× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81a1d5834fec863cedbf21d16f4e7c17a7f1b4ea9723e1fd4daae77b386d0d3e
File name: 81a1d5834fec863cedbf21d16f4e7c17a7f1b4ea9723e1fd4daae77b386d0d3e
Detection ratio: 50 / 68
Analysis date: 2017-12-23 08:46:29 UTC ( 1 year, 4 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.6315454 20171223
AegisLab Backdoor.W32.Vawtrak!c 20171223
ALYac Trojan.GenericKD.6315454 20171223
Antiy-AVL Trojan[Backdoor]/Win32.Vawtrak 20171223
Arcabit Trojan.Generic.D605DBE 20171223
Avast Win32:Malware-gen 20171223
AVG Win32:Malware-gen 20171223
Avira (no cloud) TR/Crypt.ZPACK.xqghi 20171223
AVware Trojan.Win32.Generic!BT 20171223
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171222
BitDefender Trojan.GenericKD.6315454 20171223
CAT-QuickHeal Backdoor.Vawtrak 20171222
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.191fc3 20171103
Cylance Unsafe 20171223
Cyren W32/Trojan.OGZB-3285 20171223
DrWeb Trojan.DownLoader26.2989 20171223
eGambit Unsafe.AI_Score_100% 20171223
Emsisoft Trojan.GenericKD.6315454 (B) 20171223
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Generik.HVMGEVR 20171223
F-Secure Trojan.GenericKD.6315454 20171223
Fortinet Generik.HVMGEVR!tr 20171223
GData Trojan.GenericKD.6315454 20171223
Ikarus Backdoor.Win32.Vawtrak 20171222
Sophos ML heuristic 20170914
K7AntiVirus Riskware ( 0040eff71 ) 20171223
K7GW Riskware ( 0040eff71 ) 20171223
Kaspersky Backdoor.Win32.Vawtrak.afn 20171223
Malwarebytes Trojan.MalPack 20171223
MAX malware (ai score=100) 20171223
McAfee GenericRXDO-JD!F6862E36AC75 20171223
McAfee-GW-Edition BehavesLike.Win32.Trojan.cc 20171223
eScan Trojan.GenericKD.6315454 20171223
NANO-Antivirus Trojan.Win32.Vawtrak.ewfaov 20171223
Palo Alto Networks (Known Signatures) generic.ml 20171223
Panda Trj/GdSda.A 20171223
Qihoo-360 Win32/Trojan.286 20171223
Rising Malware.XPACK-LNR/Heur!1.5594 (CLASSIC) 20171223
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/Generic-S 20171223
Symantec Trojan.Gen 20171222
Tencent Suspicious.Heuristic.Gen.b.0 20171223
TrendMicro TROJ_GEN.R002C0WLM17 20171223
TrendMicro-HouseCall TROJ_GEN.R002C0WLM17 20171223
VBA32 Trojan.FakeAV.01657 20171222
VIPRE Trojan.Win32.Generic!BT 20171223
ViRobot Trojan.Win32.Z.Pate.153600 20171223
WhiteArmor Malware.HighConfidence 20171204
ZoneAlarm by Check Point Backdoor.Win32.Vawtrak.afn 20171223
AhnLab-V3 20171222
Alibaba 20171222
Avast-Mobile 20171222
Bkav 20171222
ClamAV 20171223
CMC 20171223
Comodo 20171223
F-Prot 20171223
Jiangmin 20171221
Kingsoft 20171223
Microsoft 20171223
nProtect 20171223
SUPERAntiSpyware 20171222
TheHacker 20171219
TotalDefense 20171223
Trustlook 20171223
Webroot 20171223
Yandex 20171222
Zillya 20171222
Zoner 20171223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-09 02:47:42
Entry Point 0x00009077
Number of sections 3
PE sections
PE imports
CAEnumFirstCA
CAEnumNextCA
lstrcat
GetStartupInfoA
CreateProcessA
VirtualAllocEx
lstrcmpiW
AddAtomA
GetConsoleTitleW
InterlockedExchange
ResetEvent
ReadConsoleW
ReadProcessMemory
CreateFileA
GetCommandLineA
LoadLibraryA
SleepEx
OpenJobObjectA
ExtractIconA
ShellAboutA
SHChangeNotify
SHGetDesktopFolder
ShellMessageBoxA
DragQueryPoint
DragAcceptFiles
SHGetDiskFreeSpaceA
DragQueryFileA
SHGetMalloc
SHFileOperationA
wsprintfA
LoadCursorA
PeekMessageW
IsDialogMessageW
CharToOemW
CreateDesktopW
DispatchMessageW
DialogBoxParamA
DrawStateW
GetPropA
LoadBitmapA
GetClassLongA
LoadIconA
Number of PE resources by type
RT_RCDATA 3
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:05:09 03:47:42+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
137728

LinkerVersion
33.0

EntryPoint
0x9077

InitializedDataSize
19456

SubsystemVersion
4.0

ImageVersion
5.1

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 f6862e36ac75d76d735f7af918d7a7ec
SHA1 bb3775a191fc38c0042b58a8faf45e1024977b35
SHA256 81a1d5834fec863cedbf21d16f4e7c17a7f1b4ea9723e1fd4daae77b386d0d3e
ssdeep
3072:ICDdUc0tHpPx9Q1ZyauyVXgbx51QFmRb5tpNCJuFnekxSTr3lcW/:IsdT0t7EuYXg15yQ5N4uFFSX

authentihash 2f6118df3f45612a4309294c92704c5742c0ce3bad0da028877a41e49feda7b3
imphash df033a052c9a701cccc8a818cb71f9fd
File size 150.0 KB ( 153600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-21 04:32:08 UTC ( 1 year, 4 months ago )
Last submission 2017-12-23 08:46:29 UTC ( 1 year, 4 months ago )
File names bb3775a191fc38c0042b58a8faf45e1024977b35
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs