× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 644bff217e2e85fb94b032134d95f245bb334be854913dd4264a3bd02b4e53e1
File name: UPDE70BBC62.EXE
Detection ratio: 18 / 67
Analysis date: 2017-12-15 12:02:38 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20171215
Avast FileRepMalware 20171215
AVG FileRepMalware 20171215
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171215
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171215
eGambit Unsafe.AI_Score_99% 20171215
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/GenKryptik.BIXC 20171215
Fortinet W32/GenKryptik.BISI!tr 20171215
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171215
McAfee Artemis!C4A4D6040D7A 20171215
McAfee-GW-Edition BehavesLike.Win32.Sality.cc 20171215
Palo Alto Networks (Known Signatures) generic.ml 20171215
TrendMicro-HouseCall PAK_Generic.001 20171215
Webroot Trojan.Dropper.Gen 20171215
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171215
Ad-Aware 20171215
AhnLab-V3 20171215
Alibaba 20171215
ALYac 20171215
Antiy-AVL 20171215
Arcabit 20171215
Avast-Mobile 20171215
Avira (no cloud) 20171215
AVware 20171215
BitDefender 20171215
Bkav 20171215
CAT-QuickHeal 20171215
ClamAV 20171215
CMC 20171215
Comodo 20171215
Cybereason None
Cyren 20171215
DrWeb 20171215
Emsisoft 20171215
F-Prot 20171215
F-Secure 20171215
GData 20171215
Ikarus 20171215
Jiangmin 20171215
K7AntiVirus 20171215
K7GW 20171214
Kingsoft 20171215
Malwarebytes 20171215
MAX 20171215
Microsoft 20171215
eScan 20171215
NANO-Antivirus 20171215
nProtect 20171215
Panda 20171214
Qihoo-360 20171215
Rising 20171215
SentinelOne (Static ML) 20171207
Sophos AV 20171215
SUPERAntiSpyware 20171215
Symantec 20171215
Symantec Mobile Insight 20171215
Tencent 20171215
TheHacker 20171210
TotalDefense 20171215
TrendMicro 20171215
Trustlook 20171215
VBA32 20171214
VIPRE 20171215
ViRobot 20171215
WhiteArmor 20171204
Yandex 20171214
Zillya 20171214
Zoner 20171215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-09 02:47:42
Entry Point 0x00001C83
Number of sections 3
PE sections
PE imports
RegUnLoadKeyA
RegLoadKeyA
RegSaveKeyA
LogonUserW
CreateServiceA
ClearEventLogA
RegOpenKeyA
RegDeleteValueA
RegRestoreKeyW
RegEnumKeyA
RegReplaceKeyW
InitializeSid
CryptSignHashA
AzGroupDelete
AzGroupCreate
CertFindCTLInStore
CertFreeCTLContext
CertDeleteCTLFromStore
CertCloseStore
CryptMsgControl
CertFindExtension
CertControlStore
CryptEnumOIDInfo
CryptMsgClose
CryptMemFree
CryptFindOIDInfo
CertNameToStrA
CertFindAttribute
CertCreateContext
CryptMemAlloc
CertCreateCRLContext
CertSaveStore
CopyFileW
lstrcmpiA
GetCurrentDirectoryW
SetEnvironmentVariableW
LoadLibraryA
GetGeoInfoA
GetSystemDirectoryW
CreateFileW
CreateProcessA
FindFirstFileW
ResetEvent
ReadConsoleW
OpenJobObjectW
GetConsoleTitleA
GetCommandLineA
GetProcAddress
SleepEx
GetPrivateProfileStringW
GetExpandedNameA
Number of PE resources by type
RT_DIALOG 3
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:05:09 03:47:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
122880

LinkerVersion
18.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1c83

InitializedDataSize
12288

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 c4a4d6040d7ae334b1a80dd5963326b4
SHA1 5dd14b0958d4e54ebdc65221d7ccdec1bb26f0e8
SHA256 644bff217e2e85fb94b032134d95f245bb334be854913dd4264a3bd02b4e53e1
ssdeep
3072:RzAVc3RAFwKxPI+NQk4vIcKHtq896rcTxc/KabgF:RzA23K9xPJQF5KNqcLib

authentihash 9c270dd3344f44e1e5b1fb0546cea5d36b58239d3e5f48a2f1a3419c1c782cae
imphash 476d5b085991e458eaf12b596f96a633
File size 128.5 KB ( 131584 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-15 09:18:16 UTC ( 1 year, 2 months ago )
Last submission 2017-12-15 09:18:16 UTC ( 1 year, 2 months ago )
File names FILE_60
UPDE70BBC62.EXE
1024-5dd14b0958d4e54ebdc65221d7ccdec1bb26f0e8
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications