× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 716f616221f5e45a9e45edb013ab59fdf27c000e0e6dcb77267c37f09ad75589
File name: freSUUFBdtY.exe
Detection ratio: 14 / 66
Analysis date: 2017-10-06 09:22:14 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9959 20170930
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20171006
Endgame malicious (high confidence) 20170821
Fortinet W32/Kryptik.FXEG!tr 20171006
Sophos ML heuristic 20170914
McAfee-GW-Edition BehavesLike.Win32.VTFlooder.hc 20171006
Qihoo-360 HEUR/QVM19.1.5222.Malware.Gen 20171006
Rising Malware.Heuristic!ET#99% (RDM+:cmRtazrvblu05KuQBOwUFGvRiSbP) 20171006
Sophos AV Mal/Elenoocka-E 20171005
Symantec Ransom.Locky!g33 20171006
TrendMicro Ransom_CERBER.SMALY0 20171006
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20171006
WhiteArmor Malware.HighConfidence 20170927
Ad-Aware 20171006
AegisLab 20171006
AhnLab-V3 20171005
Alibaba 20170911
ALYac 20171006
Antiy-AVL 20171006
Arcabit 20171006
Avast 20171006
Avast-Mobile 20171006
AVG 20171006
Avira (no cloud) 20171006
AVware 20171006
BitDefender 20171006
Bkav 20171005
CAT-QuickHeal 20171006
ClamAV 20171006
CMC 20171006
Comodo 20171006
Cyren 20171006
DrWeb 20171006
Emsisoft 20171006
ESET-NOD32 20171006
F-Prot 20171006
F-Secure 20171006
GData 20171006
Ikarus 20171006
Jiangmin 20171006
K7AntiVirus 20171006
K7GW 20171006
Kaspersky 20171006
Kingsoft 20171006
Malwarebytes 20171006
MAX 20171006
McAfee 20171006
Microsoft 20171006
eScan 20171006
NANO-Antivirus 20171006
nProtect 20171006
Palo Alto Networks (Known Signatures) 20171006
Panda 20171005
SentinelOne (Static ML) 20171001
SUPERAntiSpyware 20171006
Symantec Mobile Insight 20171006
Tencent 20171006
TheHacker 20171002
TotalDefense 20171006
Trustlook 20171006
VBA32 20171005
VIPRE 20171006
ViRobot 20171006
Webroot 20171006
Yandex 20171005
Zillya 20171005
ZoneAlarm by Check Point 20171006
Zoner 20171006
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-25 09:43:35
Entry Point 0x00006227
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
LogonUserW
OpenServiceA
RegUnLoadKeyW
RegSaveKeyW
RegReplaceKeyW
RegLoadKeyW
RegCreateKeyExA
ClearEventLogA
RegDeleteValueA
Ctl3dRegister
Ctl3dEnabled
Ctl3dUnregister
GlobalAddAtomA
SystemTimeToFileTime
DefineDosDeviceA
GetModuleHandleA
GetConsoleTitleW
GetCommandLineW
lstrcmp
FindNextFileA
FindClose
GetTickCount
WaitForSingleObject
ReadConsoleW
FindFirstFileW
CreateMutexW
LoadLibraryA
GetProcAddress
GetEnvironmentVariableW
InsertMenuA
wsprintfA
LoadCursorA
LoadMenuA
DrawStateA
CharUpperW
PeekMessageA
DialogBoxParamA
GetDlgItemTextW
PostMessageW
GetClassLongA
Number of PE resources by type
RT_GROUP_CURSOR 5
RT_STRING 1
Number of PE resources by language
NEUTRAL 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:03:25 10:43:35+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
50688

LinkerVersion
8.0

EntryPoint
0x6227

InitializedDataSize
19456

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 9979bd6521e1fbd4dcd2ff58da4c84ba
SHA1 dfd1633be76a92e1d8b3e43e91d8c1a959d2c8d5
SHA256 716f616221f5e45a9e45edb013ab59fdf27c000e0e6dcb77267c37f09ad75589
ssdeep
12288:m+OGAIEDVblq76ChI9WaoCrBcUZn3kjzcLOo9Qx8JIxFFm9S:tu3qLI9WToxVkn05uv

imphash 28369b80369e4ab4e1379086b8cacfab
File size 587.5 KB ( 601600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-06 09:22:14 UTC ( 1 year, 7 months ago )
Last submission 2017-10-08 12:23:44 UTC ( 1 year, 7 months ago )
File names 716f616221f5e45a9e45edb013ab59fdf27c000e0e6dcb77267c37f09ad75589
localfile~
freSUUFBdtY.exe
samples 06_10_2017 (54)
uywtfgh36
uywtfgh36.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications