× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7dc37e5a1206facd5b128c29685405d123da9d32ccee837d22b939085a87a771
File name: a0ad9df1b7ccdca33812cb4fb390a7c6
Detection ratio: 44 / 62
Analysis date: 2019-03-04 14:11:45 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Acronis suspicious 20190222
Ad-Aware Trojan.GenericKD.41061596 20190304
AhnLab-V3 Trojan/Win32.Tescrypt.R230733 20190304
ALYac Trojan.GenericKD.41061596 20190304
Antiy-AVL Trojan/Win32.AGeneric 20190304
Arcabit Trojan.Generic.D2728CDC 20190304
Avast Win32:Malware-gen 20190304
AVG Win32:Malware-gen 20190304
Avira (no cloud) TR/Downloader.Gen 20190304
BitDefender Trojan.GenericKD.41061596 20190304
CAT-QuickHeal Trojan.Mauvaise.SL1 20190304
ClamAV Win.Malware.Flystudio-6738927-0 20190304
Comodo TrojWare.Win32.Agent.OSCF@5rs7jr 20190304
CrowdStrike Falcon (ML) win/malicious_confidence_100% (W) 20190212
Cybereason malicious.1b7ccd 20190109
Cyren W32/Agent.EW.gen!Eldorado 20190304
DrWeb Trojan.DiskFill.41072 20190304
eGambit Unsafe.AI_Score_77% 20190304
Emsisoft Trojan.GenericKD.41061596 (B) 20190304
ESET-NOD32 a variant of Win32/FlyStudio.HackTool.A potentially unwanted 20190304
Fortinet W32/Agent.AZAJ!tr 20190304
GData Win32.Trojan.FlyStudio.F 20190304
Ikarus Trojan.Win32.TeslaCrypt 20190304
Sophos ML heuristic 20181128
K7AntiVirus Trojan ( 005246d51 ) 20190304
K7GW Trojan ( 005246d51 ) 20190304
Kaspersky HEUR:Trojan.Win32.Generic 20190304
Malwarebytes RiskWare.FlyStudio 20190304
MAX malware (ai score=85) 20190304
McAfee Dropper-FVZ!A0AD9DF1B7CC 20190304
McAfee-GW-Edition BehavesLike.Win32.Trojan.fh 20190304
Microsoft Trojan:Win32/Tescrypt!rfn 20190304
eScan Trojan.GenericKD.41061596 20190304
NANO-Antivirus Trojan.Win32.FlyStudio.fcuxgn 20190304
Panda Trj/Genetic.gen 20190303
Qihoo-360 HEUR/QVM07.1.9E97.Malware.Gen 20190304
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Troj/Agent-BAIS 20190304
Symantec SMG.Heur!gen 20190304
Trapmine malicious.moderate.ml.score 20190301
VBA32 BScope.Trojan.Tiggre 20190304
Webroot W32.Trojan.GenKD 20190304
Yandex Trojan.Agent!uBcOXP48wV8 20190301
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20190304
AegisLab 20190304
Alibaba 20180921
Avast-Mobile 20190304
Babable 20180918
Baidu 20190215
CMC 20190304
F-Secure 20190304
Jiangmin 20190304
Kingsoft 20190304
Palo Alto Networks (Known Signatures) 20190304
SUPERAntiSpyware 20190227
Symantec Mobile Insight 20190220
TACHYON 20190304
Tencent 20190304
TheHacker 20190225
TotalDefense 20190304
Trustlook 20190304
ViRobot 20190304
Zoner 20190304
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-10 17:28:39
Entry Point 0x0009ADD5
Number of sections 4
PE sections
Overlays
MD5 38380d42a5d9dbcef65815a51c4c317a
File type ASCII text
Offset 1040384
Size 8080
Entropy 5.01
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCloseKey
RegCreateKeyExA
ImageList_Read
ImageList_GetImageCount
ImageList_Duplicate
ImageList_Destroy
ImageList_SetBkColor
Ord(17)
CreatePolygonRgn
SetROP2
PathToRegion
GetWindowOrgEx
PatBlt
SetViewportExtEx
CreatePen
GetBkMode
SaveDC
TextOutA
CreateFontIndirectA
GetTextMetricsA
CreateRectRgnIndirect
EndPath
CombineRgn
GetClipBox
GetROP2
GetWindowExtEx
GetClipRgn
GetViewportOrgEx
SelectObject
Rectangle
SetMapMode
GetObjectA
ExcludeClipRect
CreateCompatibleDC
DeleteDC
RestoreDC
SetBkMode
GetSystemPaletteEntries
OffsetViewportOrgEx
GetTextExtentPoint32A
EndDoc
SetWindowOrgEx
StartPage
DeleteObject
BitBlt
GetStretchBltMode
RealizePalette
SetTextColor
GetDeviceCaps
GetCurrentObject
FillRgn
CreateEllipticRgn
CreateDCA
CreateBitmap
RectVisible
CreatePalette
GetStockObject
CreateDIBitmap
GetPolyFillMode
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
GetDIBits
ExtSelectClipRgn
CreateRoundRectRgn
SelectClipRgn
RoundRect
StretchBlt
SetStretchBltMode
SelectPalette
ScaleViewportExtEx
EndPage
CreateRectRgn
LineTo
StartDocA
SetPolyFillMode
CreateCompatibleBitmap
SetWindowExtEx
GetTextColor
CreateSolidBrush
DPtoLP
SetViewportOrgEx
Escape
GetViewportExtEx
BeginPath
GetBkColor
Ellipse
MoveToEx
LPtoDP
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
SetEvent
HeapDestroy
IsBadCodePtr
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetTempPathA
GetCPInfo
GetProcAddress
GetStringTypeA
InterlockedExchange
WriteFile
WaitForSingleObject
HeapReAlloc
GetStringTypeW
GetFullPathNameA
FreeLibrary
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
InterlockedDecrement
SetLastError
GetSystemTime
GetEnvironmentVariableA
GlobalFindAtomA
HeapAlloc
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
GetPrivateProfileStringA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
