× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7a3520ae2c90f9dd42293b5f89589ba1b50b575111cbae6b2edba0e6d0394b5c
File name: kopergos.ri
Detection ratio: 52 / 68
Analysis date: 2018-09-18 07:28:23 UTC ( 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40347013 20180917
AegisLab Ml.Attribute.Gen!c 20180918
AhnLab-V3 Malware/Win32.Generic.C2637545 20180917
ALYac Trojan.Trickster.Gen 20180918
Antiy-AVL Trojan[Banker]/Win32.Trickster 20180918
Arcabit Trojan.Generic.D267A585 20180918
Avast Win32:Malware-gen 20180918
AVG Win32:Malware-gen 20180918
Avira (no cloud) TR/Crypt.XPACK.Gen 20180918
AVware Win32.Malware!Drop 20180918
BitDefender Trojan.GenericKD.40347013 20180918
CAT-QuickHeal Trojanbanker.Trickster 20180917
Comodo UnclassifiedMalware 20180918
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.8fcdb3 20180225
Cylance Unsafe 20180918
Cyren W32/Trojan.AZWA-4213 20180918
DrWeb Trojan.Trick.45128 20180918
Emsisoft Trojan.GenericKD.40347013 (B) 20180918
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Generik.HLZZQKE 20180918
F-Prot W32/Trojan2.PYJT 20180918
F-Secure Trojan.GenericKD.40347013 20180918
Fortinet W32/Generik.HLZZQKE!tr 20180918
GData Trojan.GenericKD.40347013 20180918
Ikarus Trojan.SuspectCRC 20180917
Sophos ML heuristic 20180717
Jiangmin Trojan.Banker.Trickster.bj 20180918
K7AntiVirus Trojan ( 005395491 ) 20180918
K7GW Trojan ( 005395491 ) 20180918
Kaspersky Trojan-Banker.Win32.Trickster.dc 20180918
MAX malware (ai score=100) 20180918
McAfee RDN/PWS-Banker 20180918
McAfee-GW-Edition RDN/PWS-Banker 20180918
Microsoft Trojan:Win32/MereTam.A 20180918
eScan Trojan.GenericKD.40347013 20180918
Palo Alto Networks (Known Signatures) generic.ml 20180918
Panda Trj/GdSda.A 20180917
Qihoo-360 HEUR/QVM06.2.CC39.Malware.Gen 20180918
Rising Trojan.MereTam!8.E4CE (CLOUD) 20180918
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Troj/TrickBo-EG 20180918
Symantec Trojan.Trickybot 20180918
Tencent Win32.Trojan-banker.Trickster.Wpjt 20180918
TrendMicro TSPY_TRICKBOT.THHOFAH 20180918
TrendMicro-HouseCall TSPY_TRICKBOT.THHOFAH 20180918
VBA32 BScope.TrojanBanker.Trickster 20180917
VIPRE Win32.Malware!Drop 20180918
ViRobot Trojan.Win32.Z.Trickster.487424 20180918
Webroot W32.Trojan.Gen 20180918
Zillya Trojan.GenericKD.Win32.143429 20180917
ZoneAlarm by Check Point Trojan-Banker.Win32.Trickster.dc 20180918
Alibaba 20180713
Avast-Mobile 20180917
Babable 20180918
Baidu 20180914
Bkav 20180917
ClamAV 20180918
CMC 20180917
eGambit 20180918
Kingsoft 20180918
Malwarebytes 20180918
NANO-Antivirus 20180918
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180911
TACHYON 20180918
TheHacker 20180914
TotalDefense 20180918
Trustlook 20180918
Yandex 20180917
Zoner 20180917
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-02 11:01:08
Entry Point 0x000064A9
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateFileMappingW
GetStartupInfoA
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
UnmapViewOfFile
CreateFileW
ExitProcess
HeapAlloc
CloseHandle
CreateFileMappingA
CreateFileA
GetCommandLineA
Sleep
GetProcessHeap
SysFreeString
SysAllocString
SetFocus
UpdateWindow
GetScrollRange
PostQuitMessage
DefWindowProcW
IsWindow
GetMessageW
ShowWindow
SetClipboardViewer
GetSystemMetrics
MessageBoxW
GetWindowRect
SetCapture
PostMessageW
GetDC
SendMessageW
TranslateAcceleratorW
RegisterClassW
GetWindowLongW
IsWindowVisible
GetWindowPlacement
SetWindowTextW
SetCaretPos
SetScrollRange
DispatchMessageW
CallWindowProcW
GetClassNameW
FillRect
GetWindowTextW
GetDesktopWindow
LoadCursorW
LoadIconW
CreateWindowExW
ScrollWindow
DestroyWindow
SetCursor
CoUninitialize
CoInitialize
CoCreateInstanceEx
Number of PE resources by type
RT_BITMAP 3
RT_MENU 2
RT_DIALOG 1
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.2

LanguageCode
Unknown (4012)

FileFlagsMask
0x0000

FileDescription
Vambezino Ltd. Gui application

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unknown (C042)

InitializedDataSize
271872

EntryPoint
0x64a9

OriginalFileName
vamezi

MIMEType
application/octet-stream

LegalCopyright
Vambezino. All rights reserved. 2017

FileVersion
1.0.0.2

TimeStamp
2017:09:02 12:01:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Vambezino

ProductVersion
1.0.0.2

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Vambezino Ltd.

CodeSize
216064

ProductName
Vambezino Inform

ProductVersionNumber
1.0.0.2

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 62d9c9376b8390e6bc155b1a9e0207da
SHA1 e95e5758fcdb39a2aa56c6aa6ca61b8c8d2be44e
SHA256 7a3520ae2c90f9dd42293b5f89589ba1b50b575111cbae6b2edba0e6d0394b5c
ssdeep
12288:e/9ujWAlfOeKLHMrTKJ5afybytVR+mr9zpFI4if2JlBgXLwBXNqqIEo55CPvAhkb:AujPOyTBfmytVR+mr9zpFIxf2JlBgXLq

authentihash 210e47b8a00cb518e4a5fa2ab3967eff58c720e6c3486770944eb06c1471419c
imphash 24ed7a2237de249d8bd19a51b0655494
File size 476.0 KB ( 487424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-27 18:53:43 UTC ( 6 months, 3 weeks ago )
Last submission 2018-07-27 18:53:43 UTC ( 6 months, 3 weeks ago )
File names <SAMPLE.EXE>
frgfa.exe
kopergos.ri
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections