× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7f98da6e9466737f81b8d38d74e90966cf3efbad094f634ca5993dfecdb81147
File name: 12fe2b5788acead0a8448f28fa44e0789d62b777
Detection ratio: 35 / 67
Analysis date: 2017-10-22 14:25:38 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12507482 20171022
Arcabit Trojan.Generic.DBED95A 20171022
Avast Win32:Malware-gen 20171022
AVG Win32:Malware-gen 20171022
Baidu Win32.Trojan.Kryptik.rb 20171020
BitDefender Trojan.GenericKD.12507482 20171022
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171022
Cyren W32/Trojan.NDFX-8474 20171022
DrWeb Trojan.PWS.Panda.11620 20171022
eGambit malicious_confidence_100% 20171022
Emsisoft Trojan.GenericKD.12507482 (B) 20171022
Endgame malicious (high confidence) 20171016
ESET-NOD32 a variant of Win32/GenKryptik.BAVK 20171022
Fortinet W32/Kryptik.FXUM!tr 20171022
GData Trojan.GenericKD.12507482 20171022
Ikarus Win32.Outbreak 20171022
Sophos ML heuristic 20170914
Kaspersky Trojan.Win32.Refinka.gig 20171022
Malwarebytes Trojan.MalPack 20171022
MAX malware (ai score=87) 20171022
McAfee Ransomware-GIB!B8670624B7A8 20171022
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.cc 20171022
Microsoft Trojan:Win32/Dynamer!rfn 20171022
eScan Trojan.GenericKD.12507482 20171022
Palo Alto Networks (Known Signatures) generic.ml 20171022
Panda Trj/CI.A 20171022
Qihoo-360 HEUR/QVM19.1.ACD5.Malware.Gen 20171022
Rising Malware.Heuristic!ET#99% (RDM+:cmRtazrxTAYJxGEr+1b1ldrIFakq) 20171022
Sophos AV Mal/Elenoocka-E 20171022
Symantec ML.Attribute.HighConfidence 20171021
TrendMicro Ransom_CERBER.SMALY0 20171022
TrendMicro-HouseCall Ransom_CERBER.SMALY0 20171022
WhiteArmor Malware.HighConfidence 20171016
ZoneAlarm by Check Point Trojan.Win32.Refinka.gig 20171022
AegisLab 20171022
AhnLab-V3 20171022
Alibaba 20170911
ALYac 20171022
Antiy-AVL 20171022
Avast-Mobile 20171022
Avira (no cloud) 20171022
AVware 20171022
Bkav 20171020
CAT-QuickHeal 20171020
ClamAV 20171022
CMC 20171022
Comodo 20171022
F-Prot 20171022
F-Secure 20171021
Jiangmin 20171022
K7AntiVirus 20171019
K7GW 20171022
Kingsoft 20171022
NANO-Antivirus 20171022
nProtect 20171022
SentinelOne (Static ML) 20171019
SUPERAntiSpyware 20171022
Symantec Mobile Insight 20171011
Tencent 20171022
TheHacker 20171017
TotalDefense 20171022
Trustlook 20171022
VBA32 20171020
VIPRE 20171022
ViRobot 20171022
Webroot 20171022
Yandex 20171021
Zillya 20171021
Zoner 20171022
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-06-11 07:05:41
Entry Point 0x0000A180
Number of sections 4
PE sections
PE imports
CoRegCleanup
DowngradeAPL
ComPlusMigrate
ClusterEnum
CloseClusterGroup
ClusterControl
CloseClusterNode
CloseCluster
ConnectionRead
ConnectionVer
ConnectionClose
ConnectionWrite
ConnectionError
LoadLibraryExW
GetShortPathNameW
CreateMailslotW
lstrcmpiW
WaitForSingleObjectEx
WaitNamedPipeW
GetDateFormatW
SetErrorMode
GetStartupInfoW
DeleteFileW
GetProcAddress
CreateSemaphoreA
MoveFileExW
GetModuleHandleA
GetTempPathW
CloseHandle
GetSystemDirectoryA
ReadConsoleA
MoveFileW
GetCurrentThreadId
LeaveCriticalSection
GetExpandedNameA
wsprintfA
LoadIconA
IsCharLowerW
FlashWindow
GetPropW
DrawStateA
CreateDesktopW
LoadBitmapA
IsDialogMessageW
DialogBoxParamA
PostMessageW
LoadMenuW
DispatchMessageW
PeekMessageW
Number of PE resources by type
EQSA 1
Number of PE resources by language
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.1

MachineType
Intel 386 or later, and compatibles

TimeStamp
2015:06:11 08:05:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
55296

LinkerVersion
14.0

FileTypeExtension
exe

InitializedDataSize
124416

ImageFileCharacteristics
No relocs, Executable, Aggressive working-set trim, 32-bit, No debug

EntryPoint
0xa180

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 b8670624b7a8025e16c40854ec8df120
SHA1 ddcf8734506fab49ff8585f8431170b8cb624c66
SHA256 7f98da6e9466737f81b8d38d74e90966cf3efbad094f634ca5993dfecdb81147
ssdeep
3072:Y02wVugEP41YaMJD3Nx85CQS/ZqYd0C6+K+CU:HWP4maMJhsCHqK0C6+P

authentihash 34d0fbf80c4639981f754cfc69a58769e3e90b34a12702d8169b4281968b95d2
imphash 6097bc0c1089f8977ab3b76a95b0991e
File size 176.5 KB ( 180736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (34.2%)
Win32 Executable (generic) (23.4%)
Win16/32 Executable Delphi generic (10.7%)
OS/2 Executable (generic) (10.5%)
Generic Win/DOS Executable (10.4%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-22 14:25:38 UTC ( 1 year, 6 months ago )
Last submission 2017-10-22 14:25:38 UTC ( 1 year, 6 months ago )
File names 1007-ddcf8734506fab49ff8585f8431170b8cb624c66
12fe2b5788acead0a8448f28fa44e0789d62b777
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs