× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 650ace97280309634b4ce668897d7df46e4d0f7b2300e33e9c370572016f7a80
File name: azo321.exe
Detection ratio: 50 / 65
Analysis date: 2018-07-17 06:16:14 UTC ( 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30946955 20180717
AegisLab Possible.Hpgen.Gen!c 20180717
AhnLab-V3 Win-Trojan/Gandcrab02.Exp 20180716
ALYac Trojan.GenericKD.30946955 20180717
Antiy-AVL Trojan[Downloader]/Win32.Upatre 20180717
Arcabit Trojan.Generic.D1D8368B 20180717
Avast Win32:GenX [Ransom] 20180716
AVG Win32:GenX [Ransom] 20180716
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180717
BitDefender Trojan.GenericKD.30946955 20180717
CAT-QuickHeal Trojan.IGENERIC 20180716
Comodo TrojWare.Win32.TrojanDownloader.Upatre.GP 20180717
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cylance Unsafe 20180717
Cyren W32/Trojan.ATKX-0149 20180717
DrWeb Trojan.DownLoader26.49809 20180717
Emsisoft Trojan.GenericKD.30946955 (B) 20180717
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GHQC 20180717
F-Prot W32/S-317ebd7f!Eldorado 20180717
F-Secure Trojan.GenericKD.30946955 20180717
Fortinet W32/Kryptik.GHQC!tr 20180717
GData Trojan.GenericKD.30946955 20180717
Ikarus Trojan-Ransom.GandCrab 20180716
Sophos ML heuristic 20180601
K7AntiVirus Trojan ( 0053305e1 ) 20180717
K7GW Trojan ( 0053305e1 ) 20180717
Kaspersky Trojan-PSW.Win32.Coins.bpb 20180717
Malwarebytes Trojan.MalPack 20180717
MAX malware (ai score=94) 20180717
McAfee GenericRXFT-QA!0C0C8C85851F 20180717
McAfee-GW-Edition BehavesLike.Win32.Generic.dh 20180717
Microsoft Ransom:Win32/GandCrab.AK 20180717
eScan Trojan.GenericKD.30946955 20180717
NANO-Antivirus Trojan.Win32.GandCrypt.fdwzvz 20180717
Palo Alto Networks (Known Signatures) generic.ml 20180717
Panda Trj/Genetic.gen 20180716
Qihoo-360 Win32/Trojan.PSW.7bf 20180717
Rising Malware.Obscure/Heur!1.A89E (CLOUD) 20180717
Sophos AV Mal/GandCrab-B 20180717
SUPERAntiSpyware Backdoor.Andromeda/Variant 20180717
Symantec Packed.Generic.525 20180717
Tencent Win32.Trojan-qqpass.Qqrob.Eoq 20180717
TrendMicro Mal_HPGen-37b 20180717
TrendMicro-HouseCall Mal_HPGen-37b 20180717
VBA32 TrojanRansom.GandCrypt 20180716
ViRobot Trojan.Win32.U.Hermes.233472 20180717
Webroot W32.Trojan.Ransom.Gen 20180717
Yandex Trojan.GandCrypt! 20180716
ZoneAlarm by Check Point Trojan-PSW.Win32.Coins.bpb 20180717
Alibaba 20180713
Avast-Mobile 20180716
AVware 20180717
Babable 20180406
Bkav 20180716
ClamAV 20180717
CMC 20180716
Cybereason 20180225
eGambit 20180717
Jiangmin 20180717
Kingsoft 20180717
SentinelOne (Static ML) 20180701
TACHYON 20180717
TheHacker 20180716
Trustlook 20180717
VIPRE 20180717
Zoner 20180716
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-09 18:18:14
Entry Point 0x00005D45
Number of sections 5
PE sections
PE imports
ChangeServiceConfigA
SetTokenInformation
ColorCorrectPalette
StretchDIBits
StretchBlt
FillPath
EndPath
GetLastError
InitializeCriticalSection
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
VirtualProtect
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
GetCurrentDirectoryW
GetLocaleInfoA
LocalAlloc
GetModuleHandleW
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
GetFileInformationByHandle
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetUserDefaultLCID
AddAtomW
GetLocaleInfoW
ExitProcess
RaiseException
GetCPInfo
LoadLibraryW
TlsFree
FreeEnvironmentStringsW
HeapSetInformation
SetUnhandledExceptionFilter
WriteFile
TlsSetValue
DecodePointer
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
HeapAlloc
GetFileType
FindAtomW
IsValidCodePage
HeapCreate
FindAtomA
InterlockedDecrement
Sleep
TerminateProcess
GetEnvironmentStringsW
GetProcessVersion
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
GetCurrentProcessId
SetLastError
InterlockedIncrement
TransparentBlt
ExtractIconA
ShellAboutA
SendDlgItemMessageA
EndPaint
GetRawInputDeviceInfoA
BeginPaint
CreateIconFromResource
GetDialogBaseUnits
LoadIconW
GetMonitorInfoA
SwitchDesktop
GetMenuDefaultItem
GetNextDlgGroupItem
OpenClipboard
Number of PE resources by type
RT_ICON 2
RT_BITMAP 2
RT_GROUP_CURSOR 1
FOD 1
ZEPUREDUNEYIJO 1
FE 1
LASABAHO 1
RT_CURSOR 1
RT_GROUP_ICON 1
RT_VERSION 1
XEGECAVAPUBAXAXIHI 1
Number of PE resources by language
NEUTRAL 10
ENGLISH UK 2
ITALIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

FileFlagsMask
0x003f

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:06:09 19:18:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
83968

LinkerVersion
10.0

FileSubtype
0

ProductVersionNumber
1.0.0.1

UninitializedDataSize
0

FileTypeExtension
exe

InitializedDataSize
15399424

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileVersionNumber
1.0.0.1

EntryPoint
0x5d45

FileOS
Windows NT 32-bit

ObjectFileType
Executable application

File identification
MD5 0c0c8c85851f281300676072004aa52c
SHA1 da4d27c6755c00772f635d8130114f625769649b
SHA256 650ace97280309634b4ce668897d7df46e4d0f7b2300e33e9c370572016f7a80
ssdeep
3072:Zb9chCbs07hdRhduIZP/emDrBN5XhUl2bDwN21juzwg4qVx39NIC0ajJnmovgmh7:Z3s0Dw2emRzhUlTQuzwQxElcieHj

authentihash 7b10ddbe7b07acfb83f17749a8be437143235e9ba4370926510dd98b49bb41d4
imphash ad44a54a10eaad6150018d4610497426
File size 268.0 KB ( 274432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe nxdomain

VirusTotal metadata
First submission 2018-06-09 21:59:37 UTC ( 6 months, 1 week ago )
Last submission 2018-06-09 21:59:37 UTC ( 6 months, 1 week ago )
File names azo321.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created mutexes
Runtime DLLs
DNS requests
UDP communications