× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 76a14a40ecbb740ec6158d1969edc71c33505d763e7ae0037574c6ab4733af93
File name: levinsky8.exe
Detection ratio: 10 / 60
Analysis date: 2017-05-23 15:12:02 UTC ( 3 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Sagecrypt.Gen 20170523
Endgame malicious (moderate confidence) 20170515
Ikarus Win32.Outbreak 20170523
Sophos ML virus.win32.sality.at 20170519
Kaspersky UDS:DangerousObject.Multi.Generic 20170523
Palo Alto Networks (Known Signatures) generic.ml 20170523
SentinelOne (Static ML) static engine - malicious 20170516
Symantec ML.Attribute.HighConfidence 20170523
Webroot W32.Trojan.Gen 20170523
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20170523
Ad-Aware 20170523
AegisLab 20170523
Alibaba 20170523
ALYac 20170523
Antiy-AVL 20170523
Arcabit 20170523
Avast 20170523
AVG 20170523
Avira (no cloud) 20170523
AVware 20170523
BitDefender 20170523
Bkav 20170523
CAT-QuickHeal 20170523
ClamAV 20170523
CMC 20170523
Comodo 20170523
CrowdStrike Falcon (ML) 20170130
Cyren 20170523
DrWeb 20170523
Emsisoft 20170523
ESET-NOD32 20170523
F-Prot 20170523
F-Secure 20170523
Fortinet 20170523
GData 20170523
Jiangmin 20170523
K7AntiVirus 20170523
K7GW 20170523
Kingsoft 20170523
Malwarebytes 20170523
McAfee 20170523
McAfee-GW-Edition 20170523
Microsoft 20170523
eScan 20170523
NANO-Antivirus 20170523
nProtect 20170523
Panda 20170522
Qihoo-360 20170523
Rising 20170523
Sophos AV 20170523
SUPERAntiSpyware 20170523
Symantec Mobile Insight 20170523
Tencent 20170523
TheHacker 20170522
TrendMicro 20170523
TrendMicro-HouseCall 20170523
Trustlook 20170523
VBA32 20170523
VIPRE 20170523
ViRobot 20170523
WhiteArmor 20170517
Yandex 20170518
Zillya 20170523
Zoner 20170523
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright ©Intarcia Therapeutics. All rights reserved.

Product Unix
Original name Unix
File version 2.6.4.6
Description Discriminatr Fragile Behind ‘cause Retrarch
Comments Discriminatr Fragile Behind ‘cause Retrarch
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-23 11:06:03
Entry Point 0x00004115
Number of sections 4
PE sections
PE imports
BuildTrusteeWithSidA
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetEntriesInAclA
GetNamedSecurityInfoA
CryptUIDlgSelectCertificateFromStore
ExtTextOutW
DeleteDC
SelectObject
GetTextExtentPoint32W
TextOutA
CreateSolidBrush
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
Rectangle
CreateToolhelp32Snapshot
GetLastError
TlsGetValue
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
GetOEMCP
QueryPerformanceCounter
HeapDestroy
GetTickCount
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
lstrlenW
Process32Next
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
CreateActCtxA
GetLocaleInfoA
GetCurrentProcessId
UnhandledExceptionFilter
WideCharToMultiByte
ExitProcess
LoadLibraryExW
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
IsDebuggerPresent
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
RaiseException
GetCPInfo
GetStringTypeA
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
LocalFree
TerminateProcess
GetModuleFileNameA
LCMapStringA
InitializeCriticalSection
HeapCreate
GlobalAlloc
VirtualFree
InterlockedDecrement
Sleep
GetFileType
TlsSetValue
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
VariantChangeType
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
wnsprintfW
PathIsFileSpecA
PathIsNetworkPathA
PathIsSameRootW
PathIsLFNFileSpecA
GetCursorInfo
BeginPaint
EnumWindows
SetMenuItemInfoA
DestroyMenu
DefWindowProcA
CheckMenuRadioItem
DrawFrameControl
SetWindowPos
GetSystemMetrics
IsWindow
GetWindowRect
EndPaint
MoveWindow
DialogBoxParamA
GetDC
ReleaseDC
GetIconInfo
GetMenu
LoadStringA
SendMessageA
GetClientRect
GetDlgItem
GetNextDlgTabItem
wsprintfA
SetTimer
DrawTextA
GetMenuItemCount
LoadImageA
GetMenuItemInfoA
DialogBoxIndirectParamA
DestroyWindow
CredUIPromptForCredentialsA
CoTaskMemFree
PdhBrowseCountersA
Number of PE resources by type
RT_BITMAP 13
RT_GROUP_CURSOR 8
RT_STRING 8
RT_ICON 8
RT_CURSOR 7
RT_RCDATA 3
RCDATA 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 53
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

Comments
Discriminatr Fragile Behind cause Retrarch

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.6.4.6

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Discriminatr Fragile Behind cause Retrarch

CharacterSet
Unicode

InitializedDataSize
163840

PrivateBuild
2.6.4.6

EntryPoint
0x4115

OriginalFileName
Unix

MIMEType
application/octet-stream

LegalCopyright
Copyright Intarcia Therapeutics. All rights reserved.

FileVersion
2.6.4.6

TimeStamp
2017:05:23 12:06:03+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.6.4.6

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Intarcia Therapeutics

CodeSize
65536

ProductName
Unix

ProductVersionNumber
2.6.4.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 56185d85038547ec352a0f39396a37a7
SHA1 0e2ebcbf00d0bb4f5cfe8470ab48fecd1eb4d5ab
SHA256 76a14a40ecbb740ec6158d1969edc71c33505d763e7ae0037574c6ab4733af93
ssdeep
3072:4ENGIUsXitoMWVpa/mJRJthaj/Aa6zd7/zb:VjUs/MWVIuJvfaj/sd

authentihash da5aa57ac88c105aa86ed87b1194bda735ca67d44a1c002737bd708d6ee62bb4
imphash 9790d10a32e9a92e10fb0802229ed2b6
File size 228.0 KB ( 233472 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-05-23 12:25:11 UTC ( 3 months ago )
Last submission 2017-08-02 08:28:51 UTC ( 3 weeks ago )
File names 76a14a40ecbb740ec6158d1969edc71c33505d763e7ae0037574c6ab4733af93.exe
fgJds2U.exe
fgJds2U.exe
levinsky8.exe.3792.dr
fgJds2U.exe
fgJds2U.exe
6ab4733af93.exe
fgJds2U.exe
localfile~
Unix
jaff ransomware
fgjds2u.exe
setup360.vir.DNvir
levinsky8.exe
levinsky8.exe.file_56185d85038547ec352a0f39396a37a7
fgJds2U.malware
sample (21).exe%vir
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections
UDP communications