× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 759e405351e6de779757695cc6fb1bce3cc6e3bb3ee4d24778d0cb2070091681
File name: ??? ??????????????.exe
Detection ratio: 50 / 67
Analysis date: 2018-09-15 09:57:13 UTC ( 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.252672 20180913
AegisLab Trojan.Win32.Scar.4!c 20180915
AhnLab-V3 Trojan/Win32.PlugX.C932524 20180914
ALYac Gen:Variant.Razy.252672 20180915
Antiy-AVL Trojan/Win32.Scar 20180915
Arcabit Trojan.Razy.D3DB00 20180915
Avast Win32:Malware-gen 20180915
AVG Win32:Malware-gen 20180915
Avira (no cloud) TR/Agent.559104.22 20180914
AVware Trojan.Win32.Generic!BT 20180915
BitDefender Gen:Variant.Razy.252672 20180915
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180723
Cybereason malicious.7bd9e8 20180225
Cylance Unsafe 20180915
Cyren W32/Korplug.C.gen!Eldorado 20180915
Emsisoft Gen:Variant.Razy.252672 (B) 20180915
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.DTAH 20180915
F-Prot W32/Korplug.C.gen!Eldorado 20180915
F-Secure Gen:Variant.Razy.252672 20180915
Fortinet W32/Scar.KPLS!tr 20180915
GData Gen:Variant.Razy.252672 20180915
Ikarus Trojan.Win32.Scar 20180915
Sophos ML heuristic 20180717
Jiangmin Trojan/Scar.bler 20180915
K7AntiVirus Riskware ( 0040eff71 ) 20180915
K7GW Riskware ( 0040eff71 ) 20180915
Kaspersky HEUR:Trojan.Win32.Generic 20180915
MAX malware (ai score=100) 20180915
McAfee Generic BackDoor.u 20180915
McAfee-GW-Edition BehavesLike.Win32.PUPXAA.hm 20180915
Microsoft Backdoor:Win32/Plugx.L 20180915
eScan Gen:Variant.Razy.252672 20180915
NANO-Antivirus Trojan.Win32.Scar.dtldva 20180915
Palo Alto Networks (Known Signatures) generic.ml 20180915
Panda Trj/Genetic.gen 20180915
Qihoo-360 Win32/Trojan.9a9 20180915
Rising Backdoor.Plugx!8.D0 (CLOUD) 20180915
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Troj/Plugx-BK 20180915
Symantec Trojan.Gen 20180914
Tencent Win32.Trojan.Scar.Wnmn 20180915
TrendMicro BKDR_PLUGX.BHS 20180915
TrendMicro-HouseCall BKDR_PLUGX.BHS 20180915
VBA32 Trojan.Scar 20180914
VIPRE Trojan.Win32.Generic!BT 20180915
Webroot W32.Gen.BT 20180915
Yandex Trojan.Scar!o7hi8pZ/czw 20180915
Zillya Trojan.Scar.Win32.93102 20180914
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180915
Alibaba 20180713
Avast-Mobile 20180915
Babable 20180907
Baidu 20180914
Bkav 20180915
CAT-QuickHeal 20180915
ClamAV 20180915
CMC 20180915
Comodo 20180915
DrWeb 20180915
eGambit 20180915
Kingsoft 20180915
Malwarebytes 20180915
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180915
TheHacker 20180914
Trustlook 20180915
ViRobot 20180915
Zoner 20180914
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-23 05:05:33
Entry Point 0x000025D1
Number of sections 5
PE sections
PE imports
SystemFunction036
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
lstrlenW
FindFirstFileExW
GetStdHandle
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
lstrcpyW
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
FindNextFileW
SetUnhandledExceptionFilter
LoadLibraryExW
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetThreadContext
TerminateProcess
GetModuleHandleExW
IsValidCodePage
WriteFile
CreateFileW
FindClose
lstrcatW
Sleep
SetLastError
TlsSetValue
ExitProcess
GetCurrentThreadId
WriteConsoleW
LeaveCriticalSection
RegisterClassExW
CreateWindowExW
UpdateWindow
EndPaint
EndDialog
BeginPaint
GetMessageW
TranslateMessage
DefWindowProcW
LoadStringW
LoadCursorW
DialogBoxParamW
LoadAcceleratorsW
PostQuitMessage
ShowWindow
TranslateAcceleratorW
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_ICON 14
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
CHINESE SIMPLIFIED 20
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:06:23 06:05:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
78848

LinkerVersion
14.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x25d1

InitializedDataSize
489472

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 62898b77bd9e8e286d6bc760f3e28981
SHA1 1c6a50e51203fda640b8535268bee657591d0ac5
SHA256 759e405351e6de779757695cc6fb1bce3cc6e3bb3ee4d24778d0cb2070091681
ssdeep
6144:yhARXL5SPOZ+BGcpiIh9D6XUlhl8hK6y6NIqistAlDFE4td:I+X1qDP9D6XJhz3zIW4t

authentihash 11edac143d9917da973875e124e3337153c9d08c56bf3beb51fbd5442983df52
imphash 47f4342644d92abf02a70987e58378ad
File size 546.0 KB ( 559104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-24 04:45:30 UTC ( 3 years, 3 months ago )
Last submission 2015-07-14 06:15:18 UTC ( 3 years, 3 months ago )
File names ??? ??????????????.exe
豪外相 集団的自衛権の行使容認を支持.exe
‹ŠO‘Š W’c“IŽ©‰qŒ ‚̍sŽg—e”F‚ðŽxŽ.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0DG115.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs