× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 65ae9178db901fd9583833ad671da607e2f1e56dcb4d833e21a6f667a04f4bb6
File name: Virus.exe
Detection ratio: 51 / 61
Analysis date: 2017-06-27 06:16:47 UTC ( 3 weeks, 2 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5345857 20170627
AegisLab Ml.Attribute.Gen!c 20170627
AhnLab-V3 Dropper/Win32.TrickBot.R202921 20170626
ALYac Trojan.GenericKD.5345857 20170627
Antiy-AVL Trojan[Dropper]/Win32.Agent 20170627
Arcabit Trojan.Generic.D519241 20170627
Avast Win32:Malware-gen 20170627
AVG Win32:Malware-gen 20170627
Avira (no cloud) TR/Crypt.Xpack.lepcl 20170627
AVware Trojan-Downloader.Win32.Upatre.tfl (v) 20170627
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20170627
BitDefender Trojan.GenericKD.5345857 20170627
CAT-QuickHeal TrojanDropper.Agent 20170627
Comodo UnclassifiedMalware 20170627
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170420
Cyren W32/Trojan.TTXN-4579 20170627
DrWeb Trojan.Siggen7.23701 20170627
Emsisoft Trojan.GenericKD.5345857 (B) 20170627
Endgame malicious (high confidence) 20170615
ESET-NOD32 a variant of Win32/GenKryptik.AKMV 20170627
F-Secure Trojan.GenericKD.5345857 20170627
Fortinet W32/GenKryptik.AKMV!tr 20170627
GData Trojan.GenericKD.5345857 20170627
Ikarus Trojan.Win32.Krypt 20170626
Sophos ML heuristic 20170607
Jiangmin TrojanDropper.Agent.chax 20170627
K7AntiVirus Trojan ( 0050fe8c1 ) 20170627
K7GW Trojan ( 0050fe8c1 ) 20170627
Kaspersky Trojan-Dropper.Win32.Agent.bjstzz 20170627
Malwarebytes Trojan.TrickBot 20170627
McAfee RDN/Generic Dropper 20170627
McAfee-GW-Edition BehavesLike.Win32.Dropper.gh 20170626
Microsoft Trojan:Win32/Skeeyah.A!rfn 20170627
eScan Trojan.GenericKD.5345857 20170627
NANO-Antivirus Trojan.Win32.Agent.epzsqd 20170627
nProtect Trojan-Dropper/W32.Agent.479232.AH 20170627
Palo Alto Networks (Known Signatures) generic.ml 20170627
Panda Trj/GdSda.A 20170626
Rising Trojan.GenKryptik!8.AA55 (cloud:fB1YmPNBm5J) 20170627
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Mal/Generic-S 20170627
Symantec Trojan.Gen.2 20170627
Tencent Win32.Trojan.Generic.Pkhh 20170627
TrendMicro TROJ_FRS.0NA004FE17 20170627
TrendMicro-HouseCall TROJ_FRS.0NA004FE17 20170627
VIPRE Trojan-Downloader.Win32.Upatre.tfl (v) 20170627
ViRobot Trojan.Win32.Agent.479232.T 20170627
Webroot W32.Trojan.Gen 20170627
Yandex Trojan.DR.Agent!LmmCSvzUv4M 20170626
Zillya Dropper.Agent.Win32.270234 20170623
ZoneAlarm by Check Point Trojan-Dropper.Win32.Agent.bjstzz 20170627
Alibaba 20170627
Bkav 20170624
ClamAV 20170627
CMC 20170627
F-Prot 20170627
Kingsoft 20170627
Qihoo-360 20170627
SUPERAntiSpyware 20170627
Symantec Mobile Insight 20170623
TheHacker 20170626
Trustlook 20170627
VBA32 20170623
WhiteArmor 20170616
Zoner 20170627
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-27 08:57:42
Entry Point 0x0001E4A0
Number of sections 4
PE sections
PE imports
InitCommonControlsEx
GetLastError
GetModuleHandleA
WideCharToMultiByte
UnmapViewOfFile
GetFileSize
lstrlenA
lstrcmpA
WriteFile
GetStartupInfoA
CloseHandle
CreateFileMappingA
CreateFileA
_except_handler3
_acmdln
__p__fmode
_adjust_fdiv
memset
__p__commode
_controlfp
__setusermatherr
exit
_XcptFilter
__getmainargs
_exit
_initterm
__set_app_type
SetFocus
GetMessageA
UpdateWindow
GetScrollRange
GetScrollInfo
BeginPaint
SetCaretPos
GetScrollPos
PostQuitMessage
DefWindowProcA
ShowWindow
LoadBitmapA
SetClipboardViewer
RemoveMenu
SendDlgItemMessageA
GetSystemMetrics
SetScrollRange
GetWindowRect
DispatchMessageA
EndPaint
SetCapture
MoveWindow
MessageBoxA
TranslateMessage
GetDC
RegisterClassExA
RemovePropA
LoadStringA
GetWindowPlacement
SendMessageA
GetClientRect
ScreenToClient
InvalidateRect
LoadAcceleratorsA
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
GetDesktopWindow
GetClassNameA
ScrollWindow
SetCursor
DestroyWindow
Number of PE resources by type
RT_BITMAP 3
RT_STRING 1
RT_MENU 1
RT_MANIFEST 1
Number of PE resources by language
FINNISH DEFAULT 5
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:12:27 09:57:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
135168

LinkerVersion
10.0

EntryPoint
0x1e4a0

InitializedDataSize
339968

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 becd4a73b6234c9a134ec837f67ef6ee
SHA1 c593bee6f1c2344644c80658bef207563dc59c40
SHA256 65ae9178db901fd9583833ad671da607e2f1e56dcb4d833e21a6f667a04f4bb6
ssdeep
6144:c+zsTdOsqqFwZgXcVtpw8Y0vm59UMHgeR460gWDUo6u1qqHm0WJ1k8L9SdB4:chT+4wMiw8Zu59727xAoPHAl4/

authentihash 6ed923e166b93283b03cfd57f84570b3b6e18fa3095715ffb070a68e841b6c8a
imphash ac3d29716645d1e0d57b279a154b5dc1
File size 468.0 KB ( 479232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2017-06-13 15:46:59 UTC ( 1 month, 1 week ago )
Last submission 2017-06-27 06:16:47 UTC ( 3 weeks, 2 days ago )
File names Virus.exe
vimwom.exe
cxVyuXG1.exe
aa
dyWzvYH2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications