× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 661133c3848e57c4541a54b094c1b7124986872c4ce475ceda02440b48c823c1
File name: 2223607.exe
Detection ratio: 41 / 61
Analysis date: 2017-05-14 23:43:21 UTC ( 1 year, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.236962 20170514
AegisLab Gen.Variant.Zusy!c 20170514
Antiy-AVL Trojan/Win32.Agent 20170514
Arcabit Trojan.Zusy.D39DA2 20170514
Avast Win32:Malware-gen 20170514
AVG Atros5.BHPA 20170514
Avira (no cloud) TR/Dropper.jlejk 20170514
AVware Trojan.Win32.Generic!BT 20170515
BitDefender Gen:Variant.Zusy.236962 20170514
CMC Trojan-Downloader.Win32.Gamarue.2!O 20170514
Comodo TrojWare.Win32.Kryptik.~FSFT 20170514
CrowdStrike Falcon (ML) malicious_confidence_68% (W) 20170130
Cyren W32/Trojan.SOXS-4132 20170515
DrWeb Trojan.Emotet.135 20170515
Emsisoft Gen:Variant.Zusy.236962 (B) 20170515
Endgame malicious (high confidence) 20170503
ESET-NOD32 a variant of Win32/Kryptik.FSFT 20170515
F-Secure Gen:Variant.Zusy.236962 20170515
Fortinet W32/Kryptik.FSEZ!tr 20170514
GData Gen:Variant.Zusy.236962 20170514
Ikarus PUA.LoadMoney 20170514
Sophos ML virus.win32.ramnit.j 20170413
Jiangmin Trojan.Agent.avrf 20170514
K7GW Trojan ( 0050d6ac1 ) 20170514
Kaspersky Trojan-Ransom.Win32.Snocry.ddj 20170514
Malwarebytes Trojan.Injector 20170514
McAfee GenericRXBN-WT!6E7A2707412E 20170515
McAfee-GW-Edition BehavesLike.Win32.Trojan.tc 20170514
Microsoft Trojan:Win32/Dynamer!ac 20170515
eScan Gen:Variant.Zusy.236962 20170515
NANO-Antivirus Trojan.Win32.Droma.eoqvjg 20170514
Palo Alto Networks (Known Signatures) generic.ml 20170515
Panda Trj/GdSda.A 20170514
Rising Malware.Generic.5!tfe (thunder:5:CoHtXyPpWqL) 20170514
Sophos AV Mal/Generic-S 20170514
Symantec Trojan.Gen.2 20170514
Tencent Win32.Trojan.Inject.Auto 20170515
TrendMicro-HouseCall Ransom_Snocry.R0FAC0DEE17 20170514
VIPRE Trojan.Win32.Generic!BT 20170515
Webroot W32.Trojan.Gen 20170515
ZoneAlarm by Check Point Trojan-Ransom.Win32.Snocry.ddj 20170514
AhnLab-V3 20170514
Alibaba 20170514
ALYac 20170514
Baidu 20170503
Bkav 20170513
CAT-QuickHeal 20170513
ClamAV 20170514
F-Prot 20170514
K7AntiVirus 20170514
Kingsoft 20170515
nProtect 20170514
Qihoo-360 20170515
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170514
Symantec Mobile Insight 20170514
TheHacker 20170514
TrendMicro 20170514
Trustlook 20170515
VBA32 20170512
ViRobot 20170514
WhiteArmor 20170512
Yandex 20170512
Zillya 20170511
Zoner 20170514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Fajibohuduwise hoca zici mocu pegosava hujufije wupe

Original name mecolicugike.exe
File version 8, 10, 2, 30
Comments Gebanafupusivo vicohibewixe zamosiloweveho vafixenugu yimucetoyu nejatutoheyogo
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-11 17:08:57
Entry Point 0x000012AB
Number of sections 4
PE sections
PE imports
GetClipBox
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetFileAttributesW
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
GetTickCount
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
HeapSize
SetStdHandle
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
GetModuleFileNameA
IsValidCodePage
HeapCreate
CreateFileW
TlsGetValue
Sleep
GetFileType
IsBadStringPtrA
TlsSetValue
IsBadCodePtr
EncodePointer
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
Number of PE resources by type
RT_ICON 2
RT_BITMAP 2
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Gebanafupusivo vicohibewixe zamosiloweveho vafixenugu yimucetoyu nejatutoheyogo

InitializedDataSize
1073664

ImageVersion
0.0

FileVersionNumber
8.10.2.30

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
10.0

EntryPoint
0x12ab

OriginalFileName
mecolicugike.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
8, 10, 2, 30

TimeStamp
2017:05:11 18:08:57+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
8, 10, 2, 30

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Fajibohuduwise hoca zici mocu pegosava hujufije wupe

MachineType
Intel 386 or later, and compatibles

CodeSize
24064

FileSubtype
0

ProductVersionNumber
8.10.2.30

FileTypeExtension
exe

ObjectFileType
Unknown

PCAP parents
File identification
MD5 6e7a2707412e733a5f75360d337be6cb
SHA1 8b969ec05a15f9a2a21b834a31acf8c9876375eb
SHA256 661133c3848e57c4541a54b094c1b7124986872c4ce475ceda02440b48c823c1
ssdeep
24576:b0cc3pyAPwJUVKLYYqjC2pRs+E1ODpG/65BG2kAhC3hNJ:b0xgAoJUVKLkn7dVC65BGVAhC3z

authentihash 119c6a16a6908927b70a375a35f2474dcd48dbe62e6e85f1778a24fd22fc1619
imphash f0c2bf6682a955c09da7440074b988dd
File size 1.0 MB ( 1098752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-12 21:33:25 UTC ( 1 year, 8 months ago )
Last submission 2017-05-15 16:30:02 UTC ( 1 year, 8 months ago )
File names de.exe
winword
de.exe
mecolicugike.exe
661133c3848e57c4541a54b094c1.exe
2223607.exe
winword.exe
winword.exe
661133c3848e57c4541a54b094c1.exe
93908484.exe
winword.exe
103900378.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications