× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 759e405351e6de779757695cc6fb1bce3cc6e3bb3ee4d24778d0cb2070091681
File name: ??? ??????????????.exe
Detection ratio: 52 / 68
Analysis date: 2018-07-23 10:39:37 UTC ( 3 weeks, 4 days ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.252672 20180723
AegisLab Trojan.Win32.Scar.4!c 20180723
AhnLab-V3 Trojan/Win32.PlugX.C932524 20180723
ALYac Gen:Variant.Razy.252672 20180723
Antiy-AVL Trojan/Win32.Scar 20180723
Arcabit Trojan.Razy.D3DB00 20180723
Avast Win32:Malware-gen 20180723
AVG Win32:Malware-gen 20180723
Avira (no cloud) TR/Agent.559104.22 20180723
AVware Trojan.Win32.Generic!BT 20180723
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9741 20180723
BitDefender Gen:Variant.Razy.252672 20180723
CAT-QuickHeal Trojan.Scar 20180723
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20180530
Cybereason malicious.7bd9e8 20180225
Cylance Unsafe 20180723
Cyren W32/Korplug.C.gen!Eldorado 20180723
Emsisoft Gen:Variant.Razy.252672 (B) 20180723
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.DTAH 20180723
F-Prot W32/Korplug.C.gen!Eldorado 20180723
F-Secure Gen:Variant.Razy.252672 20180723
Fortinet W32/Scar.KPLS!tr 20180723
GData Gen:Variant.Razy.252672 20180723
Ikarus Trojan.Win32.Scar 20180723
Sophos ML heuristic 20180717
Jiangmin Trojan/Scar.bler 20180723
K7AntiVirus Riskware ( 0040eff71 ) 20180723
K7GW Riskware ( 0040eff71 ) 20180723
Kaspersky HEUR:Trojan.Win32.Generic 20180723
MAX malware (ai score=100) 20180723
McAfee Generic BackDoor.u 20180723
McAfee-GW-Edition BehavesLike.Win32.AdwareLinkury.hm 20180723
Microsoft Backdoor:Win32/Plugx.L 20180723
eScan Gen:Variant.Razy.252672 20180723
NANO-Antivirus Trojan.Win32.Scar.dtldva 20180723
Palo Alto Networks (Known Signatures) generic.ml 20180723
Panda Trj/Genetic.gen 20180722
Qihoo-360 Win32/Trojan.9a9 20180723
Rising Trojan.Kryptik!8.8 (CLOUD) 20180723
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/Plugx-BK 20180723
Symantec Trojan.Gen 20180723
Tencent Win32.Trojan.Scar.Wnmn 20180723
TrendMicro BKDR_PLUGX.BHS 20180723
TrendMicro-HouseCall BKDR_PLUGX.BHS 20180723
VBA32 Trojan.Scar 20180720
VIPRE Trojan.Win32.Generic!BT 20180723
Webroot W32.Gen.BT 20180723
Yandex Trojan.Scar!o7hi8pZ/czw 20180720
Zillya Trojan.Scar.Win32.93102 20180720
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180723
Alibaba 20180713
Avast-Mobile 20180723
Babable 20180406
Bkav 20180723
ClamAV 20180723
CMC 20180723
Comodo 20180723
DrWeb 20180723
eGambit 20180723
Kingsoft 20180723
Malwarebytes 20180723
SUPERAntiSpyware 20180722
TACHYON 20180723
TheHacker 20180723
TotalDefense 20180722
Trustlook 20180723
ViRobot 20180723
Zoner 20180723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-23 05:05:33
Entry Point 0x000025D1
Number of sections 5
PE sections
PE imports
SystemFunction036
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
FlushFileBuffers
RtlUnwind
lstrlenW
FindFirstFileExW
GetStdHandle
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
lstrcpyW
RaiseException
WideCharToMultiByte
LoadLibraryW
TlsFree
FindNextFileW
SetUnhandledExceptionFilter
LoadLibraryExW
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetThreadContext
TerminateProcess
GetModuleHandleExW
IsValidCodePage
WriteFile
CreateFileW
FindClose
lstrcatW
Sleep
SetLastError
TlsSetValue
ExitProcess
GetCurrentThreadId
WriteConsoleW
LeaveCriticalSection
RegisterClassExW
CreateWindowExW
UpdateWindow
EndPaint
EndDialog
BeginPaint
GetMessageW
TranslateMessage
DefWindowProcW
LoadStringW
LoadCursorW
DialogBoxParamW
LoadAcceleratorsW
PostQuitMessage
ShowWindow
TranslateAcceleratorW
DispatchMessageW
DestroyWindow
Number of PE resources by type
RT_ICON 14
RT_GROUP_ICON 2
RT_DIALOG 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
CHINESE SIMPLIFIED 20
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:06:23 06:05:33+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
78848

LinkerVersion
14.0

FileTypeExtension
exe

InitializedDataSize
489472

SubsystemVersion
5.1

EntryPoint
0x25d1

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 62898b77bd9e8e286d6bc760f3e28981
SHA1 1c6a50e51203fda640b8535268bee657591d0ac5
SHA256 759e405351e6de779757695cc6fb1bce3cc6e3bb3ee4d24778d0cb2070091681
ssdeep
6144:yhARXL5SPOZ+BGcpiIh9D6XUlhl8hK6y6NIqistAlDFE4td:I+X1qDP9D6XJhz3zIW4t

authentihash 11edac143d9917da973875e124e3337153c9d08c56bf3beb51fbd5442983df52
imphash 47f4342644d92abf02a70987e58378ad
File size 546.0 KB ( 559104 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-24 04:45:30 UTC ( 3 years, 1 month ago )
Last submission 2015-07-14 06:15:18 UTC ( 3 years, 1 month ago )
File names ??? ??????????????.exe
豪外相 集団的自衛権の行使容認を支持.exe
‹ŠO‘Š W’c“IŽ©‰qŒ ‚̍sŽg—e”F‚ðŽxŽ.exe
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0DG115.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Opened mutexes
Runtime DLLs