× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7052a4af43318689cfd86f4b38af1354b38e21ed391df4baa0fc6979038e237d
File name: output.114395381.txt
Detection ratio: 17 / 68
Analysis date: 2018-10-30 14:29:23 UTC ( 4 months, 3 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Autoit.C1942121 20181030
Avast JS:ScriptSH-inf [Trj] 20181030
AVG JS:ScriptSH-inf [Trj] 20181030
Avira (no cloud) DR/AutoIt.Gen 20181030
ClamAV Win.Trojan.AutoIT-6333854-0 20181030
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181022
Cybereason malicious.cdb277 20180225
Cylance Unsafe 20181030
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Injector.Autoit.CNO 20181030
Fortinet AutoIt/Injector.DLC!tr 20181030
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 005391d51 ) 20181030
K7GW Trojan ( 005391d51 ) 20181030
Microsoft Program:Win32/Unwaders.C!ml 20181030
Qihoo-360 HEUR/QVM06.1.DF71.Malware.Gen 20181030
Zoner Probably RARAutorun 20181030
Ad-Aware 20181030
AegisLab 20181030
Alibaba 20180921
ALYac 20181030
Antiy-AVL 20181030
Arcabit 20181030
Avast-Mobile 20181030
Babable 20180918
Baidu 20181030
BitDefender 20181030
Bkav 20181030
CAT-QuickHeal 20181028
CMC 20181030
Cyren 20181030
DrWeb 20181030
eGambit 20181030
Emsisoft 20181030
F-Prot 20181030
F-Secure 20181030
GData 20181030
Ikarus 20181030
Jiangmin 20181030
Kaspersky 20181030
Kingsoft 20181030
Malwarebytes 20181030
MAX 20181030
McAfee 20181030
McAfee-GW-Edition 20181030
eScan 20181030
NANO-Antivirus 20181030
Palo Alto Networks (Known Signatures) 20181030
Panda 20181030
Rising 20181030
SentinelOne (Static ML) 20181011
Sophos AV 20181030
SUPERAntiSpyware 20181029
Symantec 20181029
Symantec Mobile Insight 20181026
TACHYON 20181030
Tencent 20181030
TheHacker 20181025
TotalDefense 20181030
TrendMicro 20181030
TrendMicro-HouseCall 20181030
Trustlook 20181030
VBA32 20181030
VIPRE 20181030
ViRobot 20181030
Webroot 20181030
Yandex 20181026
Zillya 20181029
ZoneAlarm by Check Point 20181030
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
T76RY88XP88J4e9´6hu¿2yw59hej7yhweok5u'ip45womeyi'06ýip56e´tp9yio4jw´,r96kip8u´5e9ru6iy¿'´6epoiuh´ñ4w5k7új{0i5eoj´r9hypi6lek7´960tw'e´lr8ikjtr

Product J77BC73BZ906'´80pyoeu570rpoyhw4´5p7iuy´4kou656´pli8+uj.05i6k'g530´qi4er7u0´jilu¿hy0peru7´0periú,pow{ru´p9N
Original name P80KE85UFl¿u+ynurkt'+7yiojwme7iyhj´4eipr6y´5eipruybíptu´5ei07tu'65bpkor´9y0iuetnú0hop{kerú90ipnhoj´t0ipukn´h,eipoymijnetr78G
File version A66Y8'0ulb6e5k+8t9uipyoumw´'ersi´ptuo´'y4´wpero´tuip5jopy954b0iwt0uipw4je5´'upk5b´6erp0r'{opyjé6rp{06iptowk´5r9pt0dmpiu+ñn5erbygV85CC69P
Description 0tuoe50you´08ipouj´'pirot7´'ptyk´45wpirojud´k8u0{hiypowe5h´k706pilub0eñ6t8koj4u65rC74DF85FZ89T
Packers identified
F-PROT RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-09 13:19:49
Entry Point 0x0000AC87
Number of sections 5
PE sections
Overlays
MD5 7493a1dcff10a6696a85417963a00a5b
File type application/x-rar
Offset 136704
Size 714857
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
FreeLibrary
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
FlushFileBuffers
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetTickCount
SetFileAttributesA
FileTimeToLocalFileTime
OpenFileMappingW
GetCurrentProcessId
CreateDirectoryA
DeleteFileA
GetCPInfo
GetDateFormatW
MultiByteToWideChar
MapViewOfFile
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
LoadLibraryW
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
GetCurrentProcess
FindFirstFileA
CompareStringA
FindFirstFileW
SetEnvironmentVariableW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
GetExitCodeProcess
GetCurrentDirectoryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
ExitProcess
GetLocaleInfoW
GetNumberFormatW
SetLastError
MoveFileW
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
TranslateMessage
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
DispatchMessageW
ReleaseDC
DestroyIcon
SendDlgItemMessageW
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
MessageBoxW
GetDC
GetClassNameW
PeekMessageW
CharUpperA
OemToCharA
EnableWindow
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
CharToOemA
DestroyWindow
CreateStreamOnHGlobal
OleUninitialize
CLSIDFromString
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 6
RT_STRING 6
RT_ICON 1
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
NEUTRAL DEFAULT 2
SPANISH MEXICAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
0tuoe50you 08ipouj 'pirot7 'ptyk 45wpirojud k8u0{hiypowe5h k706pilub0e 6t8koj4u65rC74DF85FZ89T

