× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6300fa9fcef55f5064d158c07ef34a46edf721f32dfe9d8437ab82321613a39b
File name: e7.exe
Detection ratio: 45 / 71
Analysis date: 2019-02-06 11:48:45 UTC ( 2 months, 2 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190130
Ad-Aware Trojan.Agent.DFJK 20190206
ALYac Trojan.Agent.DFJK 20190206
Arcabit Trojan.Agent.DFJK 20190206
AVG FileRepMalware 20190206
Avira (no cloud) EXP/Agent.eukco 20190206
BitDefender Trojan.Agent.DFJK 20190206
CAT-QuickHeal Trojan.Zpevdo 20190205
ClamAV Win.Malware.Veil-6651533-0 20190205
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181023
Cybereason malicious.bdcf55 20190109
Cylance Unsafe 20190206
Cyren W32/Trojan.JSUO-0993 20190206
DrWeb Tool.Equation.31 20190206
eGambit Trojan.Generic 20190206
Emsisoft Trojan.Agent.DFJK (B) 20190206
ESET-NOD32 Win32/Exploit.Agent.OGR 20190206
F-Secure Exploit.EXP/Agent.eukco 20190206
Fortinet W32/MS17_010.M!exploit 20190206
GData Trojan.Agent.DFJK 20190206
Ikarus Trojan.Python.Psw 20190206
Sophos ML heuristic 20181128
K7AntiVirus Exploit ( 0053920f1 ) 20190206
K7GW Exploit ( 0053920f1 ) 20190206
Kaspersky Exploit.Win32.MS17-010.m 20190206
MAX malware (ai score=100) 20190206
McAfee Artemis!6FCAB2DBDCF5 20190206
McAfee-GW-Edition BehavesLike.Win32.Generic.tc 20190205
Microsoft Trojan:Win32/Occamy.C 20190206
eScan Trojan.Agent.DFJK 20190206
NANO-Antivirus Exploit.Win32.MS17010.fkzvev 20190206
Panda Trj/RnkBend.A 20190205
Qihoo-360 Trojan.Generic 20190206
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Troj/Agent-BAFJ 20190206
Symantec ML.Attribute.HighConfidence 20190206
Tencent Win32.Exploit.Ms17-010.Wtxy 20190206
TheHacker Trojan/Generik.IJNZZHZ 20190203
Trapmine malicious.high.ml.score 20190123
TrendMicro TROJ_GEN.R044C0RKS18 20190206
TrendMicro-HouseCall TROJ_GEN.R044C0RKS18 20190206
VBA32 Exploit.MS17-010 20190206
Webroot W32.Trojan.Gen 20190206
Yandex Trojan.DownLoader! 20190206
ZoneAlarm by Check Point Exploit.Win32.MS17-010.m 20190206
AegisLab 20190206
AhnLab-V3 20190206
Alibaba 20180921
Antiy-AVL 20190206
Avast 20190206
Avast-Mobile 20190206
Babable 20180918
Baidu 20190202
Bkav 20190201
CMC 20190206
Comodo 20190206
Endgame 20181108
F-Prot 20190206
Jiangmin 20190206
Kingsoft 20190206
Malwarebytes 20190206
Palo Alto Networks (Known Signatures) 20190206
Rising 20190206
SUPERAntiSpyware 20190130
TACHYON 20190206
TotalDefense 20190206
Trustlook 20190206
VIPRE 20190205
ViRobot 20190205
Zillya 20190206
Zoner 20190206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-11 15:09:08
Entry Point 0x0000769A
Number of sections 6
PE sections
Overlays
MD5 a508ae8625e72ce17713c749db59a26f
File type data
Offset 243712
Size 5221175
Entropy 8.00
PE imports
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
WaitForSingleObject
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
GetCPInfo
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
FindClose
TlsGetValue
FormatMessageA
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
PeekNamedPipe
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
RaiseException
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetEnvironmentVariableW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
ReadConsoleW
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
GetExitCodeProcess
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetShortPathNameW
GetConsoleCP
GetEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
SetEndOfFile
TlsFree
ReadFile
CloseHandle
SetDllDirectoryW
GetACP
GetModuleHandleW
GetFileAttributesExW
IsValidCodePage
WriteFile
CreateProcessW
Sleep
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:12:11 15:09:08+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
127488

LinkerVersion
14.0

ImageFileCharacteristics
Executable, Large address aware, 32-bit

EntryPoint
0x769a

InitializedDataSize
172032

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Execution parents
File identification
MD5 6fcab2dbdcf5529cf9958d4c50524159
SHA1 f4916595dbb22bef3d6ecd283f5000be6ef6b9da
SHA256 6300fa9fcef55f5064d158c07ef34a46edf721f32dfe9d8437ab82321613a39b
ssdeep
98304:5oMJKGjZjYfQfQEK9EmEZRBVeq9W7eMXlnzBB0YGYtQAjWVglqWztRsGk77CR9lJ:akF8H9EmEZ4eEr1zBB0P5AjNkWztRsxK

authentihash 22dc63d93944449a40d9fb40e9858229f32f94d96ad7f3ebeaf5f826a8840b3e
imphash fc40519af20116c903e3ff836e366e39
File size 5.2 MB ( 5464887 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID InstallShield setup (41.2%)
Win64 Executable (generic) (26.4%)
Microsoft Visual C++ compiled executable (generic) (15.8%)
Win32 Dynamic Link Library (generic) (6.3%)
Win32 Executable (generic) (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-08-18 03:35:10 UTC ( 8 months, 1 week ago )
Last submission 2019-02-20 08:09:36 UTC ( 2 months ago )
File names e7.exe
e7.exe
e7.exe
e7.exe
e7.exe
e7.exe
e7.exe
e7.exe
e7.exe
e7.exe
e7.exe
output.115200765.txt
e7.exe
e7.exe
B80B9B0970.tmp
e7.exe
output.114941358.txt
output.114443326.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Opened mutexes
Runtime DLLs