× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 77ba349525b378b8cf774fff02ff11566e0a121a84813ab6c244c0e2475444af
File name: f29.exe
Detection ratio: 17 / 65
Analysis date: 2018-05-31 15:25:22 UTC ( 11 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Razy.336608 20180531
ALYac Gen:Variant.Razy.336608 20180531
Arcabit Trojan.Razy.D522E0 20180531
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9890 20180531
BitDefender Gen:Variant.Razy.336608 20180531
Bkav W32.eHeur.Malware14 20180531
Cylance Unsafe 20180531
Emsisoft Gen:Variant.Razy.336608 (B) 20180531
Endgame malicious (high confidence) 20180507
F-Secure Gen:Variant.Razy.336608 20180531
GData Gen:Variant.Razy.336608 20180531
Sophos ML heuristic 20180503
MAX malware (ai score=82) 20180531
eScan Gen:Variant.Razy.336608 20180531
Qihoo-360 HEUR/QVM19.1.8817.Malware.Gen 20180531
SentinelOne (Static ML) static engine - malicious 20180225
VBA32 BScope.TrojanBanker.Emotet 20180531
AegisLab 20180531
AhnLab-V3 20180531
Alibaba 20180530
Antiy-AVL 20180531
Avast 20180531
Avast-Mobile 20180531
AVG 20180531
Avira (no cloud) 20180531
AVware 20180531
Babable 20180406
CAT-QuickHeal 20180531
ClamAV 20180531
CMC 20180529
Comodo 20180531
CrowdStrike Falcon (ML) 20180202
Cybereason None
Cyren 20180531
DrWeb 20180531
eGambit 20180531
ESET-NOD32 20180531
F-Prot 20180531
Fortinet 20180531
Ikarus 20180531
Jiangmin 20180531
K7AntiVirus 20180530
K7GW 20180531
Kaspersky 20180531
Kingsoft 20180531
Malwarebytes 20180531
McAfee 20180530
McAfee-GW-Edition 20180531
Microsoft 20180531
NANO-Antivirus 20180531
nProtect 20180531
Palo Alto Networks (Known Signatures) 20180531
Panda 20180531
Rising 20180531
Sophos AV 20180531
SUPERAntiSpyware 20180531
Symantec 20180531
Symantec Mobile Insight 20180525
Tencent 20180531
TheHacker 20180531
TotalDefense 20180531
TrendMicro 20180531
TrendMicro-HouseCall 20180531
Trustlook 20180531
VIPRE 20180531
ViRobot 20180531
Webroot 20180531
Yandex 20180529
ZoneAlarm by Check Point 20180531
Zoner 20180530
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-04-17 18:24:07
Entry Point 0x000075F8
Number of sections 4
PE sections
Overlays
MD5 47b76253a284ef041a7fa419a76a1cb7
File type data
Offset 101376
Size 7880
Entropy 7.50
PE imports
CmMalloc
CmRealloc
CmAtolA
Ctl3dRegister
Ctl3dGetVer
SystemTimeToFileTime
GetFileAttributesA
WaitForSingleObject
lstrlen
CreateJobObjectW
GetTickCount
TlsAlloc
LoadLibraryA
lstrlenW
LoadLibraryExA
GetCommandLineW
GetProcAddress
FindNextFileW
FindResourceExW
lstrcpy
GetTempFileNameA
SetLocalTime
CreateProcessA
CreateEventW
ReadConsoleW
TlsSetValue
CreateFileA
InterlockedIncrement
CloseHandle
InsertMenuA
MessageBoxExA
LoadImageW
LoadIconA
DispatchMessageA
CharToOemW
PostMessageA
LoadBitmapA
GetMessageW
GetWindow
LoadMenuW
GetClassLongA
Number of PE resources by type
RT_RCDATA 3
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:04:17 19:24:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
42496

LinkerVersion
7.0

EntryPoint
0x75f8

InitializedDataSize
56320

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 e4468d820eb6271bb11af563ca4ab69d
SHA1 1b23790452a5b0ffc942e4ebf464989d7ee1a5e9
SHA256 77ba349525b378b8cf774fff02ff11566e0a121a84813ab6c244c0e2475444af
ssdeep
1536:wbVc8rAS3W19vIBuI6KsgMI++rox6MfV/+uzISAIwij:xSKU+KrzoFB9

authentihash 6d6b189af040da037e11f205f22c0727113ceb3343b4dd78f9742ffbed7f6e25
imphash 2fca35e64c0539bb9af1312e085f7c96
File size 106.7 KB ( 109256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-05-31 15:25:22 UTC ( 11 months, 3 weeks ago )
Last submission 2018-06-03 09:50:38 UTC ( 11 months, 3 weeks ago )
File names 744ff38a55cb1d8b0ae91b05c9d92e7429d783bb
f29.exe
aijshuib.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs