× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 64a4451cd02928f64713eda76180ed51914f03a349df777416cc1ea2dfbe1906
File name: 1.exe
Detection ratio: 29 / 68
Analysis date: 2018-12-14 14:46:01 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Mikey.91720 20181214
Avast Win32:Malware-gen 20181214
AVG Win32:Malware-gen 20181214
BitDefender Gen:Variant.Mikey.91720 20181214
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cylance Unsafe 20181214
DrWeb Trojan.Fbng.8 20181214
Emsisoft Gen:Variant.Mikey.91720 (B) 20181214
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNRT 20181214
F-Secure Gen:Variant.Mikey.91720 20181214
Fortinet W32/GenKryptik.CNMT!tr.ransom 20181214
GData Gen:Variant.Mikey.91720 20181214
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005437fe1 ) 20181214
K7GW Trojan ( 005437fe1 ) 20181214
MAX malware (ai score=85) 20181214
McAfee GenericRXGR-EA!61EB45E46273 20181214
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch 20181214
Microsoft Trojan:Win32/Fuerboos.C!cl 20181214
eScan Gen:Variant.Mikey.91720 20181214
Palo Alto Networks (Known Signatures) generic.ml 20181214
Panda Trj/GdSda.A 20181213
Qihoo-360 Win32/Trojan.e2c 20181214
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgW1OWQrMz0C4g) 20181214
Symantec ML.Attribute.HighConfidence 20181214
Trapmine malicious.high.ml.score 20181205
VBA32 TrojanSpy.Noon 20181214
VIPRE LooksLike.Win32.Crowti.b (v) 20181214
AegisLab 20181214
AhnLab-V3 20181213
Alibaba 20180921
ALYac 20181214
Antiy-AVL 20181214
Arcabit 20181214
Avast-Mobile 20181214
Avira (no cloud) 20181214
Babable 20180918
Baidu 20181207
Bkav 20181213
CAT-QuickHeal 20181214
ClamAV 20181214
CMC 20181213
Comodo 20181214
Cyren 20181214
eGambit 20181214
F-Prot 20181214
Ikarus 20181214
Jiangmin 20181214
Kaspersky 20181214
Kingsoft 20181214
Malwarebytes 20181214
NANO-Antivirus 20181214
SentinelOne (Static ML) 20181011
Sophos AV 20181214
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181212
TACHYON 20181214
Tencent 20181214
TheHacker 20181213
TrendMicro 20181214
TrendMicro-HouseCall 20181214
Trustlook 20181214
ViRobot 20181214
Webroot 20181214
Yandex 20181214
Zillya 20181213
ZoneAlarm by Check Point 20181214
Zoner 20181214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 11:21:44
Entry Point 0x00005BD6
Number of sections 5
PE sections
PE imports
CreatePolygonRgn
CreatePen
PtInRegion
DeleteObject
Ellipse
CreateSolidBrush
VirtualProtect
GetStartupInfoA
GetModuleHandleA
Ord(1775)
Ord(4080)
Ord(4710)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(4524)
Ord(554)
Ord(1842)
Ord(5237)
Ord(5577)
Ord(3350)
Ord(6375)
Ord(3626)
Ord(4589)
Ord(3798)
Ord(2621)
Ord(3259)
Ord(1665)
Ord(2446)
Ord(5214)
Ord(5301)
Ord(807)
Ord(4163)
Ord(3706)
Ord(4964)
Ord(6215)
Ord(6625)
Ord(5787)
Ord(4529)
Ord(4531)
Ord(815)
Ord(2723)
Ord(366)
Ord(641)
Ord(5788)
Ord(2494)
Ord(5277)
Ord(2514)
Ord(4953)
Ord(4425)
Ord(3454)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(4465)
Ord(4108)
Ord(5300)
Ord(1200)
Ord(6175)
Ord(338)
Ord(4627)
Ord(1168)
Ord(3738)
Ord(4853)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(825)
Ord(3081)
Ord(5307)
Ord(796)
Ord(4823)
Ord(2390)
Ord(2542)
Ord(4424)
Ord(4273)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(3059)
Ord(2554)
Ord(4376)
Ord(1945)
Ord(6376)
Ord(5282)
Ord(4614)
Ord(2117)
Ord(1727)
Ord(823)
Ord(3573)
Ord(5503)
Ord(2725)
Ord(4998)
Ord(5472)
Ord(4436)
Ord(4457)
Ord(3749)
Ord(2512)
Ord(4427)
Ord(4274)
Ord(5261)
Ord(4696)
Ord(4079)
Ord(4467)
Ord(3058)
Ord(3147)
Ord(2124)
Ord(4615)
Ord(1726)
Ord(4242)
Ord(4077)
Ord(6336)
Ord(4890)
Ord(3262)
Ord(5653)
Ord(674)
Ord(4317)
Ord(975)
Ord(1576)
Ord(5243)
Ord(4353)
Ord(813)
Ord(3748)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(4303)
Ord(3693)
Ord(2396)
Ord(4159)
Ord(3831)
Ord(520)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4612)
Ord(4486)
Ord(2635)
Ord(2976)
Ord(2535)
Ord(2558)
Ord(1089)
Ord(3198)
Ord(2985)
Ord(4297)
Ord(3922)
Ord(5240)
Ord(6080)
Ord(4151)
Ord(2649)
Ord(6052)
Ord(5252)
Ord(2626)
Ord(1776)
Ord(6000)
Ord(4623)
Ord(324)
Ord(5265)
Ord(4238)
Ord(2510)
Ord(3830)
Ord(5103)
Ord(2385)
Ord(4613)
Ord(4349)
Ord(2878)
Ord(3079)
Ord(4899)
Ord(652)
Ord(4387)
Ord(4723)
Ord(4420)
Ord(2055)
Ord(2627)
Ord(4837)
Ord(5241)
Ord(5100)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(3065)
Ord(5714)
Ord(5289)
Ord(4545)
Ord(3403)
Ord(4622)
Ord(561)
Ord(1746)
Ord(4543)
Ord(4133)
Ord(4610)
Ord(1100)
Ord(4961)
Ord(2879)
Ord(3825)
Ord(560)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5163)
Ord(6055)
Ord(296)
Ord(4858)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(1825)
Ord(5731)
_except_handler3
__p__fmode
_CxxThrowException
__CxxFrameHandler
_acmdln
_ftol
_adjust_fdiv
__setusermatherr
__dllonexit
_setmbcp
_exit
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_onexit
??1type_info@@UAE@XZ
__p__commode
__set_app_type
InflateRect
EnableWindow
GetSystemMetrics
EnumWindowStationsW
UpdateWindow
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:12:06 12:21:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
114688

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x5bd6

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 61eb45e462738c0e3984137f0a6da5ec
SHA1 82f6201b9f0a77b4298861a1da4cce08b99afb55
SHA256 64a4451cd02928f64713eda76180ed51914f03a349df777416cc1ea2dfbe1906
ssdeep
3072:zClEDPzAWJJgekoUZXZqXVCAiM3GM+Zs:z8EDPz5LgIUZXZwEAd332

authentihash 03b61790d64b28722fd8bb731cdf1dd2eb41e2e8c0de1496901ba4efe7447cc4
imphash 9d57a23d7e6c003502467a4d57fcf4fc
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-14 12:56:25 UTC ( 5 months, 1 week ago )
Last submission 2018-12-21 21:46:43 UTC ( 5 months ago )
File names oset.jpg
1.exe
61eb45e462738c0e3984137f0a6da5ec
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs