× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7af8d43a594ec9c543fb4fc7617a8440381c143ffbeb9700196fb4678f49cfb3
File name: 145764.exe
Detection ratio: 26 / 67
Analysis date: 2018-05-08 03:00:53 UTC ( 9 months, 2 weeks ago ) View latest
Antivirus Result Update
AegisLab Packer.Generic!c 20180508
Avast Win32:Malware-gen 20180508
AVG Win32:Malware-gen 20180508
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180507
BitDefender Trojan.GenericKD.30747927 20180508
Comodo CloudScanner.Trojan.Gen 20180508
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180418
Cybereason malicious.34507d 20180225
Cylance Unsafe 20180508
Emsisoft Trojan.GenericKD.30747927 (B) 20180508
Endgame malicious (high confidence) 20180507
ESET-NOD32 a variant of Win32/GenKryptik.BZDH 20180507
Fortinet W32/Kryptik.GFRO!tr 20180507
Sophos ML heuristic 20180503
Kaspersky UDS:DangerousObject.Multi.Generic 20180507
MAX malware (ai score=94) 20180508
McAfee RDN/Generic.grp 20180507
McAfee-GW-Edition BehavesLike.Win32.Generic.dh 20180507
Palo Alto Networks (Known Signatures) generic.ml 20180508
Rising Trojan.Kryptik!8.8 (TFE:3:7LGxmuAn8HE) 20180508
SentinelOne (Static ML) static engine - malicious 20180225
Symantec Packed.Generic.517 20180508
TrendMicro-HouseCall TROJ_GEN.R020H05E718 20180507
VBA32 Malware-Cryptor.Limpopo 20180507
Webroot W32.Trojan.Emotet 20180508
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180508
Ad-Aware 20180507
AhnLab-V3 20180507
Alibaba 20180508
Antiy-AVL 20180507
Arcabit 20180508
Avast-Mobile 20180507
Avira (no cloud) 20180508
AVware 20180428
Babable 20180406
Bkav 20180504
CAT-QuickHeal 20180507
ClamAV 20180507
CMC 20180507
Cyren 20180508
DrWeb 20180508
eGambit 20180508
F-Prot 20180507
F-Secure 20180507
GData 20180507
Ikarus 20180507
Jiangmin 20180508
K7AntiVirus 20180508
K7GW 20180507
Kingsoft 20180508
Malwarebytes 20180507
Microsoft 20180508
eScan 20180507
NANO-Antivirus 20180508
nProtect 20180508
Panda 20180507
Qihoo-360 20180508
Sophos AV 20180507
SUPERAntiSpyware 20180508
Symantec Mobile Insight 20180505
Tencent 20180508
TheHacker 20180504
TotalDefense 20180507
Trustlook 20180508
VIPRE 20180507
ViRobot 20180507
Yandex 20180506
Zillya 20180507
Zoner 20180507
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-07 20:00:38
Entry Point 0x00001337
Number of sections 5
PE sections
PE imports
SetUserFileEncryptionKey
AreAllAccessesGranted
GetROP2
DeleteObject
GetProcessId
GetCurrentProcess
GetProcessIoCounters
GetStringTypeA
GetSystemDefaultLocaleName
FindClose
GetSystemDefaultLCID
CreateMemoryResourceNotification
GetCommandLineA
LocalUnlock
SetHandleInformation
SetFileBandwidthReservation
GetAsyncKeyState
GetQueueStatus
IsDlgButtonChecked
IsWindowVisible
GetMessageExtraInfo
SetParent
GetClipboardSequenceNumber
SCardLocateCardsA
Number of PE resources by type
RT_STRING 11
RT_BITMAP 4
Number of PE resources by language
NEUTRAL 15
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:05:07 22:00:38+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
12288

LinkerVersion
13.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x1337

InitializedDataSize
0

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 bbd82d77300dc1450992fe2b8dd5b06b
SHA1 532362334507d4d4cce53f9490b382ce214ac6c9
SHA256 7af8d43a594ec9c543fb4fc7617a8440381c143ffbeb9700196fb4678f49cfb3
ssdeep
6144:KSPKaK7/mXf1kKrKhG3N+W1Y1ht2Q08BF/KkHGVJ/mVu+B0ukS+7Of:KwKaKzmXqKuhkNvC3g8r/KkSJ/+0G+78

authentihash 2c111e6404af4bc7dc97ca6fdcaa10a3ce903f9524cca6b915cc2c5ca8978d43
imphash e862750751dff995a9d0160b7556421a
File size 248.0 KB ( 253952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-07 20:40:56 UTC ( 9 months, 2 weeks ago )
Last submission 2018-05-27 17:44:13 UTC ( 9 months ago )
File names 51518.exe
145764.exe
43956.exe
1617.exe
27050.exe
56002.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!