× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 804577677697f42ecef4486788603f370ae3129ddb7bc39f82b632f27ee7226f
File name: logprop.exe
Detection ratio: 22 / 65
Analysis date: 2017-10-11 06:13:45 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Trojan.Crypt.16 20171011
ALYac Gen:Variant.Trojan.Crypt.16 20171011
Arcabit Trojan.Trojan.Crypt.16 20171011
Avast FileRepMalware 20171011
AVG FileRepMalware 20171011
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171011
BitDefender Gen:Variant.Trojan.Crypt.16 20171011
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20170804
Cylance Unsafe 20171011
Emsisoft Gen:Variant.Trojan.Crypt.16 (B) 20171011
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Kryptik.FVPA 20171011
F-Secure Gen:Variant.Trojan.Crypt.16 20171011
GData Gen:Variant.Trojan.Crypt.16 20171011
Sophos ML heuristic 20170914
MAX malware (ai score=88) 20171011
eScan Gen:Variant.Trojan.Crypt.16 20171011
Qihoo-360 HEUR/QVM10.1.6D7A.Malware.Gen 20171011
Symantec ML.Attribute.HighConfidence 20171010
TrendMicro TSPY_EMOTET.SMD3 20171011
TrendMicro-HouseCall TSPY_EMOTET.SMD3 20171011
Webroot W32.Trojan.Crypt 20171011
AegisLab 20171011
AhnLab-V3 20171011
Alibaba 20170911
Avast-Mobile 20171010
Avira (no cloud) 20171011
AVware 20171011
Bkav 20171009
CAT-QuickHeal 20171011
ClamAV 20171011
CMC 20171011
Comodo 20171010
Cyren 20171011
DrWeb 20171011
F-Prot 20171011
Fortinet 20171011
Ikarus 20171010
Jiangmin 20171011
K7AntiVirus 20171011
K7GW 20171011
Kaspersky 20171011
Kingsoft 20171011
Malwarebytes 20171011
McAfee 20171011
McAfee-GW-Edition 20171011
Microsoft 20171011
NANO-Antivirus 20171011
nProtect 20171011
Palo Alto Networks (Known Signatures) 20171011
Panda 20171010
Rising 20171011
SentinelOne (Static ML) 20171001
Sophos AV 20171011
SUPERAntiSpyware 20171011
Symantec Mobile Insight 20171011
Tencent 20171011
TheHacker 20171007
TotalDefense 20171011
Trustlook 20171011
VBA32 20171010
VIPRE 20171011
ViRobot 20171011
WhiteArmor 20170927
Yandex 20171010
Zillya 20171010
ZoneAlarm by Check Point 20171011
Zoner 20171011
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-10-11 02:06:01
Entry Point 0x00001F88
Number of sections 5
PE sections
PE imports
GetMapMode
GetGraphicsMode
StretchBlt
GetCharWidthW
CloseFigure
LocalCompact
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
VirtualAllocEx
lstrlenA
LoadLibraryW
GetCurrentProcessId
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
HeapSetInformation
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
GetLocaleInfoA
LocalAlloc
SetHandleCount
UnhandledExceptionFilter
GetModuleHandleW
WideCharToMultiByte
ExitProcess
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
AddAtomW
EncodePointer
GetLocaleInfoW
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
TlsSetValue
LocalFlags
LocalFree
GetSystemTimeAsFileTime
GetCurrentThreadId
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
DecodePointer
IsProcessorFeaturePresent
LocalShrink
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
HeapDestroy
GetCurrentThread
GetOEMCP
GetSystemTimeAdjustment
TerminateProcess
AddVectoredExceptionHandler
InterlockedDecrement
IsValidCodePage
HeapCreate
FatalAppExitA
FindAtomA
DeleteCriticalSection
Sleep
GetFileType
SetConsoleCtrlHandler
GetTickCount
OutputDebugStringA
InterlockedIncrement
RemoveVectoredExceptionHandler
SetLastError
LeaveCriticalSection
TransparentBlt
GradientFill
DragAcceptFiles
DragQueryPoint
AnimateWindow
UpdateWindow
IsWindowVisible
GetMessageExtraInfo
GetMonitorInfoA
CharPrevExA
CharPrevW
ShowWindow
GetDC
WindowFromDC
WinHttpOpen
WinHttpConnect
WinHttpCloseHandle
Number of PE resources by type
RT_ICON 8
RT_STRING 4
RT_BITMAP 3
EOVJQUMFTN 1
RT_MENU 1
RT_ACCELERATOR 1
RT_GROUP_ICON 1
Number of PE resources by language
HUNGARIAN DEFAULT 18
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:10:11 03:06:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
82432

LinkerVersion
10.0

EntryPoint
0x1f88

InitializedDataSize
160256

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 04944ede7a65681b86ef2edc297df790
SHA1 a46d6538de0fdc3f93494ae0a277111927183f7b
SHA256 804577677697f42ecef4486788603f370ae3129ddb7bc39f82b632f27ee7226f
ssdeep
3072:JLj/06/a80EfzCRVukBBL/x3HRqH55+JMU2vJhzd7t/Sp:dj80a87fzzoDhKy2vJh

authentihash e474ab490e0cd2e8979f03b0999bb62c3864047b07ad8314e6f9930f2be6c0c9
imphash b16316ebb1ef9e105f407627097f37d1
File size 223.5 KB ( 228864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2017-10-11 06:13:45 UTC ( 1 year ago )
Last submission 2018-07-23 22:53:09 UTC ( 3 months ago )
File names 04944ede7a65681b86ef2edc297df790.vir
PAYLOAD (2).exe
04944ede7a65681b86ef2edc297df790.virobj
04944ede7a65681b86ef2edc297df790.vir
logprop.exe
12249744.exe
04944ede7a65681b86ef2edc297df790.vir
SXCvsjlm.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs
UDP communications