× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 72ad186ec91d828430c0155f88e7dc72775c664d467e2650addf5cc3851daa41
File name: 1f16d2d084a328a4a15dc894a2c0164259b244da
Detection ratio: 44 / 67
Analysis date: 2018-06-20 05:57:48 UTC ( 9 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.269124 20180620
AegisLab Troj.W32.Invader!c 20180620
AhnLab-V3 Trojan/Win32.Inject.C1795477 20180620
ALYac Gen:Variant.Razy.269124 20180620
Antiy-AVL Trojan/Win32.Invader 20180620
Avast Win32:Rovnix-K [Rtk] 20180620
AVG Win32:Rovnix-K [Rtk] 20180620
Avira (no cloud) TR/Hijacker.Gen 20180619
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9946 20180620
Bkav W32.eHeur.Malware11 20180619
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.89b90b 20180225
Cylance Unsafe 20180620
Cyren W32/Trojan.HWTN-4800 20180620
DrWeb Trojan.DownLoader24.5625 20180620
Emsisoft Gen:Variant.Razy.269124 (B) 20180620
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/TrojanDownloader.Carberp.BU 20180620
F-Secure Gen:Variant.Razy.269124 20180620
Fortinet W32/Malicious_Behavior.VEX 20180620
Ikarus Trojan.Win32.PSW 20180619
Sophos ML heuristic 20180601
Jiangmin Trojan.Invader.arv 20180620
K7AntiVirus Trojan-Downloader ( 004fbdbc1 ) 20180619
K7GW Trojan-Downloader ( 004fbdbc1 ) 20180620
Kaspersky HEUR:Trojan.Win32.Invader 20180620
MAX malware (ai score=95) 20180620
McAfee GenericRXBG-BT!04B93C389B90 20180620
McAfee-GW-Edition BehavesLike.Win32.Trojan.gh 20180620
Microsoft TrojanDownloader:Win32/Carberp.BV!bit 20180619
eScan Gen:Variant.Razy.269124 20180620
NANO-Antivirus Trojan.Win32.Invader.elocci 20180620
Palo Alto Networks (Known Signatures) generic.ml 20180620
Panda Trj/GdSda.A 20180619
Qihoo-360 Win32/Trojan.718 20180620
SentinelOne (Static ML) static engine - malicious 20180618
Sophos AV Mal/Generic-S 20180620
Symantec Trojan.Gen.2 20180620
Tencent Win32.Trojan.Hijacker.Fsb 20180620
TrendMicro TROJ_GEN.R061C0DFJ18 20180620
TrendMicro-HouseCall TROJ_GEN.R061C0DFJ18 20180620
VBA32 Trojan.Invader 20180619
ViRobot Trojan.Win32.Z.Invader.415232.O 20180619
ZoneAlarm by Check Point HEUR:Trojan.Win32.Invader 20180620
Alibaba 20180620
Arcabit 20180620
Avast-Mobile 20180619
AVware 20180618
Babable 20180406
BitDefender 20180620
CAT-QuickHeal 20180620
ClamAV 20180620
CMC 20180620
Comodo 20180620
eGambit 20180620
F-Prot 20180620
GData 20180620
Kingsoft 20180620
Malwarebytes 20180620
Rising 20180620
SUPERAntiSpyware 20180620
Symantec Mobile Insight 20180619
TACHYON 20180620
TheHacker 20180620
TotalDefense 20180620
Trustlook 20180620
VIPRE 20180620
Webroot 20180620
Yandex 20180618
Zoner 20180620
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-19 00:41:14
Entry Point 0x00001620
Number of sections 4
PE sections
PE imports
GetLastError
EnterCriticalSection
WriteProcessMemory
VirtualAllocEx
lstrlenA
lstrcmpiA
FreeLibrary
VirtualProtect
LoadLibraryA
GetModuleFileNameA
VirtualFree
GetCurrentProcess
SwitchToThread
CreateEventA
GetFileSize
lstrcatA
OpenProcess
GetProcAddress
VirtualProtectEx
SuspendThread
GetModuleHandleA
SetFilePointer
lstrcmpA
ReadFile
GetCurrentProcessId
lstrcpyA
CloseHandle
GetModuleHandleW
LocalFree
ResumeThread
GetThreadContext
CreateProcessW
ReadProcessMemory
Sleep
CreateFileA
GetVersion
VirtualAlloc
LocalAlloc
LeaveCriticalSection
EnumProcessModules
SHGetFolderPathW
PathCombineW
StrRChrA
StrChrA
NtCreateSection
NtGetContextThread
NtSetContextThread
memset
NtUnmapViewOfSection
ZwClose
RtlNtStatusToDosError
ZwQueryInformationProcess
RtlUnwind
memcpy
NtQueryVirtualMemory
NtMapViewOfSection
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:06:19 01:41:14+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
13824

LinkerVersion
14.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x1620

InitializedDataSize
400896

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Execution parents
File identification
MD5 04b93c389b90b9588cdb6bd2e55fe576
SHA1 314d1a300a496c001b1ce1042fef66f9d0f3a266
SHA256 72ad186ec91d828430c0155f88e7dc72775c664d467e2650addf5cc3851daa41
ssdeep
6144:D6tGOZU13HlTdKa/tKugiePOsrhWDuPQXhEHlIxJKqsEFcvhHpRqmIE8uVQ4:D6c+AH5galK6WOoKryvZp4mIE8CX

authentihash df711d9e4a751669b27c604b3b21025059835cc470220553957246d79ed19b76
imphash 6a003b897ae0bf62ce848978beadd8b7
File size 405.5 KB ( 415232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-19 02:30:19 UTC ( 9 months ago )
Last submission 2018-08-02 07:55:42 UTC ( 7 months, 2 weeks ago )
File names avast.exe
72ad186ec91d828430c0155f88e7dc72775c664d467e2650addf5cc3851daa41.bin.rename
1f16d2d084a328a4a15dc894a2c0164259b244da
39F5.tmp.exe
gj0fAFxrlt.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs