× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6467c9547b788f24ee3a2f2034f0f773b4fbc0e1a5977b50aed5369f3d70c8ab
Detection ratio: 17 / 66
Analysis date: 2018-02-08 15:07:55 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20180208
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180208
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170201
Cylance Unsafe 20180208
eGambit Unsafe.AI_Score_91% 20180208
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.GCWU 20180208
Fortinet W32/Kryptik.GASG!tr.ransom 20180208
Sophos ML heuristic 20180121
Kaspersky UDS:DangerousObject.Multi.Generic 20180208
MAX malware (ai score=94) 20180208
McAfee Artemis!40C5113E35DD 20180208
McAfee-GW-Edition BehavesLike.Win32.Trojan.gc 20180208
Rising Malware.Obscure/Heur!1.9E03 (CLASSIC) 20180208
SentinelOne (Static ML) static engine - malicious 20180115
Webroot W32.Trojan.Gen 20180208
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180208
Ad-Aware 20180208
AhnLab-V3 20180208
Alibaba 20180208
ALYac 20180208
Antiy-AVL 20180208
Arcabit 20180208
Avast 20180208
Avast-Mobile 20180208
AVG 20180208
Avira (no cloud) 20180208
AVware 20180208
BitDefender 20180208
Bkav 20180208
CAT-QuickHeal 20180208
ClamAV 20180208
CMC 20180208
Comodo 20180208
Cybereason 20180205
Cyren 20180208
DrWeb 20180208
Emsisoft 20180208
F-Prot 20180208
F-Secure 20180208
GData 20180208
Ikarus 20180208
Jiangmin 20180208
K7AntiVirus 20180208
K7GW 20180208
Kingsoft 20180208
Malwarebytes 20180208
Microsoft 20180207
eScan 20180208
NANO-Antivirus 20180208
nProtect 20180208
Palo Alto Networks (Known Signatures) 20180208
Panda 20180208
Qihoo-360 20180208
Sophos AV 20180208
SUPERAntiSpyware 20180208
Symantec 20180208
Symantec Mobile Insight 20180207
Tencent 20180208
TheHacker 20180206
TrendMicro 20180208
TrendMicro-HouseCall 20180208
Trustlook 20180208
VBA32 20180208
VIPRE 20180208
ViRobot 20180208
WhiteArmor 20180205
Yandex 20180207
Zoner 20180208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017, masesrziro

Internal name sgahfghjfghj.exe
File version 1.0.0.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-02-08 08:52:49
Entry Point 0x0000665F
Number of sections 6
PE sections
PE imports
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
OpenEventLogA
GetSecurityDescriptorLength
LookupPrivilegeNameW
GetStdHandle
GetDriveTypeW
EncodePointer
GetHandleInformation
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
FindClose
TlsGetValue
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
SetProcessWorkingSetSize
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
GetMailslotInfo
EnterCriticalSection
LoadLibraryW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
FreeLibrary
GetStartupInfoW
GetUserDefaultLCID
AddAtomW
GetProcessHeap
lstrcpyW
FindNextFileW
ResetEvent
IsValidLocale
FindFirstFileExW
GetProcAddress
EscapeCommFunction
ReadConsoleW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
WaitForSingleObjectEx
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
WriteFile
SetComputerNameExW
Ord(180)
ShellExecuteW
ShellAboutA
GetScrollRange
ShowScrollBar
EnableScrollBar
Number of PE resources by type
RT_ICON 2
CIANUBQCN 1
RT_MANIFEST 1
RT_STRING 1
SIZAKAVANEBUJA 1
RT_ACCELERATOR 1
YIGEZOMUZUXE 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
CZECH NEUTRAL 5
CZECH SYS DEFAULT 3
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
383488

EntryPoint
0x665f

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2017, masesrziro

FileVersion
1.0.0.1

TimeStamp
2018:02:08 09:52:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
sgahfghjfghj.exe

ProductVersion
1.0.0.1

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
126464

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 40c5113e35dd653ca1fc1524d51da408
SHA1 c43028b0a2287d7e64199500d48ce7c5f864dc54
SHA256 6467c9547b788f24ee3a2f2034f0f773b4fbc0e1a5977b50aed5369f3d70c8ab
ssdeep
6144:PYM7yqq6ad6CroAAOtTRw5en2OKd28Xk22LOJmSF56GOlCQNyiqavN+zhJGr28nh:PYM7EHroAPuc2ndZX9LFMGvi0u/Ui

authentihash 06bdf8f1dade935d8f34e01038d17dbce2b5734b77c6bf15215c2772a9445bdb
imphash 7d36748e13522804ce77aef457d73aeb
File size 460.5 KB ( 471552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-02-08 13:02:09 UTC ( 1 year, 2 months ago )
Last submission 2018-05-14 23:54:25 UTC ( 11 months, 1 week ago )
File names 6467C9547B788F24EE3A2F2034F0F773B4FBC0E1A5977B50AED5369F3D70C8AB
ccvhosting.exe
40c5113e35dd653ca1fc1524d51da408.bin
6467c9547b788f24ee3a2f2034f0f773b4fbc0e1a5977b50aed5369f3d70c8ab
sgahfghjfghj.exe
agentx.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs