× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 803c4a05abe6435b7191ae8d834d7ace0634509460a2650f1d2ce6c9e43d5af4
File name: 1.exe
Detection ratio: 16 / 69
Analysis date: 2019-01-12 14:51:09 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20190112
AVG FileRepMalware 20190112
Avira (no cloud) TR/Crypt.ZPACK.Gen7 20190112
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cylance Unsafe 20190112
Endgame malicious (high confidence) 20181108
McAfee-GW-Edition BehavesLike.Win32.Generic.dh 20190112
Microsoft Trojan:Win32/Fuerboos.C!cl 20190112
Palo Alto Networks (Known Signatures) generic.ml 20190112
Qihoo-360 HEUR/QVM10.2.7FBD.Malware.Gen 20190112
Rising Trojan.Fuerboos!8.EFC8/N3#92% (RDM+:cmRtazomkHRzq7zJDoREWcDiVodN) 20190112
Symantec ML.Attribute.HighConfidence 20190112
Trapmine malicious.high.ml.score 20190103
TrendMicro TrojanSpy.Win32.FAREIT.SMKC.hp 20190112
VBA32 BScope.Trojan.Chapak 20190111
Webroot W32.Adware.Installcore 20190112
Acronis 20190111
Ad-Aware 20190112
AegisLab 20190112
AhnLab-V3 20190112
Alibaba 20180921
ALYac 20190112
Antiy-AVL 20190112
Arcabit 20190112
Avast-Mobile 20190112
Babable 20180918
Baidu 20190111
BitDefender 20190112
Bkav 20190108
CAT-QuickHeal 20190111
ClamAV 20190112
CMC 20190111
Comodo 20190112
Cybereason 20190109
Cyren 20190112
DrWeb 20190112
eGambit 20190112
Emsisoft 20190112
ESET-NOD32 20190112
F-Prot 20190112
F-Secure 20190111
Fortinet 20190112
GData 20190112
Ikarus 20190112
Sophos ML 20181128
Jiangmin 20190112
K7AntiVirus 20190112
K7GW 20190112
Kaspersky 20190112
Kingsoft 20190112
Malwarebytes 20190112
MAX 20190112
McAfee 20190112
eScan 20190112
NANO-Antivirus 20190112
Panda 20190112
SentinelOne (Static ML) 20181223
Sophos AV 20190112
SUPERAntiSpyware 20190109
TACHYON 20190112
Tencent 20190112
TheHacker 20190106
TrendMicro-HouseCall 20190112
Trustlook 20190112
ViRobot 20190111
Yandex 20190111
Zillya 20190111
ZoneAlarm by Check Point 20190112
Zoner 20190112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-04-17 11:27:22
Entry Point 0x00005A57
Number of sections 5
PE sections
PE imports
GetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownW
LookupPrivilegeNameA
EndPath
StretchBlt
GetStdHandle
GetConsoleOutputCP
GetDriveTypeA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
TransmitCommChar
GetThreadPriority
InterlockedDecrement
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
SetProcessWorkingSetSize
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetProcessAffinityMask
GetModuleHandleA
SetUnhandledExceptionFilter
SetThreadContext
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetStartupInfoW
GetProcAddress
lstrcpyA
GetProcessWorkingSetSize
DuplicateHandle
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetNativeSystemInfo
GetLastError
LCMapStringW
GetConsoleCP
LCMapStringA
GetProcessTimes
GetEnvironmentStringsW
GetCommTimeouts
CompareFileTime
GetCurrentProcessId
GetCommandLineW
GetCPInfo
HeapSize
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetSystemTimeAdjustment
IsValidCodePage
HeapCreate
VirtualFree
Sleep
SetComputerNameExW
VirtualAlloc
AlphaBlend
GradientFill
EnableScrollBar
PostMessageW
GetFocus
ShowScrollBar
GetPropW
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
DANISH DEFAULT 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
146944

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

LinkerVersion
9.0

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
2018:04:17 12:27:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
lejerof.exe

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
112128

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x5a57

ObjectFileType
Executable application

File identification
MD5 2640d9acde0b05193ce7d585f8de805a
SHA1 9c7143d9473eb934adc14926e90b2882ca5cd2a2
SHA256 803c4a05abe6435b7191ae8d834d7ace0634509460a2650f1d2ce6c9e43d5af4
ssdeep
6144:K5xGRi3LtYJcMPk8YQlaNWhqTUeQXWA8tmcNIlynQLZcgUL:K5xGRi35YJcKk8rDcNIJZt

authentihash 8cf8219151af322f17850ce0ba7a275e2bc6baba2bc625b1e6fe10180cd5cc52
imphash 0cb9d50696a0d565e5bf595f88450938
File size 246.5 KB ( 252416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.0%)
Win64 Executable (generic) (35.4%)
Win32 Dynamic Link Library (generic) (8.4%)
Win32 Executable (generic) (5.7%)
OS/2 Executable (generic) (2.6%)
Tags
suspicious-dns peexe nxdomain

VirusTotal metadata
First submission 2019-01-12 14:51:09 UTC ( 2 months, 1 week ago )
Last submission 2019-01-12 16:03:30 UTC ( 2 months, 1 week ago )
File names 3644414136.exe
winsvcs.exe
1618430553.exe
1.exe
2513535912.exe
1713239729.exe
4163823111.exe
3199120974.exe
3404542307.exe
WINSVCS.EXE
3498931411.exe
2703021494.exe
1397012492.exe
t.exe
1[1].exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections