× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7bfff9caf766d3badf0dc70ab179e7cec117165728816b973d7d4a710bd78206
File name: 2LlhpjW.exe_
Detection ratio: 24 / 69
Analysis date: 2018-12-18 15:10:44 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Ursu.350599 20181218
ALYac Gen:Variant.Ursu.350599 20181218
Arcabit Trojan.Ursu.D55987 20181218
Avast Win32:Malware-gen 20181218
AVG Win32:Malware-gen 20181218
BitDefender Gen:Variant.Ursu.350599 20181218
Cylance Unsafe 20181218
Cyren W32/Trojan.ZCNS-2545 20181218
DrWeb Trojan.PWS.Spy.21017 20181218
Emsisoft Gen:Variant.Ursu.350599 (B) 20181218
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CUKX 20181218
F-Prot W32/Trojan3.ANLX 20181218
F-Secure Gen:Variant.Ursu.350599 20181218
Fortinet W32/GenKryptik.CNMT!tr.ransom 20181218
GData Gen:Variant.Ursu.350599 20181218
K7AntiVirus Riskware ( 0040eff71 ) 20181218
K7GW Riskware ( 0040eff71 ) 20181218
Kaspersky UDS:DangerousObject.Multi.Generic 20181218
MAX malware (ai score=81) 20181218
eScan Gen:Variant.Ursu.350599 20181218
Panda Trj/GdSda.A 20181218
Trapmine suspicious.low.ml.score 20181205
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181218
Acronis 20180726
AegisLab 20181218
AhnLab-V3 20181218
Alibaba 20180921
Antiy-AVL 20181218
Avast-Mobile 20181218
Avira (no cloud) 20181218
Babable 20180918
Baidu 20181207
Bkav 20181217
CAT-QuickHeal 20181218
ClamAV 20181218
CMC 20181217
Comodo 20181218
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
eGambit 20181218
Ikarus 20181217
Sophos ML 20181128
Jiangmin 20181218
Kingsoft 20181218
Malwarebytes 20181218
McAfee 20181218
McAfee-GW-Edition 20181218
Microsoft 20181218
NANO-Antivirus 20181218
Palo Alto Networks (Known Signatures) 20181218
Qihoo-360 20181218
Rising 20181218
SentinelOne (Static ML) 20181011
Sophos AV 20181218
SUPERAntiSpyware 20181212
Symantec 20181218
Symantec Mobile Insight 20181215
TACHYON 20181218
Tencent 20181218
TheHacker 20181216
TrendMicro 20181218
TrendMicro-HouseCall 20181218
Trustlook 20181218
VBA32 20181218
ViRobot 20181218
Webroot 20181218
Yandex 20181218
Zillya 20181217
Zoner 20181218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 0.1.0.19
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 11:31:18
Entry Point 0x0000AEF2
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
GetWindowExtEx
SetMapMode
PatBlt
SaveDC
TextOutA
LPtoDP
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
SelectObject
IntersectClipRect
BitBlt
SetTextColor
DPtoLP
GetObjectA
CreateBitmap
RectVisible
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
GetTextExtentPointA
CreateCompatibleDC
ScaleViewportExtEx
DeleteObject
GetMapMode
SetWindowExtEx
GetTextColor
CreateSolidBrush
SetViewportExtEx
Escape
GetViewportExtEx
GetBkColor
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
IsBadCodePtr
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GlobalFindAtomA
HeapAlloc
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
lstrcmpiA
SetEvent
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GlobalLock
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
CompareStringA
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetVersion
SizeofResource
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
ResetEvent
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
SysFreeString
SysAllocStringByteLen
Ord(253)
SetFocus
RegisterClipboardFormatA
GetMessagePos
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
ClientToScreen
GrayStringA
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetWindowTextLengthA
CopyAcceleratorTableA
GetTopWindow
ExcludeUpdateRgn
GetActiveWindow
GetWindowTextA
EnumWindowStationsW
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
ShowWindow
GetPropA
GetNextDlgGroupItem
GetDesktopWindow
EnableWindow
GetDlgItemTextA
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetSubMenu
CreateWindowExA
CopyRect
GetSysColorBrush
IsWindowUnicode
ReleaseDC
EndPaint
PtInRect
IsChild
IsDialogMessageA
MapWindowPoints
BeginPaint
OffsetRect
CharNextA
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
PostMessageA
DrawIcon
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetSystemMenu
GetMenuItemID
SetForegroundWindow
PostThreadMessageA
DrawTextA
IntersectRect
EndDialog
HideCaret
SetWindowContextHelpId
GetCapture
MessageBeep
ShowCaret
AppendMenuA
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
SetRect
InvalidateRect
wsprintfA
DefDlgProcA
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetFileTitleA
SnmpMgrClose
SnmpMgrOpen
SnmpMgrTrapListen
SnmpMgrRequest
SnmpMgrOidToStr
SnmpMgrGetTrap
SnmpMgrStrToOid
OleUninitialize
CLSIDFromString
OleInitialize
StgCreateDocfileOnILockBytes
OleFlushClipboard
CoGetClassObject
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CoTaskMemFree
CreateILockBytesOnHGlobal
CoTaskMemAlloc
SnmpUtilOidFree
SnmpUtilMemAlloc
SnmpUtilMemReAlloc
SnmpUtilMemFree
SnmpUtilVarBindListFree
SnmpUtilVarBindFree
SnmpUtilOidNCmp
SnmpUtilOidCpy
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
CHINESE TRADITIONAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
114688

ImageVersion
0.0

FileVersionNumber
0.1.0.19

LanguageCode
Chinese (Traditional)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Taiwan (Big5)

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
0.1.0.19

TimeStamp
2016:12:06 03:31:18-08:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ASUSTeK Computer Inc.

CodeSize
139264

FileSubtype
0

ProductVersionNumber
0.1.0.19

EntryPoint
0xaef2

ObjectFileType
Executable application

File identification
MD5 bdf7b33a45aad9f77bf389f7fb7f333c
SHA1 c3319344efc9a963789a59f5047fb0092891c68d
SHA256 7bfff9caf766d3badf0dc70ab179e7cec117165728816b973d7d4a710bd78206
ssdeep
3072:YV8Lsp0FEnMjx1tMeWmrObU9EFifXW4s4S4IJE6ow7UbyNdifrrza4dRd:TLmS8Mjx1LWmabWhlSEN+diffza4dR

authentihash d288551a01d054cb79e49d1b7065486031f3e8b59a376d7dccb3caea3c4aed16
imphash 78bea0cb69e7b6b5028e66c9f180453a
File size 252.0 KB ( 258048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-18 15:10:44 UTC ( 5 months, 1 week ago )
Last submission 2019-01-22 05:43:16 UTC ( 4 months ago )
File names klkw.jpg
bdf7b33a45aad9f77bf389f7fb7f333c
2LlhpjW.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs