× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7a442700816d7e125209fbf1f13bf1f0f7b62893ea42899ecf863b300226ce5e
File name: 7e4dca80246863e3.exe
Detection ratio: 31 / 68
Analysis date: 2018-09-26 19:32:54 UTC ( 6 months, 3 weeks ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.ZBot.C2729081 20180926
Avast Win32:Malware-gen 20180926
AVG Win32:Malware-gen 20180926
Bkav HW32.Packed. 20180925
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.94a892 20180225
Cylance Unsafe 20180926
Cyren W32/Trojan.GLRZ-8860 20180926
DrWeb Trojan.MulDrop8.41558 20180926
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/Spy.Zbot.ADC 20180926
Fortinet W32/Zbot.ADC!tr.spy 20180926
GData Win32.Backdoor.Zeus.EGT34D 20180926
Ikarus Trojan-Spy.Agent 20180926
Sophos ML heuristic 20180717
Kaspersky Trojan-Spy.Win32.Panda.cay 20180926
Malwarebytes Trojan.Injector 20180926
McAfee RDN/Generic PWS.y 20180926
McAfee-GW-Edition RDN/Generic PWS.y 20180926
NANO-Antivirus Trojan.Win32.Panda.figvsw 20180926
Palo Alto Networks (Known Signatures) generic.ml 20180926
Panda Trj/GdSda.A 20180926
Qihoo-360 Win32/Trojan.Spy.0fb 20180926
Rising Spyware.Zbot!8.16B (CLOUD) 20180926
Sophos AV Mal/Generic-S 20180926
Symantec Trojan Horse 20180926
TrendMicro TROJ_FRS.0NA103IP18 20180926
TrendMicro-HouseCall TROJ_FRS.0NA103IP18 20180926
VBA32 Trojan.MulDrop 20180926
Webroot W32.Trojan.Gen 20180926
ZoneAlarm by Check Point Trojan-Spy.Win32.Panda.cay 20180925
Ad-Aware 20180926
AegisLab 20180926
Alibaba 20180921
ALYac 20180926
Antiy-AVL 20180926
Arcabit 20180926
Avast-Mobile 20180926
Avira (no cloud) 20180926
AVware 20180925
Babable 20180918
Baidu 20180926
BitDefender 20180926
CAT-QuickHeal 20180926
ClamAV 20180926
CMC 20180926
Comodo 20180926
eGambit 20180926
Emsisoft 20180926
F-Prot 20180926
F-Secure 20180926
Jiangmin 20180926
K7AntiVirus 20180926
K7GW 20180926
Kingsoft 20180926
MAX 20180926
Microsoft 20180929
eScan 20180926
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180926
Tencent 20180926
TheHacker 20180924
TotalDefense 20180925
Trustlook 20180926
ViRobot 20180926
Yandex 20180926
Zillya 20180926
Zoner 20180926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-18 16:45:13
Entry Point 0x00007A1D
Number of sections 5
PE sections
PE imports
SetThreadLocale
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetLocaleInfoA
lstrcatA
SetErrorMode
GetFullPathNameA
GetCPInfo
GetStringTypeA
WriteFile
GetStringTypeW
SetFileAttributesA
MoveFileA
InitializeCriticalSection
FindClose
TlsGetValue
SetLastError
ExitProcess
GetModuleFileNameA
GetVolumeInformationA
SetConsoleCtrlHandler
GetUserDefaultLCID
UnhandledExceptionFilter
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
GlobalMemoryStatus
VirtualQuery
LocalFileTimeToFileTime
GetVersion
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
DeleteVolumeMountPointA
GetStartupInfoA
DeleteFileA
GetProcAddress
GetProcessHeap
FindFirstFileA
lstrcpyA
FindNextFileA
IsValidLocale
GlobalLock
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
lstrlenA
GlobalFree
LCMapStringA
GlobalUnlock
GlobalAlloc
RemoveDirectoryA
GetShortPathNameA
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
CancelIo
GetSystemDefaultLangID
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetCurrentThreadId
WideCharToMultiByte
VirtualFree
GetLongPathNameA
VirtualAlloc
Number of PE resources by type
RT_ICON 9
RT_DIALOG 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:05:18 17:45:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
180736

LinkerVersion
8.0

ImageFileCharacteristics
Executable

EntryPoint
0x7a1d

InitializedDataSize
36352

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
File identification
MD5 9526e80ac3e3cbb0a359281eeaa2c255
SHA1 0ae949b94a892691cf87be8c188ea4e0dd3103e4
SHA256 7a442700816d7e125209fbf1f13bf1f0f7b62893ea42899ecf863b300226ce5e
ssdeep
3072:6sSENMOiiPf9yB30t7kucCdRJjV0vLQ+4DOAO9EpPw9kOXJ1lUVDpYNrvDZH:7SMMOd5YucCdDB6LV4D6iOXDlUNpY3H

authentihash 0738b1278a0da33d437c9554a47e085cedf3cc6bf54b7084b476229bad22ee88
imphash 95c799d22fc91f15c49faa0484d52c12
File size 212.5 KB ( 217600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID Win32 Executable (generic) (35.8%)
OS/2 Executable (generic) (16.1%)
Clipper DOS Executable (16.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-09-24 15:27:09 UTC ( 6 months, 4 weeks ago )
Last submission 2018-10-01 20:36:49 UTC ( 6 months, 3 weeks ago )
File names web data-journal.exe
places.exe
2018-09-24-Zeus-Panda-Banker-caused-by-Hancitor-infection.exe
7e4dca80246863e3.exe
session.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs