× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 73f0880358701566ed1792014b639c02f357da42981344a6ad644aae494d3e36
File name: a.exe-
Detection ratio: 45 / 65
Analysis date: 2018-05-03 00:00:01 UTC ( 11 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.222881 20180502
AhnLab-V3 Unwanted/Win32.CoinMiner.R225229 20180502
ALYac Misc.Riskware.BitCoinMiner 20180502
Antiy-AVL RiskWare[RiskTool]/Win32.BitMiner 20180502
Arcabit Trojan.Razy.D366A1 20180502
AVG Win32:Trojan-gen 20180502
Avira (no cloud) TR/ATRAPS.Gen 20180502
AVware Trojan.Win32.Generic!BT 20180428
Bkav W32.TikizaDGY.Trojan 20180502
CAT-QuickHeal Trojan.CoinMiner 20180502
Comodo UnclassifiedMalware 20180502
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cylance Unsafe 20180502
Cyren W32/Trojan.XUCA-1029 20180502
DrWeb Trojan.PWS.Panda.13229 20180502
Emsisoft Gen:Variant.Razy.222881 (B) 20180502
Endgame malicious (high confidence) 20180402
ESET-NOD32 Win32/CoinMiner.BHW 20180502
F-Secure Gen:Variant.Razy.222881 20180502
Fortinet Riskware/BitMiner 20180502
Ikarus Trojan.Win32.CoinMiner 20180502
Jiangmin RiskTool.BitMiner.ajts 20180502
K7AntiVirus Trojan ( 0052c6f31 ) 20180502
K7GW Trojan ( 0052c6f31 ) 20180502
Kaspersky not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen 20180502
Malwarebytes RiskWare.BitCoinMiner 20180502
MAX malware (ai score=100) 20180502
McAfee GenericRXEL-WP!A3E5DABDFC39 20180502
McAfee-GW-Edition BehavesLike.Win32.AdwareAdposhel.bc 20180502
Microsoft Trojan:Win32/CoinMiner.BW!bit 20180502
eScan Gen:Variant.Razy.222881 20180502
NANO-Antivirus Riskware.Win32.BitMiner.ezgxap 20180502
nProtect Abuse-Worry/W32.CoinMiner.808960 20180502
Palo Alto Networks (Known Signatures) generic.ml 20180502
Panda Trj/Genetic.gen 20180502
Qihoo-360 Win32/Trojan.230 20180502
Rising Trojan.CoinMiner!8.30A (TFE:4:IJkTLwGUFMD) 20180502
SentinelOne (Static ML) static engine - malicious 20180225
Sophos AV Mal/Generic-S 20180502
Symantec Trojan.Gen.6 20180502
Tencent Win32.Trojan.Inject.Auto 20180502
VIPRE Trojan.Win32.Generic!BT 20180502
Webroot W32.Trojan.Gen 20180502
Yandex Trojan.CoinMiner!P8ipQ0gt5R0 20180428
ZoneAlarm by Check Point not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen 20180502
AegisLab 20180502
Alibaba 20180502
Avast 20180503
Avast-Mobile 20180501
Babable 20180406
Baidu 20180502
BitDefender 20180503
ClamAV 20180502
CMC 20180502
Cybereason None
eGambit 20180502
F-Prot 20180503
GData 20180503
Sophos ML 20180120
Kingsoft 20180502
SUPERAntiSpyware 20180502
Symantec Mobile Insight 20180430
TheHacker 20180429
TotalDefense 20180502
TrendMicro 20180503
Trustlook 20180502
VBA32 20180502
ViRobot 20180502
Zoner 20180502
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-03-25 20:51:34
Entry Point 0x00003F50
Number of sections 4
PE sections
PE imports
GetTokenInformation
RegCloseKey
OpenProcessToken
RegSetValueExW
IsValidSid
ConvertSidToStringSidW
RegOpenKeyExW
CreateToolhelp32Snapshot
GetLastError
HeapFree
GetShortPathNameW
GetSystemInfo
GetModuleFileNameW
FreeLibrary
ExitProcess
LoadLibraryA
GetFileAttributesW
Process32Next
CreateProcessW
HeapAlloc
GetCurrentProcess
GetWindowsDirectoryW
GetCurrentProcessId
Process32First
GetCommandLineW
CreateThread
SetErrorMode
MultiByteToWideChar
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
GetThreadContext
GetProcessHeap
CreateMutexA
GetFileSizeEx
WideCharToMultiByte
GetModuleHandleA
GetExitCodeThread
CloseHandle
ExitThread
HeapReAlloc
GetModuleHandleW
SetThreadExecutionState
SetThreadContext
LocalFree
TerminateProcess
GetExitCodeProcess
VirtualFree
Sleep
GetTickCount
VirtualAlloc
CommandLineToArgvW
GetLastInputInfo
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetQueryOptionA
InternetCrackUrlA
CoTaskMemFree
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:03:25 22:51:34+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
27648

LinkerVersion
14.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x3f50

InitializedDataSize
786432

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 a3e5dabdfc394091e06e265f0c96c98d
SHA1 d858385196722bdcfaeb3019bfcce6b7203b95f9
SHA256 73f0880358701566ed1792014b639c02f357da42981344a6ad644aae494d3e36
ssdeep
24576:kvFtO0pnOQysicK4t3kO8scPyOpwJtFr:yrpdyl4tUOnigD

authentihash ddcc6856fb13ce6b541c7f0641d3e24d9850721b48f3877daa30bd3a8e700ba6
imphash 6e539a64c5b518a95373839ba6d3db5f
File size 790.0 KB ( 808960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-04-08 18:52:38 UTC ( 1 year ago )
Last submission 2018-05-28 08:58:55 UTC ( 10 months, 4 weeks ago )
File names f.exe
m[1].exe
wuh.exe
m.exe
mn.exe
337002194717156.exe
mmm.exe
output.113312267.txt
as.exe
m.exe
as.exe
output.113133744.txt
wuh.exe
a.exe-
winupdsvc.exe
a3e5dabdfc394091e06e265f0c96c98d
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Created mutexes
Opened mutexes
Runtime DLLs