× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 795e02802c51f8b13f9429d190be2408614fdf1d411487062dc8e41d656590cf
File name: ic.exe
Detection ratio: 43 / 70
Analysis date: 2019-02-22 21:03:50 UTC ( 2 months, 4 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKDZ.54042 20190222
AegisLab Trojan.Multi.Generic.4!c 20190222
AhnLab-V3 Win-Trojan/Gandcrab08.Exp 20190222
ALYac Trojan.GenericKDZ.54042 20190222
Arcabit Trojan.Generic.DD31A 20190222
Avast FileRepMalware 20190222
AVG FileRepMalware 20190222
Avira (no cloud) TR/Crypt.Agent.pzcye 20190222
BitDefender Trojan.GenericKDZ.54042 20190222
Comodo TrojWare.Win32.Injector.UOL@4q80ri 20190222
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20181023
Cylance Unsafe 20190222
DrWeb Trojan.PWS.Siggen2.8271 20190222
Emsisoft Trojan.GenericKDZ.54042 (B) 20190222
Endgame malicious (moderate confidence) 20190215
ESET-NOD32 a variant of Win32/Kryptik.GPKO 20190222
F-Secure Trojan.TR/Crypt.Agent.pzcye 20190222
Fortinet W32/GenKryptik.DABR!tr 20190222
GData Trojan.GenericKDZ.54042 20190222
Ikarus Trojan-Spy.Agent 20190222
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005471aa1 ) 20190222
K7GW Trojan ( 005471aa1 ) 20190222
Kaspersky Trojan-Spy.Win32.Noon.aaiv 20190222
Malwarebytes Spyware.PasswordStealer 20190222
MAX malware (ai score=100) 20190222
McAfee Artemis!7743EC2B7663 20190222
McAfee-GW-Edition BehavesLike.Win32.Fake.hm 20190222
Microsoft Trojan:Win32/Azden.A!cl 20190222
eScan Trojan.GenericKDZ.54042 20190222
NANO-Antivirus Trojan.Win32.Coins.fniavm 20190222
Palo Alto Networks (Known Signatures) generic.ml 20190222
Rising Dropper.Generic!8.35E (CLOUD) 20190222
Sophos AV Mal/Generic-S 20190222
Symantec Trojan Horse 20190222
Tencent Win32.Trojan.Inject.Auto 20190222
Trapmine malicious.high.ml.score 20190123
TrendMicro TROJ_GEN.F0C2C00BM19 20190222
TrendMicro-HouseCall TROJ_GEN.R002H0CBM19 20190222
Webroot W32.Trojan.GenKDZ 20190222
Yandex Trojan.Kryptik!3jzNoC1xSb4 20190222
ZoneAlarm by Check Point Trojan-Spy.Win32.Noon.aaiv 20190222
Alibaba 20180921
Antiy-AVL 20190222
Avast-Mobile 20190222
Babable 20180918
Baidu 20190215
Bkav 20190222
CAT-QuickHeal 20190222
ClamAV 20190222
CMC 20190222
Cybereason 20190109
Cyren 20190222
eGambit 20190222
F-Prot 20190222
Jiangmin 20190222
Kingsoft 20190222
Panda 20190222
Qihoo-360 20190222
SentinelOne (Static ML) 20190203
SUPERAntiSpyware 20190220
Symantec Mobile Insight 20190220
TACHYON 20190222
TheHacker 20190217
Trustlook 20190222
VBA32 20190222
VIPRE 20190222
ViRobot 20190222
Zillya 20190222
Zoner 20190222
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft Corporation. All rights reserved.

Product Microsoft® CoReXT
Original name GetTickCount.exe
Internal name GetTickCount
File version 1.0.9.48
Description Compute-IaaS-ProvisioningAgent master (535e3d9) Microsoft Azure®
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-20 22:28:06
Entry Point 0x000A1FE0
Number of sections 3
PE sections
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
Number of PE resources by type
RT_ICON 6
RT_RCDATA 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 2
PE resources
ExifTool file metadata
LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation.

SubsystemVersion
5.0

InitializedDataSize
372736

ImageVersion
0.0

ProductName
Microsoft CoReXT

FileVersionNumber
1.0.9.48

UninitializedDataSize
458752

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

PrivateBuild
(by azbldrun on AzBuildCU-Ma11)

FileTypeExtension
exe

OriginalFileName
GetTickCount.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.9.48

TimeStamp
2019:02:20 23:28:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
GetTickCount

ProductVersion
1.0.9.48

FileDescription
Compute-IaaS-ProvisioningAgent master (535e3d9) Microsoft Azure

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
204800

FileSubtype
0

ProductVersionNumber
1.0.9.48

EntryPoint
0xa1fe0

ObjectFileType
Executable application

Execution parents
File identification
MD5 7743ec2b766396876ba4b35a7e6d2c1a
SHA1 9bcc625a16d7a3f565e576e8c9568bb2a679a268
SHA256 795e02802c51f8b13f9429d190be2408614fdf1d411487062dc8e41d656590cf
ssdeep
12288:wpACU6sIcXvyw1/hhPhXhJhhHhhPhh3hh:YhSv7/hhPhXhJhhHhhPhh3hh

authentihash cc25f45bdff237af79634397c882043a9ad882b2e1b3290cc17312e69a4c3b72
imphash 6ed4f5f04d62b18d96b26d6db7c18840
File size 562.0 KB ( 575488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (61.2%)
Win32 Dynamic Link Library (generic) (14.8%)
Win32 Executable (generic) (10.2%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2019-02-22 08:47:41 UTC ( 2 months, 4 weeks ago )
Last submission 2019-02-24 00:06:57 UTC ( 2 months, 4 weeks ago )
File names pxg.exe
rwx.exe
GetTickCount.exe
wfb.exe
795e02802c51f8b13f9429d190be2408614fdf1d411487062dc8e41d656590cf.exe
sbd.exe
oqp.exe
rps.exe
fnj.exe
gms.exe
ic.exe
piy.exe
GetTickCount
imb.exe
jpo.exe
kae.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs