× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7633a4d92e136f4c749d8191fad227c5f057329677f37069854aff2f82eff527
File name: v2.1-WindowsC++.exe
Detection ratio: 30 / 68
Analysis date: 2018-10-06 07:24:58 UTC ( 6 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.397073 20181006
AhnLab-V3 Malware/Win32.Generic.C2729325 20181005
ALYac Gen:Variant.Razy.397073 20181006
Arcabit Trojan.Razy.D60F11 20181006
Avast Win32:MalwareX-gen [Trj] 20181006
AVG Win32:MalwareX-gen [Trj] 20181006
Avira (no cloud) HEUR/AGEN.1031264 20181005
BitDefender Gen:Variant.Razy.397073 20181006
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180723
Cybereason malicious.8bab0b 20180225
Cylance Unsafe 20181006
DrWeb Trojan.MinerENT.4 20181006
Emsisoft Gen:Variant.Razy.397073 (B) 20181006
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/CoinMiner.BPE 20181006
F-Secure Gen:Variant.Razy.397073 20181006
GData Gen:Variant.Razy.397073 20181006
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 005386211 ) 20181006
K7GW Trojan ( 005386211 ) 20181006
MAX malware (ai score=89) 20181006
McAfee GenericRXGF-JQ!ADA7B668BAB0 20181006
McAfee-GW-Edition GenericRXGF-JQ!ADA7B668BAB0 20181006
Microsoft Trojan:Win32/Fuerboos.C!cl 20181006
eScan Gen:Variant.Razy.397073 20181006
Qihoo-360 HEUR/QVM20.1.56C9.Malware.Gen 20181006
Rising Malware.Heuristic!ET#86% (RDM+:cmRtazobnmAjiYLLUE+qo4kwnT06) 20181006
SUPERAntiSpyware Hack.Tool/Gen-BitCoinMiner 20181006
Symantec ML.Attribute.HighConfidence 20181005
Webroot W32.Trojan.Gen 20181006
AegisLab 20181006
Alibaba 20180921
Antiy-AVL 20181005
Avast-Mobile 20181006
AVware 20180925
Babable 20180918
Baidu 20180930
Bkav 20181005
CAT-QuickHeal 20181005
ClamAV 20181006
CMC 20181006
Comodo 20181006
Cyren 20181006
eGambit 20181006
F-Prot 20181006
Fortinet 20181006
Ikarus 20181005
Jiangmin 20181006
Kaspersky 20181006
Kingsoft 20181006
Malwarebytes 20181006
NANO-Antivirus 20181006
Palo Alto Networks (Known Signatures) 20181006
Panda 20181005
SentinelOne (Static ML) 20180926
Sophos AV 20181006
Symantec Mobile Insight 20181001
TACHYON 20181006
Tencent 20181006
TheHacker 20181001
TrendMicro 20181006
TrendMicro-HouseCall 20181006
Trustlook 20181006
VBA32 20181005
VIPRE 20181006
ViRobot 20181005
Yandex 20181005
Zillya 20181005
ZoneAlarm by Check Point 20181006
Zoner 20181005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-10-02 08:54:40
Entry Point 0x0000ED24
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
GetStdHandle
ReleaseMutex
WaitForSingleObject
EncodePointer
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
EnumSystemLocalesW
FreeEnvironmentStringsW
InitializeSListHead
GetThreadContext
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
IsWow64Process
OutputDebugStringW
FindClose
TlsGetValue
SetLastError
GetSystemTime
CopyFileA
HeapAlloc
GetModuleFileNameA
RaiseException
FreeLibrary
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
CreateMutexA
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
GetModuleHandleExW
SetEndOfFile
GetCurrentThreadId
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
OpenProcess
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
Process32Next
Process32First
CreateDirectoryA
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
FindFirstFileExA
FindFirstFileA
FindNextFileA
IsValidLocale
GetProcAddress
CreateFileW
GetConsoleWindow
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
GetConsoleCP
GetEnvironmentStringsW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
ReadConsoleW
TlsFree
ReadFile
CloseHandle
OpenMutexW
GetACP
GetModuleHandleW
GetFileAttributesExW
CreateProcessA
IsValidCodePage
Sleep
GetModuleFileNameExA
ShellExecuteA
PathFileExistsA
GetWindowThreadProcessId
GetWindowTextLengthA
GetForegroundWindow
EnumDisplayDevicesA
MessageBoxA
GetWindowTextA
ShowWindow
GetLastInputInfo
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetCheckConnectionA
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:10:02 09:54:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
176640

LinkerVersion
14.14

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xed24

InitializedDataSize
70144

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Execution parents
File identification
MD5 ada7b668bab0bef9cf186c130c6bae26
SHA1 22bbca9af9d1aae0c6d847e3b80bd85f8249cd43
SHA256 7633a4d92e136f4c749d8191fad227c5f057329677f37069854aff2f82eff527
ssdeep
6144:tjPzQe4ENm2eK7mnoUSgpAY8ODcDcm7cIsMBGt0rCB+zAPXGJNrP/PAO/G2:jRW0rCBUAql/PB

authentihash 2797609d8d9c9f4ca39265ad8a863e27e872c1725faf12e8ef565e0caeabf19e
imphash 77b8496967f164d0acc85204398c1def
File size 238.5 KB ( 244224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2018-10-06 07:24:58 UTC ( 6 months, 2 weeks ago )
Last submission 2018-11-09 05:27:42 UTC ( 5 months, 2 weeks ago )
File names v2.1-WindowsC++.exe
ada7b668bab0bef9cf186c130c6bae26
v2.1-WindowsC++.exe
gxoo.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.