× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7de6f699ce20f8222edc787454e66c6c93d00e81b68000abeeb5ab501b66b472
File name: 879da27f4dbbe92bf8cee8fa6492a098.virus
Detection ratio: 27 / 70
Analysis date: 2019-01-04 22:31:13 UTC ( 1 month, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40905682 20190104
ALYac Trojan.GenericKD.40905682 20190104
Arcabit Trojan.Generic.D2702BD2 20190104
Avast Win32:Malware-gen 20190104
AVG Win32:Malware-gen 20190104
Avira (no cloud) TR/TrickBot.itpta 20190104
BitDefender Trojan.GenericKD.40905682 20190104
CrowdStrike Falcon (ML) malicious_confidence_80% (D) 20181022
Cybereason malicious.536822 20180225
Cylance Unsafe 20190104
Cyren W32/Trojan.YARO-3514 20190104
Emsisoft Trojan.GenericKD.40905682 (B) 20190104
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/TrickBot.BI 20190104
F-Secure Trojan.GenericKD.40905682 20190104
Fortinet W32/TrickBot.BI!tr 20190104
GData Trojan.GenericKD.40905682 20190104
Kaspersky Trojan.Win32.Inject.alcka 20190104
MAX malware (ai score=80) 20190104
eScan Trojan.GenericKD.40905682 20190104
Palo Alto Networks (Known Signatures) generic.ml 20190104
Rising Trojan.TrickBot!8.E313 (CLOUD) 20190104
Tencent Win32.Trojan.Inject.Ebqz 20190104
Trapmine suspicious.low.ml.score 20190103
TrendMicro-HouseCall TROJ_GEN.R045H09A419 20190104
VBA32 BScope.TrojanBanker.Trickster 20190104
ZoneAlarm by Check Point Trojan.Win32.Inject.alcka 20190104
Acronis 20181227
AegisLab 20190104
AhnLab-V3 20190104
Alibaba 20180921
Antiy-AVL 20190104
Avast-Mobile 20190104
Babable 20180918
Baidu 20190104
Bkav 20190104
CAT-QuickHeal 20190104
ClamAV 20190104
CMC 20190104
Comodo 20190104
DrWeb 20190104
eGambit 20190104
F-Prot 20190104
Ikarus 20190104
Sophos ML 20181128
Jiangmin 20190104
K7AntiVirus 20190104
K7GW 20190104
Kingsoft 20190104
Malwarebytes 20190104
McAfee 20190104
McAfee-GW-Edition 20190104
Microsoft 20190104
NANO-Antivirus 20190104
Panda 20190104
Qihoo-360 20190104
SentinelOne (Static ML) 20181223
Sophos AV 20190104
SUPERAntiSpyware 20190102
Symantec 20190104
TACHYON 20190104
TheHacker 20190104
TotalDefense 20190104
TrendMicro 20190104
Trustlook 20190104
ViRobot 20190104
Webroot 20190104
Yandex 20181229
Zillya 20190103
Zoner 20190104
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-01-03 08:45:13
Entry Point 0x000012A0
Number of sections 8
PE sections
Overlays
MD5 3a65b631f6e3a6b22ae9006dfce19093
File type data
Offset 372224
Size 45761
Entropy 4.42
PE imports
GetLastError
EnterCriticalSection
WaitForSingleObject
ExitProcess
TlsAlloc
VirtualProtect
LoadLibraryA
DeleteCriticalSection
ReleaseSemaphore
InterlockedDecrement
GetProcAddress
CreateSemaphoreA
TlsFree
GetModuleHandleA
SetUnhandledExceptionFilter
CloseHandle
InitializeCriticalSection
VirtualQuery
TlsGetValue
Sleep
TlsSetValue
CreateFileA
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
ShowWindow
__p__fmode
malloc
__p__environ
realloc
atexit
abort
_setmode
strlen
_cexit
fputc
fwrite
_onexit
fputs
_strdup
sprintf
memcmp
strchr
free
vfprintf
__getmainargs
calloc
_write
memcpy
signal
__set_app_type
strcmp
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2019:01:03 09:45:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
164864

LinkerVersion
2.23

ImageFileCharacteristics
No relocs, Executable, No line numbers, 32-bit, No debug

EntryPoint
0x12a0

InitializedDataSize
371200

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
5632

Execution parents
File identification
MD5 879da27f4dbbe92bf8cee8fa6492a098
SHA1 aeb4119536822f830a17c0685ba8b0b7941eb5f6
SHA256 7de6f699ce20f8222edc787454e66c6c93d00e81b68000abeeb5ab501b66b472
ssdeep
6144:qRNqnwwnIsNHEB0Az5EsolM1VPur4JxEG2v2cIQEZxxNUnOJQ/5867T3EovpVANH:cgnwwvNkB0W5E611ur4JxEG2vb4ZPJ

authentihash 25ebfe058ea71b4d97755e71f87a74e052646810e819f26b5e0ea040a0211fc0
imphash f522d97f6abf3be220831d167adb5b10
File size 408.2 KB ( 417985 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-01-04 22:31:13 UTC ( 1 month, 2 weeks ago )
Last submission 2019-01-04 22:31:13 UTC ( 1 month, 2 weeks ago )
File names eafsud.exe
rexe.exe
879da27f4dbbe92bf8cee8fa6492a098.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Created processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs