× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 70ce355cfe64ce3560072f7e3539f8d4a4fd966e143de17cefec4a3f84dde632
File name: 70ce355cfe64ce3560072f7e3539f8d4a4fd966e143de17cefec4a3f84dde632
Detection ratio: 34 / 68
Analysis date: 2017-11-12 10:38:00 UTC ( 8 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6184837 20171112
AegisLab Filerepmalware.Gen!c 20171112
Avast Win32:Malware-gen 20171112
AVG Win32:Malware-gen 20171112
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9998 20171109
BitDefender Trojan.GenericKD.6184837 20171112
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20171016
Cylance Unsafe 20171112
Cyren W32/Trojan.IKXF-7308 20171112
Emsisoft Trojan.GenericKD.6184837 (B) 20171112
Endgame malicious (high confidence) 20171024
ESET-NOD32 a variant of Win32/Kryptik.FYWR 20171112
F-Secure Trojan.GenericKD.6184837 20171112
Fortinet W32/GenKryptik.BCYP!tr 20171112
GData Trojan.GenericKD.6184837 20171112
Ikarus Trojan.Win32.Crypt 20171112
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Diple.gxgs 20171112
Malwarebytes Ransom.Crysis 20171112
MAX malware (ai score=82) 20171112
McAfee Artemis!9F477D890347 20171112
McAfee-GW-Edition BehavesLike.Win32.Trojan.cc 20171112
Microsoft TrojanDownloader:Win32/Dofoil.AA 20171112
eScan Trojan.GenericKD.6184837 20171112
Palo Alto Networks (Known Signatures) generic.ml 20171112
Panda Trj/Genetic.gen 20171112
Qihoo-360 HEUR/QVM10.1.1E41.Malware.Gen 20171112
Rising Malware.Obscure/Heur!1.9E03 (CLASSIC) 20171112
Tencent Suspicious.Heuristic.Gen.b.0 20171112
TrendMicro TROJ_GEN.R03BC0DKC17 20171112
TrendMicro-HouseCall Suspicious_GEN.F47V1111 20171112
VIPRE Trojan.Win32.Generic!BT 20171112
Webroot W32.Adware.Gen 20171112
ZoneAlarm by Check Point Trojan.Win32.Diple.gxgs 20171112
AhnLab-V3 20171112
Alibaba 20170911
ALYac 20171110
Antiy-AVL 20171112
Arcabit 20171110
Avast-Mobile 20171111
Avira (no cloud) 20171111
AVware 20171111
Bkav 20171111
CAT-QuickHeal 20171111
ClamAV 20171112
CMC 20171109
Comodo 20171112
Cybereason 20171030
DrWeb 20171112
eGambit 20171112
F-Prot 20171112
Jiangmin 20171110
K7AntiVirus 20171112
K7GW 20171112
Kingsoft 20171112
NANO-Antivirus 20171112
nProtect 20171112
SentinelOne (Static ML) 20171019
Sophos AV 20171112
SUPERAntiSpyware 20171112
Symantec 20171111
Symantec Mobile Insight 20171110
TheHacker 20171112
TotalDefense 20171112
Trustlook 20171112
VBA32 20171110
ViRobot 20171111
WhiteArmor 20171104
Yandex 20171110
Zillya 20171110
Zoner 20171112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-10 21:33:30
Entry Point 0x00002D03
Number of sections 6
PE sections
PE imports
GetNativeSystemInfo
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
TerminateThread
LoadLibraryW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
GetProcessTimes
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
HeapSize
RtlUnwind
GetACP
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetStringTypeW
LocalAlloc
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
GetCPInfoExA
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
GetFileInformationByHandle
GetCommandLineA
GetProcAddress
InitializeSListHead
AddAtomW
GetProcessHeap
FindNextFileA
SetStdHandle
WriteFile
RaiseException
WideCharToMultiByte
TlsFree
FreeEnvironmentStringsW
FindFirstFileExA
SetUnhandledExceptionFilter
LoadLibraryExW
CloseHandle
IsProcessorFeaturePresent
GetThreadTimes
GetSystemTimes
ExitThread
HeapReAlloc
DecodePointer
GetModuleHandleW
HeapAlloc
TerminateProcess
GetProcessAffinityMask
GetProcessShutdownParameters
GetModuleHandleExW
IsValidCodePage
SetLastError
CreateFileW
FindClose
TlsGetValue
GetFileType
TlsSetValue
ExitProcess
GetCurrentThreadId
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
GetScrollRange
ShowScrollBar
GetCaretPos
Number of PE resources by type
RT_ICON 6
RT_BITMAP 3
DAF 1
RT_DIALOG 1
RT_GROUP_CURSOR 1
LUKOTUMELIYOJUXOFUVIPIZI 1
KABEWOYOHUMEJITIKUWAKOPIFAZOPU 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
ENGLISH US 2
LITHUANIAN NEUTRAL 1
GAELIC SCOTTISH 1
ENGLISH UK 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2017:11:10 22:33:30+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
49152

LinkerVersion
14.0

FileTypeExtension
exe

InitializedDataSize
137216

SubsystemVersion
5.1

EntryPoint
0x2d03

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 9f477d8903476323a6d61de33e31a7b2
SHA1 33bdf5f3099cf8b881fd342d822703854217edea
SHA256 70ce355cfe64ce3560072f7e3539f8d4a4fd966e143de17cefec4a3f84dde632
ssdeep
3072:4jjY1Mj9lw4zo4sM2RbGjSL/lB27vGlS5ed/c:4j01+PV0vLd07vGMu0

authentihash 97f6dd1ec7fa9bc2c693e641b81e87fd9fe932714ebd7195072270da28eefa19
imphash b0c93ba5c811233c58055f23f1d6d914
File size 150.5 KB ( 154112 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-11 09:02:31 UTC ( 8 months, 2 weeks ago )
Last submission 2017-11-12 10:38:00 UTC ( 8 months, 1 week ago )
File names 70ce355cfe64ce3560072f7e3539f8d4a4fd966e143de17cefec4a3f84dde632
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Terminated processes
Opened mutexes
Runtime DLLs