CreateSemaphoreA
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
GetTickCount
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
UnlockFile
GetFileSize
LCMapStringW
DeleteFileA
GetWindowsDirectoryA
WaitForMultipleObjects
GetProcessHeap
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
CompareStringA
FindNextFileA
DuplicateHandle
GetUserDefaultLCID
GetTimeZoneInformation
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
GlobalDeleteAtom
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
WinExec
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetVersion
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
VariantChangeType
UnRegisterTypeLib
RegisterTypeLib
VariantCopyInd
VariantClear
SysAllocString
LoadTypeLib
LHashValOfNameSys
VariantInit
ShellExecuteA
SHGetSpecialFolderPathA
Shell_NotifyIconA
RedrawWindow
GetMessagePos
SetWindowRgn
SetMenuItemBitmaps
DestroyWindow
MoveWindow
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
GetNextDlgTabItem
IsWindow
DispatchMessageA
ClientToScreen
ScrollWindowEx
GrayStringA
WindowFromPoint
GetMessageTime
CallNextHookEx
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
SetScrollPos
LoadIconA
GetWindowTextLengthA
CopyAcceleratorTableA
GetTopWindow
LoadImageA
GetActiveWindow
GetWindowTextA
PtInRect
DrawEdge
GetParent
UpdateWindow
SetPropA
EqualRect
GetMenuState
ShowWindow
DrawFrameControl
CreateIconFromResourceEx
EnableWindow
MapWindowPoints
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
SetParent
SetClipboardData
IsZoomed
GetWindowPlacement
IsIconic
RegisterClassA
TabbedTextOutA
GetWindowLongA
SetTimer
FillRect
CopyRect
GetSysColorBrush
EndPaint
CreateAcceleratorTableA
IsChild
IsDialogMessageA
SetFocus
CreateWindowExA
GetMessageA
SetCapture
BeginPaint
OffsetRect
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
GetClipboardData
SendDlgItemMessageA
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
IntersectRect
SetWindowLongA
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetLastActivePopup
DrawIconEx
CreateMenu
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
EnumDisplaySettingsA
SetWindowsHookExA
GetMenuItemCount
DestroyAcceleratorTable
ValidateRect
CreateIconFromResource
GetSystemMenu
GetMenuItemID
SetForegroundWindow
OpenClipboard
EmptyClipboard
ChildWindowFromPointEx
GetScrollRange
EndDialog
GetCapture
SetWindowTextA
AppendMenuA
GetPropA
SetMenu
RegisterClipboardFormatA
SetRectEmpty
CallWindowProcA
MessageBoxA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
DestroyIcon
IsWindowVisible
GetDesktopWindow
SetCursorPos
WinHelpA
SetRect
DeleteMenu
InvalidateRect
wsprintfA
DrawTextA
TranslateAcceleratorA
IsRectEmpty
GetClassNameA
GetFocus
CloseClipboard
ModifyMenuA
UnhookWindowsHookEx
SetCursor
waveOutReset
midiStreamProperty
waveOutOpen
waveOutClose
midiOutPrepareHeader
waveOutUnprepareHeader
waveOutPause
waveOutGetNumDevs
waveOutPrepareHeader
midiStreamOpen
midiStreamOut
midiStreamStop
waveOutWrite
midiStreamRestart
midiOutUnprepareHeader
midiOutReset
midiStreamClose
OpenPrinterA
DocumentPropertiesA
ClosePrinter
recv
accept
WSAAsyncSelect
recvfrom
ioctlsocket
getpeername
WSACleanup
closesocket
inet_ntoa
GetFileTitleA
ChooseColorA
GetSaveFileNameA
GetOpenFileNameA
OleUninitialize
CLSIDFromProgID
OleInitialize
CoCreateInstance
OleRun
CLSIDFromString
Number of PE resources by type
RT_BITMAP 15
RT_STRING 11
RT_DIALOG 10
RT_CURSOR 4
RT_GROUP_CURSOR 3
RT_ICON 3
TEXTINCLUDE 3
RT_GROUP_ICON 3
RT_MENU 2
RT_MANIFEST 1
Number of PE resources by language
CHINESE SIMPLIFIED 52
NEUTRAL 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2018:04:10 19:28:39+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
761856

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x9add5

InitializedDataSize
479232

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a0ad9df1b7ccdca33812cb4fb390a7c6
SHA1 6ff5b046d9a6301e3092e58e9be2cc04e0a2ec52
SHA256 7dc37e5a1206facd5b128c29685405d123da9d32ccee837d22b939085a87a771
ssdeep
24576:1qylFH50Dv6RwyeQvt6ot0h9HyrOgiruAbX:IylFHUv6ReIt0jSrOV

authentihash 0c8903141336eafa04e3d2aa76eef93e9e92a0c106226ff8e52f13798990baf9
imphash 28178deeb23ca335978bbb93418aba95
File size 1023.9 KB ( 1048464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (29.5%)
Win64 Executable (generic) (26.1%)
Microsoft Visual C++ compiled executable (generic) (15.6%)
Windows screen saver (12.4%)
Win32 Dynamic Link Library (generic) (6.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-04 14:11:45 UTC ( 1 month, 3 weeks ago )
Last submission 2019-03-04 14:11:45 UTC ( 1 month, 3 weeks ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!