× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7f00570186eb4e03db8ed1f246802eb506492fb53c3891e2f59680e8229e1b27
File name: output.113066972.txt
Detection ratio: 42 / 67
Analysis date: 2018-04-05 15:53:01 UTC ( 11 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.478180 20180405
AegisLab Troj.W32.Delf!c 20180405
AhnLab-V3 Trojan/Win32.Agent.C2452554 20180405
ALYac Gen:Variant.Graftor.478180 20180405
Antiy-AVL Trojan/Win32.AGeneric 20180405
Arcabit Trojan.Graftor.D74BE4 20180405
Avast Win32:Malware-gen 20180405
AVG Win32:Malware-gen 20180405
Avira (no cloud) DR/Delphi.qyedp 20180405
AVware Trojan.Win32.Generic!BT 20180405
BitDefender Gen:Variant.Graftor.478180 20180405
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170201
Cylance Unsafe 20180405
Cyren W32/Trojan.VSVG-3435 20180405
DrWeb Trojan.PWS.Banker1.27288 20180405
Emsisoft Gen:Variant.Graftor.478180 (B) 20180405
Endgame malicious (moderate confidence) 20180403
ESET-NOD32 a variant of Win32/Injector.DWSA 20180405
F-Prot W32/Trojan3.ALZE 20180405
F-Secure Gen:Variant.Graftor.478180 20180405
Fortinet W32/Kryptik.GCFM!tr 20180405
GData Gen:Variant.Graftor.478180 20180405
Ikarus Trojan.Win32.Injector 20180405
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 0052b0971 ) 20180404
K7GW Trojan ( 0052b0971 ) 20180405
Kaspersky Trojan.Win32.Delf.epbb 20180405
MAX malware (ai score=99) 20180405
McAfee Artemis!4544666D7189 20180405
McAfee-GW-Edition Trojan-FPEM!4D95FF0C48A2 20180405
Microsoft Backdoor:Win32/Xtrat.AC 20180405
eScan Gen:Variant.Graftor.478180 20180405
Palo Alto Networks (Known Signatures) generic.ml 20180405
Panda Trj/CI.A 20180405
Rising Spyware.Noon!8.E7C9 (TFE:3:hpy4jK8a3EP) 20180405
Sophos AV Mal/Generic-S 20180405
Symantec Trojan.Gen.2 20180405
Tencent Win32.Trojan.Inject.Auto 20180405
TrendMicro TROJ_GEN.R002C0PD318 20180405
TrendMicro-HouseCall TROJ_GEN.R002C0PD318 20180405
VIPRE Trojan.Win32.Generic!BT 20180405
ZoneAlarm by Check Point Trojan.Win32.Delf.epbb 20180405
Alibaba 20180404
Avast-Mobile 20180405
Baidu 20180404
Bkav 20180405
CAT-QuickHeal 20180405
ClamAV 20180405
CMC 20180405
Comodo 20180405
Cybereason 20180225
eGambit 20180405
Jiangmin 20180405
Kingsoft 20180405
Malwarebytes 20180405
NANO-Antivirus 20180405
nProtect 20180405
Qihoo-360 20180405
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180405
Symantec Mobile Insight 20180401
TheHacker 20180404
TotalDefense 20180405
Trustlook 20180405
VBA32 20180405
ViRobot 20180405
WhiteArmor 20180405
Yandex 20180405
Zillya 20180405
Zoner 20180405
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x004E4E80
Number of sections 3
PE sections
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
ADsGetObject
ADsGetLastError
ImageList_Add
GetSaveFileNameA
SaveDC
NetShareAdd
OleDraw
VariantCopy
SHGetFolderPathA
VerQueryValueA
Number of PE resources by type
RT_STRING 20
RT_GROUP_CURSOR 7
RT_RCDATA 7
RT_CURSOR 7
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 41
ARABIC EGYPT 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2531328

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x4e4e80

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
2600960

File identification
MD5 4544666d718900e06f50d313468f3aa2
SHA1 e69a1a891558c449db1e65c7e493ad43b179c24a
SHA256 7f00570186eb4e03db8ed1f246802eb506492fb53c3891e2f59680e8229e1b27
ssdeep
49152:VxlbNdP27U48B+Ij93B5UEExORGeqrpU/0rf8sIqq0jLuM6XWX:nlCUxB+u95ZRhcp0jqsX

authentihash 3ba662ff810c4321b7f9af9c510b38ba30452f728159adcc3cb48a192f75957e
imphash f7913b7c8f074f019816dbc0fda931cf
File size 2.4 MB ( 2532864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2018-04-03 11:53:34 UTC ( 11 months, 3 weeks ago )
Last submission 2018-04-09 20:49:48 UTC ( 11 months, 2 weeks ago )
File names 7F00570186EB4E03DB8ED1F246802EB506492FB53C3891E2F59680E8229E1B27
output.113066972.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs