× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7b5b723570f019d9b35cf421384c895ebdc63e1325bcba91001f1e1af497384e
File name: 6ace098066b82cd4e6ad5bbdc9954b0d
Detection ratio: 36 / 67
Analysis date: 2017-10-21 14:18:10 UTC ( 1 year, 5 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6131166 20171021
AegisLab Troj.Fakeav.Smby!c 20171021
Antiy-AVL Trojan/Win32.TSGeneric 20171021
Arcabit Trojan.Generic.D5D8DDE 20171021
Avast FileRepMalware 20171021
AVG FileRepMalware 20171021
Avira (no cloud) TR/Crypt.ZPACK.szlkd 20171021
AVware Trojan.Win32.Generic!BT 20171021
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9974 20171020
BitDefender Trojan.GenericKD.6131166 20171021
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171021
eGambit malicious_confidence_95% 20171021
Emsisoft Trojan.GenericKD.6131166 (B) 20171021
Endgame malicious (high confidence) 20171016
ESET-NOD32 Win32/TrickBot.V 20171021
F-Secure Trojan.GenericKD.6131166 20171021
Fortinet W32/Kryptik.FXUX!tr 20171021
Ikarus Trojan.Win32.Trickbot 20171021
Sophos ML heuristic 20170914
Kaspersky Backdoor.Win32.Agent.tevez 20171021
MAX malware (ai score=34) 20171021
McAfee Artemis!6ACE098066B8 20171021
McAfee-GW-Edition BehavesLike.Win32.Ransomware.gc 20171021
eScan Trojan.GenericKD.6131166 20171021
Palo Alto Networks (Known Signatures) generic.ml 20171021
Panda Trj/Genetic.gen 20171021
Rising Malware.Heuristic!ET#91% (RDM+:cmRtazog6PjUUwmljxKAPahdEDO8) 20171021
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/Generic-S 20171021
Symantec SecurityRisk.gen1 20171020
TrendMicro TROJ_FAKEAV.SMBY 20171021
TrendMicro-HouseCall TROJ_FAKEAV.SMBY 20171021
VIPRE Trojan.Win32.Generic!BT 20171021
WhiteArmor Malware.HighConfidence 20171016
ZoneAlarm by Check Point Backdoor.Win32.Agent.tevez 20171021
AhnLab-V3 20171021
Alibaba 20170911
ALYac 20171021
Avast-Mobile 20171021
Bkav 20171020
CAT-QuickHeal 20171020
ClamAV 20171021
CMC 20171018
Comodo 20171021
Cyren 20171021
DrWeb 20171021
F-Prot 20171021
GData 20171021
Jiangmin 20171021
K7AntiVirus 20171019
K7GW 20171021
Kingsoft 20171021
Malwarebytes 20171021
Microsoft 20171021
NANO-Antivirus 20171021
nProtect 20171021
Qihoo-360 20171021
SUPERAntiSpyware 20171021
Symantec Mobile Insight 20171011
Tencent 20171021
TheHacker 20171017
TotalDefense 20171021
Trustlook 20171021
VBA32 20171020
ViRobot 20171021
Webroot 20171021
Yandex 20171021
Zillya 20171021
Zoner 20171021
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-11-23 08:50:07
Entry Point 0x0002B1A0
Number of sections 4
PE sections
PE imports
CreateFileMappingW
GetLastError
GetStartupInfoA
GetCurrentDirectoryW
MapViewOfFile
GetModuleHandleA
CreateFileW
GetVersionExW
WriteFile
ExitProcess
CloseHandle
GetCommandLineW
GetModuleHandleW
_except_handler3
_acmdln
__p__fmode
_exit
_adjust_fdiv
memset
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
__set_app_type
CommandLineToArgvW
MapWindowPoints
EndPaint
UpdateWindow
LoadBitmapW
HideCaret
DefWindowProcW
PostQuitMessage
ShowWindow
GetMessageW
MessageBoxW
DestroyIcon
GetWindowRect
InflateRect
RegisterClassExW
DestroyCursor
TranslateMessage
SetDlgItemTextW
DispatchMessageW
GetCursorPos
BeginPaint
InsertMenuW
SendMessageW
GetWindowLongW
GetWindowPlacement
InvalidateRect
SetTimer
GetClassNameW
OpenClipboard
ModifyMenuW
GetWindowTextW
GetDesktopWindow
LockWindowUpdate
LoadIconW
InsertMenuItemW
CreateWindowExW
LoadAcceleratorsW
wsprintfW
TranslateAcceleratorW
DestroyWindow
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2016:11:23 09:50:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
227840

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
250368

SubsystemVersion
4.0

EntryPoint
0x2b1a0

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 6ace098066b82cd4e6ad5bbdc9954b0d
SHA1 7f72dcc6a3a821125e2f4d29a8a0f58a79976d0e
SHA256 7b5b723570f019d9b35cf421384c895ebdc63e1325bcba91001f1e1af497384e
ssdeep
12288:bTNO6ibYcQZc3It0fNVdYTyW8WXuP7ACIiEr:XM643QZZKf5HlWda

authentihash cbce31ad6c37b3af80ed1053c4d7903c66261d8dad36e92f0396adea8e42f212
imphash c3cebff1ee1eec3edc030854357b5706
File size 467.5 KB ( 478720 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (63.9%)
Win32 Executable MS Visual C++ (generic) (14.8%)
Win64 Executable (generic) (13.1%)
Win32 Dynamic Link Library (generic) (3.1%)
Win32 Executable (generic) (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-20 16:50:46 UTC ( 1 year, 6 months ago )
Last submission 2017-10-21 14:18:10 UTC ( 1 year, 5 months ago )
File names 1000-7f72dcc6a3a821125e2f4d29a8a0f58a79976d0e
7b5b723570f019d9b35cf421384c895ebdc63e1325bcba91001f1e1af497384e.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications