× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6a53b4bd6352a5e635521ea6577d839076cc5f5365e571c86012d4a777828cc1
File name: konush8.yarn
Detection ratio: 25 / 66
Analysis date: 2018-04-26 07:31:40 UTC ( 9 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30653341 20180426
Arcabit Trojan.Generic.D1D3BBDA 20180426
Avast FileRepMetagen [Malware] 20180426
AVG FileRepMetagen [Malware] 20180426
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9859 20180426
BitDefender Trojan.GenericKD.30653341 20180426
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20180418
Cylance Unsafe 20180426
DrWeb Trojan.Siggen7.49533 20180426
Emsisoft Trojan.GenericKD.30653341 (B) 20180426
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/GenKryptik.BYDU 20180426
F-Secure Trojan.GenericKD.30653402 20180426
GData Win32.Trojan-Spy.Ursnif.B4IW3D 20180426
Sophos ML heuristic 20180121
Kaspersky Trojan-Spy.Win32.Ursnif.yqc 20180426
McAfee Artemis!DE9A48D0A652 20180426
McAfee-GW-Edition Artemis 20180425
eScan Trojan.GenericKD.30653341 20180426
Palo Alto Networks (Known Signatures) generic.ml 20180426
SentinelOne (Static ML) static engine - malicious 20180225
Symantec Trojan.Gen.9 20180426
VBA32 BScope.Malware-Cryptor.Winlock.6113 20180425
Webroot W32.Trojan.Emotet 20180426
ZoneAlarm by Check Point Trojan-Spy.Win32.Ursnif.yqc 20180426
AegisLab 20180426
AhnLab-V3 20180425
Alibaba 20180426
ALYac 20180426
Antiy-AVL 20180418
Avast-Mobile 20180425
Avira (no cloud) 20180425
AVware 20180426
Babable 20180406
CAT-QuickHeal 20180425
ClamAV 20180426
CMC 20180425
Comodo 20180425
Cybereason 20180225
Cyren 20180426
eGambit 20180426
F-Prot 20180426
Fortinet 20180426
Ikarus 20180425
Jiangmin 20180426
K7AntiVirus 20180426
K7GW 20180426
Kingsoft 20180426
Malwarebytes 20180426
MAX 20180426
Microsoft 20180426
NANO-Antivirus 20180426
nProtect 20180426
Panda 20180425
Qihoo-360 20180426
Rising 20180426
Sophos AV 20180426
SUPERAntiSpyware 20180426
Symantec Mobile Insight 20180424
Tencent 20180426
TheHacker 20180426
TrendMicro 20180426
TrendMicro-HouseCall 20180426
Trustlook 20180426
VIPRE 20180426
ViRobot 20180426
Yandex 20180425
Zillya 20180425
Zoner 20180425
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Of Born
Original name Of Born.exe
File version 1, 7, 9205, 8752
Description Of Born
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-25 13:03:41
Entry Point 0x0000A2AD
Number of sections 5
PE sections
PE imports
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_Remove
ImageList_Destroy
ImageList_SetIconSize
HeapSize
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetLocaleInfoW
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetCommandLineW
RtlUnwind
DeleteCriticalSection
LeaveCriticalSection
EnumSystemLocalesA
GetWindowsDirectoryW
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetModuleHandleW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
InterlockedCompareExchange
GetFileType
SetStdHandle
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
HeapSetInformation
ReadFile
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
DecodePointer
WaitForSingleObject
IsProcessorFeaturePresent
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
TerminateProcess
IsValidCodePage
HeapCreate
CreateFileW
InterlockedDecrement
Sleep
SetLastError
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
ExitProcess
WriteConsoleW
CloseHandle
WNetGetUniversalNameW
WNetGetUserW
IsDialogMessageW
SetWindowTextW
LoadBitmapW
GetIconInfo
WTSOpenServerW
WTSLogoffSession
WTSQueryUserToken
WTSCloseServer
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
Number of PE resources by type
RT_ICON 8
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
CodeSize
292864

SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.7.9205.8752

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Of Born

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
1051648

EntryPoint
0xa2ad

OriginalFileName
Of Born.exe

MIMEType
application/octet-stream

FileVersion
1, 7, 9205, 8752

TimeStamp
2012:04:25 14:03:41+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 7, 9205, 8752

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Weatherspace Change

LegalTrademarks
Of Born

ProductName
Of Born

ProductVersionNumber
1.7.9205.8752

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 de9a48d0a6527088c36411ee79e79731
SHA1 0a6a4245590fee286e285e784f7d462a9bc0369a
SHA256 6a53b4bd6352a5e635521ea6577d839076cc5f5365e571c86012d4a777828cc1
ssdeep
24576:ld8lT73GOckUCGYuIjKemkr+DdwGkp77pr5Am78O4vwhycF4MUPT+98q+:38RzakUCG0jcDPkp7VrGm78nrcF4hT+5

authentihash 5a9729d19644bc1ee8de90e59eb82a51e44499eafc89242d6ec35f69a1619506
imphash c9289e348d10d4eabd7db2d9e2e6d515
File size 1.2 MB ( 1276928 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-25 17:27:53 UTC ( 9 months, 3 weeks ago )
Last submission 2018-08-07 06:54:26 UTC ( 6 months, 2 weeks ago )
File names ite.yarn
konush4.yarn
itb.yarn
itd.yarn
crypt_0003_1045a.exe
itf.yarn
it.yarn
ita.yarn
konush9.yarn
konush8.yarn
Of Born.exe
konush1.yarn
irlashka2.yarn
itc.yarn
konush3.yarn
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Code injections in the following processes
Runtime DLLs