× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6966599b3a7786f81a960f012d540866ada63a1fef5be6d775946a47f6983cb7
File name: 1.exe
Detection ratio: 47 / 70
Analysis date: 2019-01-09 13:43:36 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40887380 20190109
AhnLab-V3 Malware/Gen.Generic.C2823060 20190108
Alibaba Trojan:Win32/Generic.258f3d23 20180921
ALYac Trojan.GenericKD.40887380 20190109
Antiy-AVL Trojan/Win32.Occamy 20190109
Arcabit Trojan.Generic.D26FE454 20190109
Avast Win32:Malware-gen 20190109
AVG Win32:Malware-gen 20190109
Avira (no cloud) TR/Gibon.zdeuf 20190109
BitDefender Trojan.GenericKD.40887380 20190109
CAT-QuickHeal Ransom.Gibon.S4241319 20190108
Comodo Malware@#uyunkjidem3a 20190109
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.abc689 20190109
Cylance Unsafe 20190109
Cyren W32/Trojan.XKKU-0087 20190109
DrWeb Trojan.MulDrop8.58033 20190109
Emsisoft Trojan.GenericKD.40887380 (B) 20190109
F-Secure Trojan.GenericKD.40887380 20190109
Fortinet W32/Generic!tr 20190109
GData Trojan.GenericKD.40887380 20190109
Jiangmin Trojan.Generic.cucim 20190109
K7AntiVirus Riskware ( 0040eff71 ) 20190109
K7GW Riskware ( 0040eff71 ) 20190109
Kaspersky HEUR:Trojan.Win32.Generic 20190109
Malwarebytes Trojan.Injector 20190109
MAX malware (ai score=100) 20190109
McAfee RDN/Generic.grp 20190109
McAfee-GW-Edition RDN/Generic.grp 20190109
Microsoft Trojan:Win32/Occamy.C 20190109
eScan Trojan.GenericKD.40887380 20190109
NANO-Antivirus Trojan.Win32.Ransom.fkdnkl 20190109
Palo Alto Networks (Known Signatures) generic.ml 20190109
Panda Trj/GdSda.A 20190109
Qihoo-360 Win32/Trojan.BO.00d 20190109
Rising Trojan.Generic!8.C3 (CLOUD) 20190109
Sophos AV Mal/Generic-S 20190109
Symantec Trojan.Gen.2 20190109
Tencent Win32.Trojan.Generic.Wvav 20190109
TrendMicro TROJ_GEN.R011C0PLM18 20190109
TrendMicro-HouseCall TROJ_GEN.R011C0PLM18 20190109
VBA32 BScope.Trojan.MulDrop 20190108
ViRobot Trojan.Win32.Z.Ransom.184832.A 20190109
Webroot W32.Trojan.Gen 20190109
Yandex Trojan.Agent!yGBPS1O1Op0 20181229
Zillya Trojan.Generic.Win32.313795 20190108
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190109
Acronis 20181227
AegisLab 20190109
Avast-Mobile 20190109
Babable 20180918
Baidu 20190109
Bkav 20190108
ClamAV 20190109
CMC 20190108
eGambit 20190109
Endgame 20181108
ESET-NOD32 20190109
F-Prot 20190109
Ikarus 20190109
Sophos ML 20181128
Kingsoft 20190109
SentinelOne (Static ML) 20181223
SUPERAntiSpyware 20190102
TACHYON 20190109
TheHacker 20190106
TotalDefense 20190109
Trapmine 20190103
Trustlook 20190109
Zoner 20190109
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-06 14:23:02
Entry Point 0x000023F7
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
SetSecurityDescriptorDacl
RegCloseKey
RegSetValueExW
RegOpenKeyExW
InitializeSecurityDescriptor
GetLastError
IsValidCodePage
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
lstrlenA
GetModuleFileNameW
FindFirstFileExW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
DeleteFileA
RtlUnwind
GetShortPathNameA
GetStdHandle
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
SetLastError
lstrcatA
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
GetConsoleCP
SetStdHandle
lstrcpyW
RaiseException
WideCharToMultiByte
TlsFree
FindNextFileW
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
FreeLibrary
TerminateProcess
CreateProcessA
GetModuleHandleExW
GetEnvironmentVariableA
lstrcpyA
CreateFileW
CreateProcessW
FindClose
TlsGetValue
GetFileType
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
WriteConsoleW
LeaveCriticalSection
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
PathRemoveFileSpecW
PathAppendW
PathFileExistsA
Number of PE resources by type
RT_ICON 18
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
RUSSIAN 24
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:11:06 15:23:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
54272

LinkerVersion
14.15

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x23f7

InitializedDataSize
132608

SubsystemVersion
6.0

ImageVersion
0.0

OSVersion
6.0

UninitializedDataSize
0

File identification
MD5 dcb9cb3abc689f8c0eb39af6429c1c2f
SHA1 888488cc2d88bf6221813583195e43d6b240f408
SHA256 6966599b3a7786f81a960f012d540866ada63a1fef5be6d775946a47f6983cb7
ssdeep
3072:S5mBBAQLszJ0dYqqnSDCYi/v2rtXxMTAIC91+Z:SIBBgtVSPxGA0Z

authentihash 18c52c0fc16fec854b18c62e392126e73d1f00240627ffb8c5f408820261344e
imphash 7f0c9f56cfb9c356d7677415eb8c9518
File size 180.5 KB ( 184832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-17 12:59:32 UTC ( 2 months ago )
Last submission 2019-01-26 19:27:29 UTC ( 3 weeks, 2 days ago )
File names 1.exe
1.exe
1.exe
1.exe
1.exe
1.exe
1.exe
1.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!