× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 64f75b0af344f6ab5045f60608cd4c8d0c4e9b7fbe5f4f74aa998963d8cd207a
File name: 128711496427549.exe.exe
Detection ratio: 38 / 68
Analysis date: 2018-10-01 05:27:57 UTC ( 5 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40538995 20181001
AegisLab Application.Downloader.m2pZ 20181001
AhnLab-V3 Trojan/Win32.Kryptik.C2736415 20181001
ALYac Trojan.GenericKD.40538995 20181001
Arcabit Trojan.Generic.D26A9373 20181001
Avast Win32:Malware-gen 20181001
AVG Win32:Malware-gen 20181001
Avira (no cloud) TR/AD.Ursnif.gnjzm 20180930
BitDefender Trojan.GenericKD.40538995 20181001
Cybereason malicious.238ad2 20180225
Cylance Unsafe 20181001
Cyren W32/Trojan.UDSO-3032 20181001
Emsisoft Trojan.GenericKD.40538995 (B) 20181001
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/GenKryptik.CMNE 20181001
F-Secure Trojan.GenericKD.40538995 20181001
Fortinet W32/GenKryptik.CMNE!tr 20181001
GData Trojan.GenericKD.40538995 20181001
Ikarus Trojan.Win32.Krypt 20180930
Sophos ML heuristic 20180717
K7GW Trojan ( 0053d8ad1 ) 20180930
Kaspersky Trojan-Spy.Win32.Ursnif.aaau 20181001
Malwarebytes Trojan.Ursnif 20181001
McAfee RDN/Generic PWS.y 20181001
McAfee-GW-Edition BehavesLike.Win32.Ransom.fh 20181001
Microsoft Trojan:Win32/Fuerboos.C!cl 20181001
eScan Trojan.GenericKD.40538995 20181001
Palo Alto Networks (Known Signatures) generic.ml 20181001
Panda Trj/GdSda.A 20180930
Qihoo-360 Win32/Trojan.Spy.fd1 20181001
Rising Spyware.Ursnif!8.1DEF (CLOUD) 20181001
SentinelOne (Static ML) static engine - malicious 20180926
Sophos AV Mal/Generic-S 20181001
Symantec Trojan Horse 20180930
TrendMicro TROJ_GEN.R004C0OIU18 20181001
TrendMicro-HouseCall TROJ_GEN.R004C0OIU18 20181001
ViRobot Trojan.Win32.Z.Ursnif.400896 20180930
Webroot W32.Trojan.Emotet 20181001
Alibaba 20180921
Antiy-AVL 20181001
Avast-Mobile 20180928
AVware 20180925
Babable 20180918
Baidu 20180930
Bkav 20180928
CAT-QuickHeal 20180930
ClamAV 20181001
CMC 20181001
Comodo 20181001
CrowdStrike Falcon (ML) 20180723
DrWeb 20181001
eGambit 20181001
F-Prot 20181001
Jiangmin 20181001
K7AntiVirus 20181001
Kingsoft 20181001
MAX 20181001
NANO-Antivirus 20181001
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20181001
Tencent 20181001
TheHacker 20181001
Trustlook 20181001
VBA32 20180928
VIPRE 20181001
Yandex 20180927
Zillya 20180928
ZoneAlarm by Check Point 20180925
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Sizeprovide
Original name Sizeprovide.exe
Internal name Sizeprovide.exe
File version 0.3.10.43
Description Sizeprovide
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-28 13:48:42
Entry Point 0x0000330D
Number of sections 4
PE sections
PE imports
AreFileApisANSI
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
LoadLibraryW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
HeapSize
RtlUnwind
GetLocalTime
HeapCompact
GetCurrentProcess
GetWindowsDirectoryW
GetConsoleMode
DecodePointer
GetCurrentProcessId
UnhandledExceptionFilter
GetCommandLineW
WideCharToMultiByte
ExitProcess
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetProcAddress
GetProcessHeap
SetStdHandle
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
GetSystemTimeAsFileTime
DeleteCriticalSection
ReadFile
SetEndOfFile
SetUnhandledExceptionFilter
WriteFile
HeapValidate
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
SetLastError
CreateFileW
TlsGetValue
Sleep
GetFileType
ReadConsoleW
TlsSetValue
EncodePointer
GetCurrentThreadId
GetEnvironmentVariableW
WriteConsoleW
LeaveCriticalSection
NetGetAnyDCName
NetApiBufferFree
LoadStringW
setsockopt
WSAGetOverlappedResult
WSAConnect
WSACreateEvent
WSAStartup
socket
WSASocketW
WSACleanup
getservbyport
getprotobynumber
getservbyname
WTSLogoffSession
WTSOpenServerW
WTSCloseServer
WTSQueryUserToken
WTSEnumerateSessionsW
Number of PE resources by type
RT_ICON 9
RT_STRING 2
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 15
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.3.10.43

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Sizeprovide

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
297472

EntryPoint
0x330d

OriginalFileName
Sizeprovide.exe

MIMEType
application/octet-stream

FileVersion
0.3.10.43

TimeStamp
2014:09:28 06:48:42-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
Sizeprovide.exe

ProductVersion
0.3.10.43

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Terrasoft Control

CodeSize
135168

ProductName
Sizeprovide

ProductVersionNumber
0.3.10.43

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 21c1a29238ad2b623c614fc4498a7c5e
SHA1 a9f2b76aeb1e98c2deb1d232af90e9a177107cb2
SHA256 64f75b0af344f6ab5045f60608cd4c8d0c4e9b7fbe5f4f74aa998963d8cd207a
ssdeep
6144:2KFtHczh6zLU0pgD0S6ZrKxweCVLkG9UEH:7FtHmoXU0p9ZrKxweyh9UEH

authentihash 548b73fbde8d4ad587e70800897fa8a8e61047bed2c42e131a7d5a0e135edf66
imphash d5289aff783c613f5e34de7d85ffd51d
File size 391.5 KB ( 400896 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-28 18:23:15 UTC ( 5 months, 3 weeks ago )
Last submission 2018-10-02 19:20:17 UTC ( 5 months, 3 weeks ago )
File names yows2.xt2
kalax1.xt2
yows3.xt2
kalax2.xt2
yows1.xt2
yows6.xt2
yows7.xt2
payload_1.exe
yows5.xt2
Sizeprovide.exe
64f75b0af344f6ab5045f60608cd4c8d0c4e9b7fbe5f4f74aa998963d8cd207a_crypt_3070.exe
yows4.xt2
kalax3.xt2
128711496427549.exe.exe
output.114199802.txt
crypt_3070.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!