× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b07aee8c6c4dc96ec2e314acfa299c718aa89248ecb7b51bb6f769e36de0e4d
File name: 14281176.exe
Detection ratio: 16 / 68
Analysis date: 2017-12-14 04:17:35 UTC ( 6 months, 1 week ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Emotet.R215385 20171214
Avast FileRepMalware 20171214
AVG FileRepMalware 20171214
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171212
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cybereason malicious.ea4968 20171103
Cylance Unsafe 20171214
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.GAOW 20171214
Fortinet W32/Kryptik.FZTF!tr 20171214
Sophos ML heuristic 20170914
McAfee Emotet-FEU!94243EF60BF2 20171214
McAfee-GW-Edition BehavesLike.Win32.Pate.nc 20171214
Palo Alto Networks (Known Signatures) generic.ml 20171214
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/EncPk-ANR 20171214
Ad-Aware 20171214
AegisLab 20171214
Alibaba 20171214
ALYac 20171214
Antiy-AVL 20171214
Arcabit 20171214
Avast-Mobile 20171212
Avira (no cloud) 20171213
AVware 20171214
BitDefender 20171214
Bkav 20171213
CAT-QuickHeal 20171212
ClamAV 20171213
CMC 20171213
Comodo 20171214
Cyren 20171214
DrWeb 20171214
eGambit 20171214
Emsisoft 20171214
F-Prot 20171214
F-Secure 20171214
GData 20171214
Ikarus 20171213
Jiangmin 20171211
K7AntiVirus 20171213
K7GW 20171213
Kaspersky 20171214
Kingsoft 20171214
Malwarebytes 20171214
MAX 20171214
Microsoft 20171214
eScan 20171214
NANO-Antivirus 20171214
nProtect 20171214
Panda 20171213
Qihoo-360 20171214
Rising 20171214
SUPERAntiSpyware 20171214
Symantec 20171213
Symantec Mobile Insight 20171213
Tencent 20171214
TheHacker 20171210
TotalDefense 20171213
TrendMicro 20171214
TrendMicro-HouseCall 20171214
Trustlook 20171214
VBA32 20171213
VIPRE 20171214
ViRobot 20171214
Webroot 20171214
WhiteArmor 20171204
Yandex 20171212
Zillya 20171213
ZoneAlarm by Check Point 20171214
Zoner 20171214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation.

Product Microsoft®
Original name cryptba
Internal name kbd
File version 6.1.7
Description Base cryptograph
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1993-12-20 20:50:11
Entry Point 0x000015B0
Number of sections 5
PE sections
PE imports
CertFreeCertificateChain
GetFontData
GetWindowExtEx
GetGraphicsMode
FindAtomW
GetCurrentProcessId
ExitProcess
GetAtomNameW
GetCurrentThreadId
GetUserDefaultLCID
VarUI4FromStr
SetSuspendState
RasHangUpA
RpcServerUseProtseqIfW
RpcMgmtEpEltInqBegin
ShellAboutW
PathAddBackslashW
PathIsRelativeW
PathIsSystemFolderW
PathRemoveArgsW
ReleaseDC
GetForegroundWindow
RegisterRawInputDevices
GetDC
GetMessageA
midiOutPrepareHeader
_vswprintf_c_l
memcpy
wcscpy
Number of PE resources by type
RT_ICON 2
RT_BITMAP 2
RT_DIALOG 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
10.0.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
88576

EntryPoint
0x15b0

OriginalFileName
cryptba

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation.

FileVersion
6.1.7

TimeStamp
1993:12:20 21:50:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbd

ProductVersion
6.1.76

FileDescription
Base cryptograph

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Solecarra

CodeSize
0

ProductName
Microsoft

ProductVersionNumber
10.0.1.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 94243ef60bf2e9867ead194841627021
SHA1 63ab3deea4968e326482d32fdfd9e74f4cd2846e
SHA256 6b07aee8c6c4dc96ec2e314acfa299c718aa89248ecb7b51bb6f769e36de0e4d
ssdeep
1536:APi2icHNDyMJRPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPhdrG2h7yGDRa16Bo:Aa2f3NwF7vmHtWvhEPP/o

authentihash fb4cdc57c7b96d3aaa933eba1252ac314c17937e78d85dfc3c11ded104312269
imphash 03059e9c05d9b1ad45ee7158c38d7313
File size 97.5 KB ( 99840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-14 04:17:35 UTC ( 6 months, 1 week ago )
Last submission 2018-05-07 17:43:42 UTC ( 1 month, 2 weeks ago )
File names hostwlan.exe
1002-63ab3deea4968e326482d32fdfd9e74f4cd2846e
14281176.exe
cryptba
kbd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!