× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6ef6dd38e0b763ff9877bd657ddbefc76ae72de7d49b0a5b82690c039036e1ee
File name: 4s64tsmt.exe
Detection ratio: 27 / 61
Analysis date: 2017-05-14 12:39:04 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5063687 20170514
AegisLab Uds.Dangerousobject.Multi!c 20170514
AhnLab-V3 Win-Trojan/Sagecrypt.Gen 20170514
Antiy-AVL Trojan[Downloader]/Win32.Upatre 20170514
Arcabit Trojan.Generic.D4D4407 20170514
Avast Win32:Malware-gen 20170514
Avira (no cloud) TR/Crypt.Xpack.bwbki 20170514
BitDefender Trojan.GenericKD.5063687 20170514
CrowdStrike Falcon (ML) malicious_confidence_65% (W) 20170130
Emsisoft Trojan.GenericKD.5063687 (B) 20170514
Endgame malicious (high confidence) 20170503
F-Secure Trojan.GenericKD.5063687 20170514
Fortinet W32/Upatre.FYMO!tr.dldr 20170514
GData Win32.Trojan.Agent.DYZCOI 20170514
Ikarus Trojan.Crypt.XPACK 20170514
Sophos ML trojanspy.win32.skeeyah.a!rfn 20170413
K7GW Riskware ( 0040eff71 ) 20170514
Kaspersky Trojan-Downloader.Win32.Upatre.fymo 20170514
Malwarebytes Trojan.Chthonic 20170514
McAfee Artemis!98E4056BF895 20170514
McAfee-GW-Edition BehavesLike.Win32.FakeAlertSecurityTool.fc 20170514
eScan Trojan.GenericKD.5063687 20170514
Palo Alto Networks (Known Signatures) generic.ml 20170514
Sophos AV Mal/Generic-S 20170514
Symantec Trojan.Gen.2 20170513
TrendMicro-HouseCall Suspicious_GEN.F47V0513 20170514
ZoneAlarm by Check Point Trojan-Downloader.Win32.Upatre.fymo 20170514
Alibaba 20170514
ALYac 20170514
AVG 20170513
AVware 20170514
Baidu 20170503
Bkav 20170513
CAT-QuickHeal 20170513
ClamAV 20170514
CMC 20170513
Comodo 20170514
Cyren 20170514
DrWeb 20170514
ESET-NOD32 20170514
F-Prot 20170514
Jiangmin 20170514
K7AntiVirus 20170514
Kingsoft 20170514
Microsoft 20170514
NANO-Antivirus 20170514
nProtect 20170514
Panda 20170514
Qihoo-360 20170514
Rising 20170514
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170514
Symantec Mobile Insight 20170512
Tencent 20170514
TheHacker 20170514
TrendMicro 20170514
VBA32 20170512
VIPRE 20170514
ViRobot 20170513
Webroot 20170514
WhiteArmor 20170512
Yandex 20170512
Zillya 20170511
Zoner 20170514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-12 15:34:24
Entry Point 0x00012846
Number of sections 4
PE sections
PE imports
CryptAcquireContextW
CryptSetProvParam
CryptGetKeyParam
OpenProcessToken
CryptGetUserKey
Ord(17)
ImageList_DragShowNolock
CertOpenStore
CryptMsgEncodeAndSignCTL
CertCreateCertificateContext
CryptMsgCountersignEncoded
SetDIBits
GetNearestPaletteIndex
SetMapMode
CreatePen
GetTextMetricsA
CombineRgn
SetStretchBltMode
GetGlyphOutlineA
Polygon
GetObjectA
DeleteDC
SetBkMode
GetRegionData
BitBlt
CreateDIBSection
SetDIBitsToDevice
CreatePatternBrush
ExtTextOutW
GetOutlineTextMetricsA
CreateBitmap
MoveToEx
CreatePalette
GetStockObject
CreateDIBitmap
SetBkColor
ExtTextOutA
GetDIBits
GdiFlush
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
SetPolyFillMode
CreateSolidBrush
GetFontData
DeleteObject
CreateCompatibleBitmap
gluPerspective
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
GetLogicalDrives
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
LoadLibraryW
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
LoadResource
TlsGetValue
SetLastError
ReadConsoleInputA
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
lstrcpyA
GlobalLock
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
HeapCreate
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
SetConsoleMode
VirtualFree
Sleep
FindResourceA
VirtualAlloc
NetShareGetInfo
VariantInit
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
UnRegisterTypeLib
glMatrixMode
glColor3f
wglMakeCurrent
wglCreateContext
glClear
wglGetCurrentDC
glLineWidth
glBegin
glLoadIdentity
glClearColor
DragFinish
DragQueryFileA
StrStrIA
SetFocus
EmptyClipboard
RegisterClassA
GetParent
ReleaseDC
GetScrollRange
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
GetPropA
LoadBitmapA
SendDlgItemMessageA
GetSystemMetrics
MessageBoxW
DispatchMessageA
EndPaint
LookupIconIdFromDirectory
UpdateWindow
EnumChildWindows
SetPropA
MessageBoxA
SetWindowLongA
LookupIconIdFromDirectoryEx
GetWindow
GetDC
SystemParametersInfoA
RemovePropA
DefFrameProcA
GetWindowLongA
SetClipboardData
TranslateMessage
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
SetCursor
IsWindow
EnableMenuItem
InvertRect
WindowFromDC
wsprintfA
IsClipboardFormatAvailable
SetTimer
LoadCursorA
LoadIconA
GetMessageA
GetTopWindow
ShowCursor
GetSubMenu
CreateIconFromResourceEx
CallWindowProcA
CloseClipboard
OpenClipboard
ExitWindowsEx
DestroyWindow
RsopFileAccessCheck
RsopResetPolicySettingStatus
SetWindowTheme
WinHttpSetTimeouts
timeGetTime
SCardListCardsW
SCardConnectA
GetOpenFileNameA
GetSaveFileNameW
OleUninitialize
CoInitialize
OleInitialize
CoLockObjectExternal
ReleaseStgMedium
RegisterDragDrop
OleFlushClipboard
StgOpenStorage
CreateBindCtx
StgCreateDocfile
RevokeDragDrop
OleGetClipboard
OleSetClipboard
Number of PE resources by type
HTML2 8
RCDATA 3
MAD 2
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 14
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:05:12 16:34:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
143360

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
184320

SubsystemVersion
4.0

EntryPoint
0x12846

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 98e4056bf8957390dc9e14b517fd2cf3
SHA1 9d56aa5dd6244a43abf92d427d42fce7a6b2ff4b
SHA256 6ef6dd38e0b763ff9877bd657ddbefc76ae72de7d49b0a5b82690c039036e1ee
ssdeep
6144:dYfBOeCxS0btQVqHZv4K2nububumrqUNebh4+xxMNVe:dmFbVqJRUububumWyMhBxD

authentihash 63be513ea7ca7da0fad688f3382bb22e00598d3f28f9ea135d3bb0fe3619383e
imphash 809c2b301c85c4d5d25dc6c3331eb37a
File size 324.0 KB ( 331776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-13 15:50:23 UTC ( 1 year, 10 months ago )
Last submission 2017-05-14 12:39:04 UTC ( 1 year, 10 months ago )
File names 6ef6dd38e0b763ff9877bd657ddbefc76ae72de7d49b0a5b82690c039036e1ee.bin.exe
4s64tsmt.exe
windowsmailb.exe
WindowsMailB.exe
WindowsMailB.exe
WindowsMailB.exe
WindowsMailB.exe.bin
wl34s0wc.exe
Advanced heuristic and reputation engines
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!