× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 76179b6102a4abf606afaae5c695d9deac4db66b9fa616b8dddfd795151e8ccb
Detection ratio: 53 / 66
Analysis date: 2018-08-08 00:41:46 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.110543 20180808
AegisLab Trojan.Win32.Generic.4!c 20180808
AhnLab-V3 Trojan/Win32.Bancos.R115903 20180807
ALYac Spyware.PWS.KRBanker.acu 20180808
Antiy-AVL Trojan/Win32.Unknown 20180808
Avast Win32:Malware-gen 20180808
AVG Win32:Malware-gen 20180808
Avira (no cloud) HEUR/AGEN.1020595 20180807
AVware Trojan-Downloader.Win32.Delf 20180727
BitDefender Gen:Variant.Strictor.110543 20180808
Bkav W32.GracindAD.Trojan 20180807
CAT-QuickHeal TrojanDownloader.Delf 20180807
ClamAV Win.Trojan.Banload-2109 20180807
Comodo UnclassifiedMalware 20180807
CrowdStrike Falcon (ML) malicious_confidence_60% (W) 20180723
Cybereason malicious.a7bbc6 20180225
Cylance Unsafe 20180808
Cyren W32/Delfloader.U.gen!Eldorado 20180807
DrWeb Trojan.DownLoader7.2773 20180808
Emsisoft Gen:Variant.Strictor.110543 (B) 20180807
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 a variant of Win32/TrojanDownloader.Banload.RUG 20180807
F-Secure Gen:Variant.Strictor.110543 20180807
Fortinet W32/Agentb.ANHT!tr 20180808
GData Gen:Variant.Strictor.110543 20180808
Jiangmin Trojan/Agentb.aeo 20180807
K7AntiVirus Trojan ( 7000000f1 ) 20180807
K7GW Trojan ( 7000000f1 ) 20180808
Kaspersky HEUR:Trojan.Win32.Generic 20180807
Kingsoft Win32.Troj.Generic.a.(kcloud) 20180808
Malwarebytes Trojan.Banker 20180807
MAX malware (ai score=100) 20180808
McAfee Artemis!A599836A7BBC 20180808
McAfee-GW-Edition GenericR-APF!76312A26380A 20180808
eScan Gen:Variant.Strictor.110543 20180807
NANO-Antivirus Trojan.Win32.Delf.brlpvb 20180808
Palo Alto Networks (Known Signatures) generic.ml 20180808
Panda Trj/Genetic.gen 20180807
Qihoo-360 Win32/Trojan.Multi.daf 20180808
Rising Downloader.Banload!8.15B (CLOUD) 20180808
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Troj/Trackr-F 20180807
Symantec Ransom.Cryptolocker 20180807
TACHYON Trojan/W32.Agentb.1432576 20180808
Tencent Win32.Trojan.Generic.Lmuj 20180808
TheHacker Trojan/Downloader.Banload.rug 20180807
TrendMicro TSPY_POSHOOK.A 20180807
TrendMicro-HouseCall TSPY_POSHOOK.A 20180807
VBA32 TrojanPSW.Delf 20180806
VIPRE Trojan-Downloader.Win32.Delf 20180808
ViRobot Trojan.Win32.Agent.457728.E 20180807
Yandex Trojan.DL.Delf!oQ5cONWzmMA 20180807
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180808
Alibaba 20180713
Arcabit 20180808
Avast-Mobile 20180807
Babable 20180725
Baidu 20180807
CMC 20180807
eGambit 20180808
F-Prot 20180808
Sophos ML 20180717
Microsoft 20180808
SUPERAntiSpyware 20180808
Symantec Mobile Insight 20180801
TotalDefense 20180807
Trustlook 20180808
Zillya 20180807
Zoner 20180807
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
Command UPX
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-25 13:59:38
Entry Point 0x0016D9A0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ImageList_Add
AlphaBlend
IsEqualGUID
VariantCopy
VerQueryValueW
OpenPrinterW
Number of PE resources by type
RT_STRING 25
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 4
RT_ICON 3
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 28
ENGLISH US 15
PORTUGUESE BRAZILIAN 5
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:09:25 15:59:38+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
438272

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x16d9a0

InitializedDataSize
20480

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
1056768

File identification
MD5 a599836a7bbc68a5e712d48bb6319951
SHA1 d72a0b8e7117f0c5e2ef0901bc58274ea41c9d3a
SHA256 76179b6102a4abf606afaae5c695d9deac4db66b9fa616b8dddfd795151e8ccb
ssdeep
6144:mvAJZdsNucJ7M5yLTaI33zqedMwBC8y2AjeS/M5wCgKDv/RFBWZnSMlwdICk:mYJsNucuAe1FGq2oH/4wCgiRScdICk

authentihash 42af39e7f24b0261b024856110315c025f1b43f22456ecbc7b94b60213719f7d
imphash 4ce3dc6aadd56ab4dfbb4d1e6f555a73
File size 447.0 KB ( 457728 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-12-01 09:15:24 UTC ( 6 years, 5 months ago )
Last submission 2018-05-15 00:02:41 UTC ( 1 year ago )
File names malekal_a599836a7bbc68a5e712d48bb6319951
A599836A7BBC68A5E712D48BB6319951
vti-rescan
svchosts.exe
mmon32.exe
11822567
mmon32.exe
output.17666493.txt
project.exe
ProjectHook.exe.vir
output.11822567.txt
dnserv.exe
winvnc.exe
17666493
ProjectHook.exe
system.exe
a599836a7bbc68a5e712d48bb6319951
micros.exe
76179b6102a4abf606afaae5c695d9deac4db66b9fa616b8dddfd795151e8ccbanalysis
file-6035015_exe
svchost.exe
svchost[1].exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications