× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 71e7041631ddfe8481f2f17ac81db647673cde86fe580c40c7de6e66457c7e8c
File name: 6773d8c57380df6424081bad5a7311ac.virus
Detection ratio: 32 / 67
Analysis date: 2018-04-09 20:41:24 UTC ( 1 year ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30538107 20180409
AhnLab-V3 Malware/Win32.Generic.C2453130 20180409
ALYac Trojan.GenericKD.30538107 20180409
Arcabit Trojan.Generic.D1D1F97B 20180409
Avast Win32:Malware-gen 20180409
AVG Win32:Malware-gen 20180409
Avira (no cloud) TR/Crypt.ZPACK.itehb 20180409
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9971 20180409
BitDefender Trojan.GenericKD.30538107 20180409
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170201
Cylance Unsafe 20180409
Emsisoft Trojan.GenericKD.30538107 (B) 20180409
Endgame malicious (high confidence) 20180403
ESET-NOD32 a variant of Win32/Kryptik.GFDW 20180409
F-Secure Trojan.GenericKD.30538107 20180409
Fortinet W32/Kryptik.GFDW!tr 20180409
GData Trojan.GenericKD.30538107 20180409
Sophos ML heuristic 20180121
Kaspersky Trojan.Win32.Inject.ajexn 20180409
Malwarebytes Spyware.TrickBot 20180409
MAX malware (ai score=84) 20180409
McAfee GenericRXEO-JV!6773D8C57380 20180409
McAfee-GW-Edition BehavesLike.Win32.ICLoader.gh 20180408
eScan Trojan.GenericKD.30538107 20180409
Panda Trj/GdSda.A 20180409
Qihoo-360 HEUR/QVM20.1.6461.Malware.Gen 20180409
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180409
Symantec ML.Attribute.HighConfidence 20180409
TrendMicro-HouseCall TROJ_GEN.R004H0CD818 20180409
WhiteArmor Malware.HighConfidence 20180408
ZoneAlarm by Check Point Trojan.Win32.Inject.ajexn 20180409
AegisLab 20180409
Alibaba 20180409
Antiy-AVL 20180409
Avast-Mobile 20180409
AVware 20180409
Bkav 20180409
CAT-QuickHeal 20180409
ClamAV 20180409
CMC 20180409
Comodo 20180409
Cybereason None
Cyren 20180409
DrWeb 20180409
eGambit 20180409
F-Prot 20180409
Ikarus 20180409
Jiangmin 20180409
K7AntiVirus 20180409
K7GW 20180409
Kingsoft 20180409
Microsoft 20180409
NANO-Antivirus 20180409
nProtect 20180409
Palo Alto Networks (Known Signatures) 20180409
Rising 20180409
SUPERAntiSpyware 20180409
Symantec Mobile Insight 20180406
Tencent 20180409
TheHacker 20180404
TotalDefense 20180409
TrendMicro 20180409
Trustlook 20180409
VBA32 20180409
VIPRE 20180409
ViRobot 20180409
Webroot 20180409
Yandex 20180408
Zillya 20180409
Zoner 20180409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-10 19:11:26
Entry Point 0x00018070
Number of sections 4
PE sections
PE imports
Ord(17)
InitCommonControlsEx
GetOpenFileNameW
CreateCompatibleDC
DeleteDC
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
GetVersionExW
GetOEMCP
LCMapStringA
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
lstrcatW
TlsFree
LeaveCriticalSection
lstrcpyW
RaiseException
GetCPInfo
GetStringTypeA
SetUnhandledExceptionFilter
GetTempPathW
GetCurrentProcess
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
HeapAlloc
TerminateProcess
QueryPerformanceCounter
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
GetTickCount
GetCurrentThreadId
GetProcAddress
VirtualAlloc
SetLastError
InterlockedIncrement
EndDialog
LoadBitmapW
DefWindowProcW
GetMessageW
PostQuitMessage
DrawFrameControl
LoadBitmapA
EndPaint
DialogBoxParamW
TranslateMessage
PostMessageW
DispatchMessageW
BeginPaint
LoadStringW
InvalidateRect
DrawFocusRect
SetTimer
GetClassNameW
DialogBoxIndirectParamW
LoadCursorW
LoadIconW
CreateWindowExW
LoadAcceleratorsW
RegisterClassExW
TranslateAcceleratorW
DestroyWindow
Number of PE resources by type
RT_GROUP_CURSOR 2
RT_CURSOR 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_ACCELERATOR 1
Number of PE resources by language
ENGLISH US 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:07:10 20:11:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
258048

LinkerVersion
48.0

FileTypeExtension
exe

InitializedDataSize
192512

SubsystemVersion
5.1

EntryPoint
0x18070

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 6773d8c57380df6424081bad5a7311ac
SHA1 2e675c92f65c61f6dd13f182111be4e9ee8bca2c
SHA256 71e7041631ddfe8481f2f17ac81db647673cde86fe580c40c7de6e66457c7e8c
ssdeep
6144:nR8WciMax38tu0T43O9y4jx6U8lUO+iUEdQhFdz:R8va6ZTw4y4N58lfLdQH

authentihash da4c86c6d9c9304b73fbbc4e291b7d10391a07f34cac8aa62572479da83be926
imphash 136b653a33edce39f41b51961fae7cba
File size 432.0 KB ( 442368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (39.9%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
Win16/32 Executable Delphi generic (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-09 20:41:24 UTC ( 1 year ago )
Last submission 2018-04-09 20:41:24 UTC ( 1 year ago )
File names 6773d8c57380df6424081bad5a7311ac.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications