealer 20190212
Sophos ML heuristic 20181128
Jiangmin Trojan.Generic.cqozq 20190212
K7AntiVirus Riskware ( 0040eff71 ) 20190212
K7GW Riskware ( 0040eff71 ) 20190212
Kaspersky Trojan-Spy.Win32.Stealer.iqn 20190212
McAfee Artemis!8A8D0067DEFD 20190212
McAfee-GW-Edition Artemis 20190212
Microsoft Trojan:Win32/Zpevdo.B 20190212
Panda Trj/CI.A 20190211
Qihoo-360 Win32/Trojan.ae7 20190212
Sophos AV Mal/Generic-S 20190212
Symantec Trojan.Gen.2 20190212
TACHYON Trojan-Spy/W64.InfoStealer.27216825 20190212
Tencent Win32.Trojan-spy.Stealer.Eckr 20190212
TrendMicro-HouseCall TROJ_GEN.R011H0CBC19 20190212
VBA32 TrojanSpy.Stealer 20190212
ZoneAlarm by Check Point Trojan-Spy.Win32.Stealer.iqn 20190212
Acronis 20190208
Ad-Aware 20190212
AhnLab-V3 20190212
Alibaba 20180921
ALYac 20190212
Antiy-AVL 20190212
Arcabit 20190212
Avast-Mobile 20190212
Babable 20180918
Baidu 20190202
BitDefender 20190212
Bkav 20190201
CAT-QuickHeal 20190212
ClamAV 20190212
CMC 20190212
Comodo 20190212
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
eGambit 20190212
Emsisoft 20190212
Endgame 20181108
F-Prot 20190212
Kingsoft 20190212
Malwarebytes 20190212
MAX 20190213
eScan 20190212
NANO-Antivirus 20190212
Palo Alto Networks (Known Signatures) 20190212
Rising 20190212
SentinelOne (Static ML) 20190203
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190207
TheHacker 20190203
Trapmine 20190123
TrendMicro 20190213
Trustlook 20190212
ViRobot 20190212
Webroot 20190212
Yandex 20190212
Zillya 20190211
Zoner 20190212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
FileVersionInfo properties
PE header basic information
Target machine x64
Compilation timestamp 2018-09-04 14:40:31
Entry Point 0x00008CA8
Number of sections 7
PE sections
Overlays
MD5 ac3ae16bc414cde984fb464df317d67f
File type data
Offset 336896
Size 26879929
Entropy 8.00
PE imports
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
SetEndOfFile
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
FormatMessageW
FindClose
TlsGetValue
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
SetConsoleCtrlHandler
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetEnvironmentVariableW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
ReadConsoleW
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetExitCodeProcess
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
LoadLibraryA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
RtlLookupFunctionEntry
FindFirstFileExW
RtlUnwindEx
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetShortPathNameW
GetConsoleCP
GetEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
ReadFile
RtlCaptureContext
CloseHandle
SetDllDirectoryW
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
GetTempPathW
CreateProcessW
Sleep
GetOEMCP
MessageBoxA
MessageBoxW
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 2
Number of PE resources by language
NEUTRAL 9
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
AMD AMD64

FileTypeExtension
exe

TimeStamp
2018:09:04 16:40:31+02:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
134144

LinkerVersion
14.0

ImageFileCharacteristics
Executable, Large address aware

EntryPoint
0x8ca8

InitializedDataSize
201728

SubsystemVersion
5.2

ImageVersion
0.0

OSVersion
5.2

UninitializedDataSize
0

File identification
MD5 8a8d0067defd35ff45974f834ba331d0
SHA1 291b793853807e052331d87aa00c1bb8d6009173
SHA256 61a694242f32acfc73d69107a683313ae8eb6be07bf2ba89303c6d5192fdbdaa
ssdeep
786432:5ASWDpuHgvJuFdSVoIFBW1Q29XlqDgJ9E3/6TWwLe:xouaSeVFY1QQqDgji

authentihash bc5ca8316793b16c3c6fa52041da1827d85c4408e15e6b127ac12034a8ff74dd
imphash 94984869e1c4b93c0069850d9e3b564b
File size 26.0 MB ( 27216825 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
64bits peexe assembly overlay

VirusTotal metadata
First submission 2019-02-09 08:38:03 UTC ( 1 month, 1 week ago )
Last submission 2019-02-12 12:56:13 UTC ( 1 month, 1 week ago )
File names a0275202 (1).exe
a0275202.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!