× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 677140c810bb86735d02304c8284de9ad68d1eb58e811f88630d27f4d521288d
File name: .
Detection ratio: 16 / 70
Analysis date: 2018-11-28 18:47:31 UTC ( 4 months, 3 weeks ago )
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Ursnif.C2863241 20181128
Avast FileRepMalware 20181128
AVG FileRepMalware 20181128
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.33b386 20180225
Cylance Unsafe 20181128
eGambit Unsafe.AI_Score_99% 20181128
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Dridex.CK 20181128
Ikarus Trojan.Win32.Dridex 20181128
Sophos ML heuristic 20181128
K7GW Hacktool ( 700007861 ) 20181128
Rising Spyware.Ursnif!8.1DEF (TFE:dGZlOgEEcqHp3Dw7mg) 20181128
Symantec ML.Attribute.HighConfidence 20181128
Trapmine malicious.high.ml.score 20181126
Webroot W32.Trojan.Gen 20181128
Ad-Aware 20181128
AegisLab 20181128
Alibaba 20180921
ALYac 20181128
Antiy-AVL 20181128
Arcabit 20181128
Avast-Mobile 20181128
Avira (no cloud) 20181128
Babable 20180918
Baidu 20181128
BitDefender 20181128
Bkav 20181128
CAT-QuickHeal 20181128
ClamAV 20181128
CMC 20181128
Comodo 20181128
Cyren 20181128
DrWeb 20181128
Emsisoft 20181128
F-Prot 20181128
F-Secure 20181128
Fortinet 20181128
GData 20181128
Jiangmin 20181128
K7AntiVirus 20181128
Kaspersky 20181128
Kingsoft 20181128
Malwarebytes 20181128
MAX 20181128
McAfee 20181128
McAfee-GW-Edition 20181128
Microsoft 20181128
eScan 20181128
NANO-Antivirus 20181128
Palo Alto Networks (Known Signatures) 20181128
Panda 20181128
Qihoo-360 20181128
SentinelOne (Static ML) 20181011
Sophos AV 20181128
SUPERAntiSpyware 20181128
Symantec Mobile Insight 20181121
TACHYON 20181128
Tencent 20181128
TheHacker 20181126
TotalDefense 20181128
TrendMicro 20181128
TrendMicro-HouseCall 20181128
Trustlook 20181128
VBA32 20181128
VIPRE 20181128
ViRobot 20181128
Yandex 20181128
Zillya 20181128
ZoneAlarm by Check Point 20181128
Zoner 20181128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-27 17:39:07
Entry Point 0x000040B0
Number of sections 6
PE sections
PE imports
IsTokenRestricted
CM_Disable_DevNode
GetFontLanguageInfo
GetTextCharacterExtra
GetCurrentPositionEx
InterlockedCompareExchange64
GetUserDefaultLangID
GetConsoleFontSize
IsValidCodePage
WaitForSingleObject
GetExitCodeThread
FreeConsole
VarCyNeg
I_RpcNsBindingSetEntryNameW
SetupDiBuildClassInfoListExW
GetCursorPos
DdeUninitialize
SetCapture
GetCursor
GetFocus
SetProcessWindowStation
DestroyCaret
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:11:27 18:39:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
114688

LinkerVersion
16.3

FileTypeExtension
exe

InitializedDataSize
94208

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x40b0

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 3ed318e49e68bd15f5544419f97ff0c5
SHA1 3b9558733b386b1fe26a5cae0be3f882a96996a2
SHA256 677140c810bb86735d02304c8284de9ad68d1eb58e811f88630d27f4d521288d
ssdeep
3072:WV1cFjodAor2i/53+wMN6uU+HBDfMZrW1+q:Wbc01r2ixMN6uU+hLMZrW

authentihash 9a6e6cafb402116802c551e3b1f4bc3861957985a126f8473257f3d667a0c311
imphash f2c5ad8b2ac09a33994fee2204ad8662
File size 208.0 KB ( 212992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (58.9%)
Win32 Dynamic Link Library (generic) (14.0%)
Win32 Executable (generic) (9.6%)
Win16/32 Executable Delphi generic (4.4%)
OS/2 Executable (generic) (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-28 18:47:31 UTC ( 4 months, 3 weeks ago )
Last submission 2018-11-28 18:47:31 UTC ( 4 months, 3 weeks ago )
File names .
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!