× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b08e5d92c7067eae8e222f2d13ba2a59fe36421eb2ece5054b5d97c593a38e2
File name: Consulta_Resultado05062017.exe
Detection ratio: 39 / 67
Analysis date: 2017-10-26 19:21:44 UTC ( 1 year, 6 months ago )
Antivirus Result Update
AegisLab Troj.Downloader.Script!c 20171026
AhnLab-V3 Trojan/Win32.Agent.C2126202 20171026
Arcabit JS:Trojan.Cryxos.868 20171026
Avast Win32:Malware-gen 20171026
AVG Win32:Malware-gen 20171026
Avira (no cloud) JS/Dldr.Agent.zminz 20171026
AVware Trojan.Win32.Generic!BT 20171026
BitDefender Trojan.Agent.CHRW 20171026
CAT-QuickHeal Trojan.IGENERIC 20171026
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20171016
Cybereason malicious.1b8fb7 20170628
Cylance Unsafe 20171026
Cyren W32/Trojan.YKFL-4376 20171026
Emsisoft Trojan.Agent.CHRW (B) 20171026
Endgame malicious (high confidence) 20171024
ESET-NOD32 NSIS/TrojanDropper.Agent.CL 20171026
F-Secure JS:Trojan.Cryxos.868 20171026
GData Trojan.Agent.CHRW 20171026
Ikarus Trojan.JS.Cryxos 20171026
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 0050f2381 ) 20171026
K7GW Trojan ( 0050f2381 ) 20171026
Kaspersky HEUR:Trojan-Downloader.Script.Generic 20171026
MAX malware (ai score=86) 20171026
McAfee RDN/Generic Downloader.x 20171026
McAfee-GW-Edition BehavesLike.Win32.ObfusRansom.qc 20171026
eScan Trojan.Agent.CHRW 20171026
NANO-Antivirus Trojan.Script.Heuristic-js.iacgm 20171026
Panda Trj/CI.A 20171026
Qihoo-360 Win32/Trojan.Downloader.251 20171026
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/Generic-S 20171026
Symantec Trojan.Gen.2 20171026
Tencent Win32.Trojan.Cryxos.Ajlb 20171026
TrendMicro TROJ_GEN.R01BC0OFA17 20171026
TrendMicro-HouseCall TROJ_GEN.R01BC0OFA17 20171026
VIPRE Trojan.Win32.Generic!BT 20171026
Webroot W32.Trojan.Cryxos 20171026
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20171026
Ad-Aware 20171026
Alibaba 20170911
ALYac 20171026
Antiy-AVL 20171026
Avast-Mobile 20171026
Baidu 20171026
Bkav 20171025
ClamAV 20171026
CMC 20171026
Comodo 20171026
DrWeb 20171026
eGambit 20171026
F-Prot 20171026
Fortinet 20171026
Jiangmin 20171026
Kingsoft 20171026
Malwarebytes 20171026
Microsoft 20171026
nProtect 20171026
Palo Alto Networks (Known Signatures) 20171026
Rising 20171026
SUPERAntiSpyware 20171026
Symantec Mobile Insight 20171026
TheHacker 20171024
Trustlook 20171026
VBA32 20171026
ViRobot 20171026
WhiteArmor 20171024
Yandex 20171025
Zillya 20171026
Zoner 20171026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
yLgymbHDK

Product M0jQ0rXyLmyfedL2zbr
File version 1.3.0.3
Description IXfy1coOa5HyQE6RSNBne
Packers identified
F-PROT NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-02 03:20:13
Entry Point 0x0000312A
Number of sections 5
PE sections
Overlays
MD5 64680f32d9b72ae65ca398762e99e9c4
File type data
Offset 35840
Size 21947
Entropy 7.99
PE imports
RegDeleteKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SelectObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetBkColor
DeleteObject
SetTextColor
GetLastError
ReadFile
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
GetModuleHandleA
GetTempPathA
CreateThread
GetFileAttributesA
SetFilePointer
lstrcmpA
FindFirstFileA
WriteFile
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
EndPaint
SystemParametersInfoA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
DrawTextA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
SendMessageA
CloseClipboard
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
SetWindowTextA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
DestroyWindow
FillRect
ShowWindow
CharNextA
CallWindowProcA
GetSystemMenu
EmptyClipboard
EnableWindow
SetForegroundWindow
OpenClipboard
ExitWindowsEx
SetCursor
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 3
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.3.0.3

UninitializedDataSize
1024

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
164864

EntryPoint
0x312a

MIMEType
application/octet-stream

LegalCopyright
yLgymbHDK

FileVersion
1.3.0.3

TimeStamp
2016:04:02 04:20:13+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.3.0.3

FileDescription
IXfy1coOa5HyQE6RSNBne

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
24576

ProductName
M0jQ0rXyLmyfedL2zbr

ProductVersionNumber
1.3.0.3

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 e383d317b3c7bbd65a7c303746b7f12d
SHA1 38b7611bb20985512f86dc2c38247593e58a1df6
SHA256 6b08e5d92c7067eae8e222f2d13ba2a59fe36421eb2ece5054b5d97c593a38e2
ssdeep
1536:CKJAES3bS2L6KbuVfmMk0DCwcTWR5uuOLIGw1lX7wQTM:pJ2S2L6KbqDCwcTWCuOLIZrwd

authentihash c654ec8197bedba7345aca88f4e6b09660ae9663ff0192b95b9bd18ad2f78585
imphash b76363e9cb88bf9390860da8e50999d2
File size 56.4 KB ( 57787 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2017-06-06 03:27:43 UTC ( 1 year, 10 months ago )
Last submission 2017-10-26 19:21:44 UTC ( 1 year, 6 months ago )
File names Consulta_Resultado05062017.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications