× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7039730b30079291bcae176081a5049198b369a5d375573ccba466658897b6f6
File name: output.112557830.txt
Detection ratio: 47 / 67
Analysis date: 2017-12-07 22:47:42 UTC ( 1 week, 3 days ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Trojan.Crypt.52 20171207
AegisLab Troj.Spy.W32.Spyeyes!c 20171207
AhnLab-V3 Trojan/Win32.MalCrypted.R213835 20171207
ALYac Gen:Variant.Trojan.Crypt.52 20171207
Avast Win32:Malware-gen 20171207
AVG Win32:Malware-gen 20171207
Avira (no cloud) TR/Crypt.Xpack.lhviz 20171207
AVware Trojan.Win32.Generic!BT 20171207
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9977 20171207
BitDefender Gen:Variant.Trojan.Crypt.52 20171207
Bkav W32.JaitecodLTO.Trojan 20171207
CAT-QuickHeal TrojanSpy.SpyEyes 20171206
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20171016
Cylance Unsafe 20171207
DrWeb Trojan.DownLoad3.47415 20171207
Emsisoft Gen:Variant.Trojan.Crypt.52 (B) 20171207
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.FZML 20171207
F-Secure Gen:Variant.Trojan.Crypt.52 20171207
Fortinet W32/Kryptik.FZNG!tr 20171207
GData Gen:Variant.Trojan.Crypt.52 20171207
Ikarus Trojan.Win32.Crypt 20171207
Sophos ML heuristic 20170914
Jiangmin TrojanSpy.SpyEyes.nds 20171207
K7AntiVirus Trojan ( 0051df381 ) 20171205
K7GW Trojan ( 0051df381 ) 20171207
Kaspersky Trojan-Spy.Win32.SpyEyes.bcsl 20171207
MAX malware (ai score=100) 20171207
McAfee Trojan-FLWN!2C3B4DE34E2B 20171207
McAfee-GW-Edition BehavesLike.Win32.Generic.hc 20171207
Microsoft Trojan:Win32/Skeeyah.A!rfn 20171207
eScan Gen:Variant.Trojan.Crypt.52 20171207
NANO-Antivirus Trojan.Win32.Jimmy.evgebl 20171207
Palo Alto Networks (Known Signatures) generic.ml 20171207
Panda Trj/CI.A 20171207
Qihoo-360 Win32/Trojan.14e 20171207
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/Generic-S 20171207
Symantec Trojan.Gen 20171207
Tencent Win32.Trojan-spy.Spyeyes.Hrpj 20171207
TrendMicro TROJ_GEN.R004C0PKU17 20171207
TrendMicro-HouseCall TROJ_GEN.R004C0PKU17 20171207
VBA32 TrojanSpy.SpyEyes 20171207
VIPRE Trojan.Win32.Generic!BT 20171207
Webroot W32.Trojan.Gen 20171207
Zillya Trojan.Inject.Win32.242561 20171207
ZoneAlarm by Check Point Trojan-Spy.Win32.SpyEyes.bcsl 20171207
Alibaba 20171207
Arcabit 20171207
Avast-Mobile 20171207
ClamAV 20171207
CMC 20171207
Comodo 20171207
Cybereason 20171103
Cyren 20171207
eGambit 20171207
F-Prot 20171207
Kingsoft 20171207
Malwarebytes 20171207
nProtect 20171207
Rising 20171207
SUPERAntiSpyware 20171207
Symantec Mobile Insight 20171207
TheHacker 20171205
TotalDefense 20171207
Trustlook 20171207
ViRobot 20171207
WhiteArmor 20171204
Yandex 20171207
Zoner 20171207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-24 08:12:36
Entry Point 0x000039E1
Number of sections 5
PE sections
PE imports
ClearEventLogA
BackupEventLogW
ChangeServiceConfigA
GetNativeSystemInfo
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
TerminateThread
GetModuleFileNameW
GetConsoleCP
AreFileApisANSI
GetOEMCP
QueryPerformanceCounter
GetTimeFormatW
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
CreateSemaphoreW
GetDateFormatW
LoadLibraryExW
GetCommandLineW
WideCharToMultiByte
EnumSystemLocalesW
TlsGetValue
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
SetConsoleCtrlHandler
GetUserDefaultLCID
GetModuleHandleW
AddAtomW
EncodePointer
GetLocaleInfoW
SetStdHandle
CompareStringW
RaiseException
UnhandledExceptionFilter
GetCPInfo
TlsFree
GetSystemTimeAsFileTime
ReadFile
SetEndOfFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetMailslotInfo
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
GetCurrentThread
FreeLibrary
GetSystemTimeAdjustment
TerminateProcess
CreateEventW
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
SetLastError
CreateFileW
FatalAppExitA
GetEnvironmentStringsW
IsDebuggerPresent
Sleep
GetFileType
ReadConsoleW
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcessHeap
ExitProcess
WriteConsoleW
LeaveCriticalSection
GetMenuInfo
LoadMenuA
CallMsgFilterA
GetRawInputDeviceList
GetNextDlgGroupItem
PeekMessageW
LoadImageA
LoadCursorFromFileA
LoadBitmapA
LoadKeyboardLayoutA
DispatchMessageW
LoadStringA
LoadMenuIndirectW
GetRawInputDeviceInfoA
RegisterRawInputDevices
GetNextDlgTabItem
CreateIconFromResource
LoadCursorW
LoadIconW
LoadAcceleratorsW
ScrollWindow
CloseClipboard
Number of PE resources by type
RT_ICON 1
WPHEKLJ 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:11:24 09:12:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
147968

LinkerVersion
12.0

EntryPoint
0x39e1

InitializedDataSize
1134080

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 2c3b4de34e2bdd00bd2b4ea6b6a422d9
SHA1 f9bcc5cfbd86daf94e238a490f99da7130ebf947
SHA256 7039730b30079291bcae176081a5049198b369a5d375573ccba466658897b6f6
ssdeep
12288:r7GK/nllEY4/roffQYTYBVs2zIej7wzbisV:vH/xsWQYcS+/E2E

authentihash 8a2f74c3fa8afc958f899d33e1566f5c07e77e8fa89cfadc7702db73f1dc9c55
imphash d8f6db82bec82da8bb09e392421ec3f2
File size 510.0 KB ( 522240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-01 08:11:24 UTC ( 2 weeks, 2 days ago )
Last submission 2017-12-07 22:47:42 UTC ( 1 week, 3 days ago )
File names s.exe
output.112557830.txt
2c3b4de34e2bdd00bd2b4ea6b6a422d9
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications