× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 719b83d780192153cff327e86d698f79dd243e3138059dddf567e9545e4439da
File name: mrvrNuEDinAQ2knHWE55T.exe
Detection ratio: 21 / 66
Analysis date: 2018-05-14 12:56:50 UTC ( 9 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20180514
Avast FileRepMalware 20180514
AVG FileRepMalware 20180514
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180511
Comodo CloudScanner.Trojan.Gen 20180514
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180514
eGambit Unsafe.AI_Score_99% 20180514
Endgame malicious (high confidence) 20180507
Sophos ML heuristic 20180503
Kaspersky UDS:DangerousObject.Multi.Generic 20180514
McAfee Artemis!43465359CBAA 20180514
McAfee-GW-Edition BehavesLike.Win32.Ransom.ch 20180514
Microsoft Trojan:Win32/Azden.B!cl 20180514
Palo Alto Networks (Known Signatures) generic.ml 20180514
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/EncPk-ANX 20180514
Symantec ML.Attribute.HighConfidence 20180514
VBA32 Malware-Cryptor.Limpopo 20180514
Webroot W32.Trojan.Emotet 20180514
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180514
Ad-Aware 20180514
AhnLab-V3 20180514
Alibaba 20180514
ALYac 20180514
Antiy-AVL 20180514
Arcabit 20180514
Avast-Mobile 20180514
Avira (no cloud) 20180514
AVware 20180428
Babable 20180406
BitDefender 20180514
Bkav 20180514
CAT-QuickHeal 20180514
ClamAV 20180514
CMC 20180514
Cybereason None
Cyren 20180514
Emsisoft 20180514
ESET-NOD32 20180514
F-Prot 20180514
F-Secure 20180514
Fortinet 20180514
GData 20180514
Ikarus 20180514
Jiangmin 20180514
K7AntiVirus 20180514
K7GW 20180514
Kingsoft 20180514
Malwarebytes 20180514
MAX 20180514
eScan 20180514
NANO-Antivirus 20180514
nProtect 20180514
Panda 20180514
Qihoo-360 20180514
Rising 20180514
SUPERAntiSpyware 20180514
Tencent 20180514
TheHacker 20180509
TotalDefense 20180514
TrendMicro 20180514
TrendMicro-HouseCall 20180514
Trustlook 20180514
VIPRE 20180514
ViRobot 20180514
Yandex 20180513
Zillya 20180514
Zoner 20180514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-14 10:41:32
Entry Point 0x0000140B
Number of sections 4
PE sections
PE imports
DuplicateToken
CertVerifySubjectCertificateContext
GetArcDirection
RemoveFontResourceW
ColorCorrectPalette
SetSystemPaletteUse
ImmConfigureIMEW
GetTickCount64
OpenFile
LocalSize
GetSystemDefaultUILanguage
FillConsoleOutputAttribute
Sleep
SetThreadAffinityMask
GetHandleInformation
GetCommandLineA
ScrollConsoleScreenBufferA
SetHandleInformation
FindVolumeMountPointClose
WriteConsoleW
RevokeActiveObject
SHGetMalloc
PathIsLFNFileSpecW
StrChrA
EndDeferWindowPos
GetScrollBarInfo
GetWindowRect
GetScrollRange
IsDlgButtonChecked
SetWindowContextHelpId
GetDesktopWindow
SetCursorPos
SetMenuDefaultItem
EnumPrinterDriversW
SCardLocateCardsW
Number of PE resources by type
RT_STRING 10
RT_BITMAP 3
Number of PE resources by language
NEUTRAL 13
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:05:14 12:41:32+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
10.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x140b

InitializedDataSize
122880

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 43465359cbaac9a368488c54af623364
SHA1 6ca936e37b4e621861b3b44b0dfe76bbd4255e4c
SHA256 719b83d780192153cff327e86d698f79dd243e3138059dddf567e9545e4439da
ssdeep
3072:mcqYOd0QE5GSVMtN1Y5ZmsMyORbJSxnM:wYLQE5HOtdyStSh

authentihash 9f43478fc90d9a45c28974b3cec56d478968d122e2a35bdeb84bf9188a328d6e
imphash 5722c4699e74fd50a5087e7f4aa76405
File size 132.0 KB ( 135168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-14 10:44:05 UTC ( 9 months, 1 week ago )
Last submission 2018-05-28 17:46:15 UTC ( 8 months, 4 weeks ago )
File names 6189.exe
45391.exe
mrvrNuEDinAQ2knHWE55T.exe
18694.exe
6850.exe
5502.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!