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
60928

EntryPoint
0xac87

OriginalFileName
P80KE85UFl u+ynurkt'+7yiojwme7iyhj 4eipr6y 5eipruyb ptu 5ei07tu'65bpkor 9y0iuetn 0hop{ker 90ipnhoj t0ipukn h,eipoymijnetr78G

MIMEType
application/octet-stream

LegalCopyright
T76RY88XP88J4e9 6hu 2yw59hej7yhweok5u'ip45womeyi'06 ip56e tp9yio4jw ,r96kip8u 5e9ru6iy ' 6epoiuh 4w5k7 j{0i5eoj r9hypi6lek7 960tw'e lr8ikjtr

FileVersion
A66Y8'0ulb6e5k+8t9uipyoumw 'ersi ptuo 'y4 wpero tuip5jopy954b0iwt0uipw4je5 'upk5b 6erp0r'{opyj 6rp{06iptowk 5r9pt0dmpiu+ n5erbygV85CC69P

TimeStamp
2012:06:09 15:19:49+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1,0,0,0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
W71YXo6u'70py 9bu4ipwer96uyt04po05p69t87u 04w5lku7 bp3o4eru'jy p0tki b5r5s73VL66E

CodeSize
74752

ProductName
J77BC73BZ906' 80pyoeu570rpoyhw4 5p7iuy 4kou656 pli8+uj.05i6k'g530 qi4er7u0 jilu hy0peru7 0peri ,pow{ru p9N

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 6e02939be9cc50b80f41d30daaf5f9e9
SHA1 ed0a977cdb277539f27d6b8669edb990c4abb502
SHA256 7052a4af43318689cfd86f4b38af1354b38e21ed391df4baa0fc6979038e237d
ssdeep
12288:OK2mhAMJ/cPlDFl+RyE5cO2ZKOJ9t21QOCLsn2lwnlZwL0ZApuA3bDtWt:f2O/GlBl+c4cOoD2iOCLs2lQlZP69G

authentihash 06c7ad1cf1163f40507abfa212302a9ce82d632e8f079cb3bea77d6b1bc45cfd
imphash 3c98c11017e670673be70ad841ea9c37
File size 831.6 KB ( 851561 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID WinRAR Self Extracting archive (4.x-5.x) (90.1%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win64 Executable (generic) (3.0%)
Windows screen saver (1.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-10-30 14:04:29 UTC ( 4 months, 3 weeks ago )
Last submission 2018-11-09 05:06:41 UTC ( 4 months, 2 weeks ago )
File names Z46YIU3.exe
r0th3r46.exe
6e02939be9cc50b80f41d30daaf5f9e9
Shp0t1m32609.exe
output.114395381.txt
d0bfl465.exe
zbetcheckin_tracker_d0bfl465.exe
P80KE85UFl¿u+ynurkt'+7yiojwme7iyhj´4eipr6y´5eipruybíptu´5ei07tu'65bpkor´9y0iuetnú0hop{kerú90ipnhoj´t0ipukn´h,eipoymijnetr78G
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs