× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81a98e7d4f44470913eb90b085714218498304b7338d9e010d15b630b2892f0d
File name: 1.bin
Detection ratio: 50 / 67
Analysis date: 2017-12-03 11:34:26 UTC ( 2 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Trojan.Crypt.53 20171203
AegisLab Troj.W32.Diple!c 20171203
AhnLab-V3 Trojan/Win32.Matrixran.R213839 20171203
ALYac Gen:Variant.Trojan.Crypt.53 20171203
Antiy-AVL Trojan[Ransom]/Win32.Foreign 20171203
Arcabit Trojan.Trojan.Crypt.53 20171203
Avast Win32:Malware-gen 20171203
AVG Win32:Malware-gen 20171203
Avira (no cloud) TR/Crypt.Xpack.ubnax 20171203
AVware Trojan.Win32.Generic!BT 20171203
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9843 20171201
BitDefender Gen:Variant.Trojan.Crypt.53 20171203
CAT-QuickHeal Trojan.Diple 20171202
ClamAV Win.Trojan.Emotet-6383838-0 20171203
Comodo UnclassifiedMalware 20171203
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cylance Unsafe 20171203
Cyren W32/Trojan.TJGU-4174 20171203
DrWeb Trojan.DownLoad3.48074 20171203
Emsisoft Gen:Variant.Trojan.Crypt.53 (B) 20171203
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.FZNG 20171203
F-Secure Gen:Variant.Trojan.Crypt.53 20171203
Fortinet W32/Diple.E!tr 20171203
GData Gen:Variant.Trojan.Crypt.53 20171203
Ikarus Trojan-Proxy.Agent 20171203
Sophos ML heuristic 20170914
Jiangmin Trojan.Scarsi.bih 20171203
K7AntiVirus Trojan ( 0051dab71 ) 20171203
K7GW Trojan ( 0051dab71 ) 20171203
Kaspersky Trojan.Win32.Diple.gxpj 20171203
MAX malware (ai score=99) 20171203
McAfee GenericRXDI-JB!FB337851F4CA 20171203
McAfee-GW-Edition BehavesLike.Win32.MultiPlug.cc 20171202
Microsoft Trojan:Win32/CoinMiner.AC!bit 20171203
eScan Gen:Variant.Trojan.Crypt.53 20171203
NANO-Antivirus Trojan.Win32.Inject.evhdjc 20171203
Palo Alto Networks (Known Signatures) generic.ml 20171203
Panda Trj/CI.A 20171203
Qihoo-360 Win32/Trojan.7b0 20171203
Rising Malware.Obscure!1.A3BB (CLOUD) 20171203
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/Emotet-E 20171203
Symantec Trojan.Gen.2 20171202
Tencent Suspicious.Heuristic.Gen.b.0 20171203
TrendMicro TROJ_GEN.R03FC0RKR17 20171203
TrendMicro-HouseCall TROJ_GEN.R03FC0RKR17 20171203
VIPRE Trojan.Win32.Generic!BT 20171203
ViRobot Trojan.Win32.Ransom.523264 20171202
ZoneAlarm by Check Point Trojan.Win32.Diple.gxpj 20171203
Alibaba 20171203
Avast-Mobile 20171203
Bkav 20171201
CMC 20171203
Cybereason 20171103
eGambit 20171203
F-Prot 20171203
Kingsoft 20171203
Malwarebytes 20171203
nProtect 20171201
SUPERAntiSpyware 20171203
Symantec Mobile Insight 20171201
TheHacker 20171130
Trustlook 20171203
VBA32 20171201
Webroot 20171203
WhiteArmor 20171104
Yandex 20171201
Zillya 20171201
Zoner 20171203
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2017

File version 1.0.0.1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-24 15:00:08
Entry Point 0x000039C1
Number of sections 5
PE sections
PE imports
ClearEventLogA
BackupEventLogW
ChangeServiceConfigW
AreFileApisANSI
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
TerminateThread
GetModuleFileNameW
GetConsoleCP
GetModuleHandleW
GetOEMCP
QueryPerformanceCounter
GetTimeFormatW
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
HeapSize
RtlUnwind
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
SetConsoleCtrlHandler
GetCurrentProcessId
CreateSemaphoreW
GetDateFormatW
GetCommandLineW
WideCharToMultiByte
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
FreeEnvironmentStringsW
GetUserDefaultLCID
AddAtomW
EncodePointer
GetLocaleInfoW
SetStdHandle
CompareStringW
RaiseException
UnhandledExceptionFilter
GetCPInfo
TlsFree
GetSystemTimeAsFileTime
ReadFile
SetEndOfFile
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
GetMailslotInfo
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
GetProcAddress
GetCurrentThread
FreeLibrary
GetSystemTimeAdjustment
TerminateProcess
CreateEventW
TlsGetValue
GetModuleHandleExW
IsValidCodePage
OutputDebugStringW
SetLastError
CreateFileW
GetEnvironmentStringsW
IsDebuggerPresent
Sleep
GetFileType
ReadConsoleW
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcessHeap
ExitProcess
WriteConsoleW
LeaveCriticalSection
UpdateWindow
CallMsgFilterA
GetRawInputDeviceList
LoadKeyboardLayoutW
LoadMenuW
GetRawInputBuffer
DispatchMessageA
LoadImageA
LoadBitmapA
GetNextDlgGroupItem
GetMessageExtraInfo
PeekMessageA
TranslateMessage
LoadCursorFromFileW
LoadStringA
GetRawInputDeviceInfoA
RegisterRawInputDevices
GetNextDlgTabItem
LoadMenuIndirectA
CreateIconFromResource
LoadCursorW
LoadIconW
LoadAcceleratorsW
CloseClipboard
TranslateAcceleratorW
Number of PE resources by type
RT_ICON 2
GEFAXIBOSAPEWUBAJIGUHEROBEMA 1
ROJUHUWILE 1
RT_MANIFEST 1
ATMN 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH UK 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
English (British)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
1513472

EntryPoint
0x39c1

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1

TimeStamp
2017:11:24 16:00:08+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.1

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2017

MachineType
Intel 386 or later, and compatibles

CodeSize
147968

FileSubtype
0

ProductVersionNumber
1.0.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 fb337851f4cadd9f0beb55ee8af655df
SHA1 b092de52f14721c4bfdcb3227aac2ed1a1bae8c7
SHA256 81a98e7d4f44470913eb90b085714218498304b7338d9e010d15b630b2892f0d
ssdeep
24576:hzFWGWyyylMIOaA7P271cRfaSjB0B/5aqz:ZFRWynlMIw7O716faA0Z5aqz

authentihash 808e65728b4dc302a42c5284e6d55f3b88c934d260fe23d70e9a0c0c7a6841eb
imphash ce70d8f2abf55326e7a3d78f14d24a4d
File size 880.5 KB ( 901632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2017-11-26 06:14:34 UTC ( 3 weeks ago )
Last submission 2017-11-27 14:23:10 UTC ( 2 weeks, 6 days ago )
File names 1.bin
%24RTG0AU2.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs