× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 621d7c1d19ccbaa8d56dbcb37e46f4437fa425ce92895acd87a6df9710f8b391
Detection ratio: 11 / 67
Analysis date: 2017-12-07 13:42:26 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20171207
AVG FileRepMalware 20171207
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9993 20171207
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20171016
Endgame malicious (high confidence) 20171130
Fortinet W32/Kryptik.FZPH!tr 20171207
Sophos ML heuristic 20170914
Palo Alto Networks (Known Signatures) generic.ml 20171207
Qihoo-360 HEUR/QVM10.1.AFBB.Malware.Gen 20171207
Rising Malware.Obscure/Heur!1.9E03 (CLASSIC) 20171207
Webroot W32.Trojan.Gen 20171207
Ad-Aware 20171207
AegisLab 20171207
AhnLab-V3 20171207
Alibaba 20171207
ALYac 20171207
Antiy-AVL 20171207
Arcabit 20171207
Avast-Mobile 20171207
Avira (no cloud) 20171207
AVware 20171207
BitDefender 20171207
Bkav 20171207
CAT-QuickHeal 20171206
ClamAV 20171207
CMC 20171207
Comodo 20171207
Cybereason 20171103
Cylance 20171207
Cyren 20171207
DrWeb 20171207
eGambit 20171207
Emsisoft 20171207
ESET-NOD32 20171207
F-Prot 20171207
F-Secure 20171207
GData 20171207
Ikarus 20171207
Jiangmin 20171207
K7AntiVirus 20171205
K7GW 20171207
Kaspersky 20171207
Kingsoft 20171207
Malwarebytes 20171207
MAX 20171207
McAfee 20171207
McAfee-GW-Edition 20171207
Microsoft 20171207
eScan 20171207
NANO-Antivirus 20171207
nProtect 20171207
Panda 20171206
SentinelOne (Static ML) 20171207
Sophos AV 20171207
SUPERAntiSpyware 20171207
Symantec 20171207
Symantec Mobile Insight 20171207
Tencent 20171207
TheHacker 20171205
TrendMicro 20171207
TrendMicro-HouseCall 20171207
Trustlook 20171207
VBA32 20171207
VIPRE 20171207
ViRobot 20171207
WhiteArmor 20171204
Yandex 20171207
Zillya 20171206
ZoneAlarm by Check Point 20171207
Zoner 20171207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017, jkfghfjghjkgf

Internal name asdofbuasdif.exe
File version 10.0.0.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-07 11:42:36
Entry Point 0x00009446
Number of sections 5
PE sections
PE imports
OpenEventLogA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
TerminateThread
lstrlenA
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
GetACP
GetCommandLineA
DeleteCriticalSection
SetProcessWorkingSetSize
GetStartupInfoW
GetFileType
GetConsoleMode
DecodePointer
GetCurrentProcessId
UnhandledExceptionFilter
WideCharToMultiByte
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
SetProcessAffinityMask
GetProcAddress
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcess
SetUnhandledExceptionFilter
WriteFile
GetAtomNameA
CloseHandle
IsProcessorFeaturePresent
GetProcessWorkingSetSize
GetThreadTimes
ExitThread
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
GetProcessAffinityMask
GetProcessShutdownParameters
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
CreateFileW
GlobalAlloc
TlsGetValue
Sleep
SetLastError
TlsSetValue
HeapAlloc
GetCurrentThreadId
WriteConsoleW
LeaveCriticalSection
GradientFill
ShellAboutA
SHGetDiskFreeSpaceExW
ShellExecuteW
Ord(179)
SetScrollRange
GetMenuInfo
PeekMessageA
GetMonitorInfoA
LoadImageW
GetCaretPos
GetDC
Number of PE resources by type
RT_ICON 8
RT_STRING 4
MUNUDAJUYI 1
RUDE 1
JEZEROYULOBAFUPOXIFOZO 1
RT_MANIFEST 1
FGQMHPGPBN 1
RT_ACCELERATOR 1
RT_BITMAP 1
YERUHEZIXUDI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 16
ENGLISH UK 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
10.0.0.1

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1357824

EntryPoint
0x9446

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017, jkfghfjghjkgf

FileVersion
10.0.0.1

TimeStamp
2017:12:07 12:42:36+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
asdofbuasdif.exe

ProductVersion
10.0.0.1

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
88064

FileSubtype
0

ProductVersionNumber
10.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 309c240336952e3a6afe08f91581aa76
SHA1 7cc257d1dc641c5fc312c7694a1a7be7ce31cb46
SHA256 621d7c1d19ccbaa8d56dbcb37e46f4437fa425ce92895acd87a6df9710f8b391
ssdeep
6144:xepNW1BdTOHRdWSDpUZ9bgrknnelkhiu+zjJ71lWpHZTUA6:xw4nsRd7pUZ9bgrEXMzj9QHxe

authentihash aeeea572c07b28d3d30373591d93ff5db4326eb96872c2415c4b9a3148eab7ee
imphash d264a400367a4b25a6d7b5be2c0972c4
File size 375.0 KB ( 384000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-07 12:30:55 UTC ( 1 year, 4 months ago )
Last submission 2018-07-23 06:50:31 UTC ( 9 months ago )
File names Nhfys52
Trickbot-sample-OlfXexkXp.exe
VirusShare_309c240336952e3a6afe08f91581aa76
2017-12-07-Trickbot-sample-OlfXexkXp.exe.rename.rename
Oigys63.exe
asdofbuasdif.exe
wef346645.exe
wef346645
309C240336952E3A6AFE08F91581AA76.exe
2017-12-07-Trickbot-sample-OlfXexkXp.exe.rename
vkOTWqaQvab.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Runtime DLLs
UDP communications