× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 82185c1c160c92c8a0ca3dd98c5d7f692ec2a05e6511b7fff66844ec7c8d4a84
File name: 82185c1c160c92c8a0ca3dd98c5d7f692ec2a05e6511b7fff66844ec7c8d4a84_...
Detection ratio: 6 / 70
Analysis date: 2018-11-27 21:43:58 UTC ( 3 months, 3 weeks ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_70% (D) 20181022
Cylance Unsafe 20181127
Endgame malicious (moderate confidence) 20181108
Sophos ML heuristic 20181108
Palo Alto Networks (Known Signatures) generic.ml 20181127
Trapmine suspicious.low.ml.score 20181126
Ad-Aware 20181127
AegisLab 20181127
AhnLab-V3 20181127
Alibaba 20180921
ALYac 20181127
Antiy-AVL 20181127
Arcabit 20181127
Avast 20181128
Avast-Mobile 20181127
AVG 20181128
Avira (no cloud) 20181127
Babable 20180918
Baidu 20181127
BitDefender 20181127
Bkav 20181127
CAT-QuickHeal 20181127
ClamAV 20181127
CMC 20181127
Comodo 20181127
Cybereason 20180225
Cyren 20181127
DrWeb 20181127
eGambit 20181127
Emsisoft 20181127
ESET-NOD32 20181127
F-Prot 20181127
F-Secure 20181127
Fortinet 20181127
GData 20181127
Ikarus 20181127
Jiangmin 20181127
K7AntiVirus 20181127
K7GW 20181127
Kaspersky 20181127
Kingsoft 20181127
Malwarebytes 20181127
MAX 20181127
McAfee 20181127
McAfee-GW-Edition 20181127
Microsoft 20181127
eScan 20181127
NANO-Antivirus 20181127
Panda 20181127
Qihoo-360 20181127
Rising 20181127
SentinelOne (Static ML) 20181011
Sophos AV 20181127
SUPERAntiSpyware 20181121
Symantec 20181127
Symantec Mobile Insight 20181121
TACHYON 20181127
Tencent 20181127
TheHacker 20181126
TotalDefense 20181127
TrendMicro 20181127
TrendMicro-HouseCall 20181127
Trustlook 20181127
VBA32 20181127
VIPRE 20181127
ViRobot 20181127
Webroot 20181127
Yandex 20181127
Zillya 20181127
ZoneAlarm by Check Point 20181127
Zoner 20181127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-08-04 13:16:44
Entry Point 0x0000B377
Number of sections 4
PE sections
PE imports
EndPath
FillPath
StretchBlt
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
EnumTimeFormatsA
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
TlsGetValue
SetLastError
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
SetUnhandledExceptionFilter
GetSystemTimes
TerminateProcess
WriteConsoleA
FindAtomA
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetUserDefaultLCID
AddAtomW
IsValidLocale
GetProcAddress
GetFileType
TlsSetValue
CreateFileA
ExitProcess
GetLocaleInfoW
LeaveCriticalSection
GetLastError
LCMapStringW
FindFirstChangeNotificationA
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
WriteConsoleOutputCharacterW
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
GetMonitorInfoW
CreateWindowExA
LoadIconA
GetRegisteredRawInputDevices
SetParent
GetThreadDesktop
PeekMessageA
ScrollWindow
GetAltTabInfoW
SwitchDesktop
GetNextDlgGroupItem
GetRawInputDeviceInfoW
PE exports
Number of PE resources by type
RT_ICON 6
RT_DIALOG 1
RT_STRING 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
SERBIAN DEFAULT 12
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
7.0.0.0

LanguageCode
Unknown (457A)

FileFlagsMask
0x004f

ImageFileCharacteristics
Executable, Large address aware, 32-bit

CharacterSet
Unknown (A56B)

InitializedDataSize
440320

EntryPoint
0xb377

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2018, uecijxkejve

FileVersion
1.6.6.1

TimeStamp
2017:08:04 14:16:44+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
uyonamro

ProductVersion
1.4.2.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Unknown (0x40534)

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
122368

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4de5f05bbdf2465ac1432accf2664a07
SHA1 0f176b9e895c2a64757b9ccdd4752c11f02a8ec6
SHA256 82185c1c160c92c8a0ca3dd98c5d7f692ec2a05e6511b7fff66844ec7c8d4a84
ssdeep
6144:Bdkfo/wpeG5LXxJrH1TZvmdQmYDn6avYKruu1Dz4e:XkA/wVBBJbv2Q1eU4e

authentihash 12a9ad73aab18b2fe6c8676d6b1eb9997f2155d946345a492fceee0e8343d557
imphash 4d3fe94b543009bf7aefb562cdc66f90
File size 393.0 KB ( 402432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-27 21:43:58 UTC ( 3 months, 3 weeks ago )
Last submission 2019-02-26 10:24:54 UTC ( 3 weeks, 5 days ago )
File names 82185c1c160c92c8a0ca3dd98c5d7f692ec2a05e6511b7fff66844ec7c8d4a84_t.exe
t.exe
DeviceManager.exe
4de5f05bbdf2465ac1432accf2664a07
4de5f05bbdf2465ac1432accf2664a07
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs