× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 823cd0b80046d97114b70251a1c78cb83b80a692acb15ef1511379c722977102
File name: a.exe_
Detection ratio: 55 / 68
Analysis date: 2018-09-08 03:55:52 UTC ( 8 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.30857244 20180908
AegisLab Uds.Dangerousobject.Multi!c 20180908
AhnLab-V3 Win-Trojan/Gandcrab01.Exp 20180907
ALYac Trojan.GenericKD.30857244 20180908
Antiy-AVL Trojan[Ransom]/Win32.GandCrypt 20180906
Arcabit Trojan.Generic.D1D6D81C 20180908
Avast Win32:MalwareX-gen [Trj] 20180908
AVG Win32:MalwareX-gen [Trj] 20180908
Avira (no cloud) HEUR/AGEN.1033750 20180907
AVware Trojan.Win32.Generic!BT 20180908
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9886 20180906
BitDefender Trojan.GenericKD.30857244 20180908
CAT-QuickHeal Trojan.Emotet.NI5 20180907
ClamAV Win.Packer.Crypter-6539596-1 20180908
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cylance Unsafe 20180908
Cyren W32/S-97c363a1!Eldorado 20180908
DrWeb Trojan.PWS.Panda.13454 20180907
Emsisoft Trojan.GenericKD.30857244 (B) 20180908
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of Win32/Kryptik.GGZS 20180908
F-Prot W32/S-97c363a1!Eldorado 20180908
F-Secure Trojan.GenericKD.30857244 20180908
Fortinet W32/Kryptik.GGPW!tr 20180908
GData Trojan.GenericKD.30857244 20180908
Ikarus Trojan.Win32.Agent 20180907
Sophos ML heuristic 20180717
Jiangmin TrojanDownloader.Upatre.ajgj 20180908
K7AntiVirus Trojan ( 005327ac1 ) 20180907
K7GW Trojan ( 005327ac1 ) 20180907
Kaspersky HEUR:Trojan.Win32.Generic 20180908
Malwarebytes Trojan.MalPack 20180908
MAX malware (ai score=94) 20180908
McAfee RDN/Generic.grp 20180908
McAfee-GW-Edition BehavesLike.Win32.Generic.dc 20180908
Microsoft Trojan:Win32/Occamy.C 20180908
eScan Trojan.GenericKD.30857244 20180908
NANO-Antivirus Trojan.Win32.Panda.fcmrrb 20180908
Palo Alto Networks (Known Signatures) generic.ml 20180908
Panda Trj/Genetic.gen 20180907
Qihoo-360 Win32/Trojan.ebc 20180908
Rising Trojan.Kryptik!1.B28B (CLOUD) 20180908
SentinelOne (Static ML) static engine - malicious 20180830
Sophos AV Mal/GandCrab-B 20180908
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20180907
Symantec Packed.Generic.525 20180907
Tencent Win32.Trojan.Chapak.Svhb 20180908
TrendMicro TROJ_GEN.R020C0OEO18 20180908
TrendMicro-HouseCall Ransom_GANDCRAB.SMD4 20180908
VBA32 BScope.Trojan.Encoder 20180907
VIPRE Trojan.Win32.Generic!BT 20180908
Webroot W32.Trojan.Gen 20180908
Yandex Trojan.DL.Upatre! 20180906
Zillya Backdoor.Mokes.Win32.1206 20180907
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20180908
Alibaba 20180713
Avast-Mobile 20180908
Babable 20180907
Bkav 20180906
CMC 20180907
Comodo 20180908
Cybereason 20180225
eGambit 20180908
Kingsoft 20180908
Symantec Mobile Insight 20180905
TACHYON 20180908
TheHacker 20180907
TotalDefense 20180907
Trustlook 20180908
ViRobot 20180908
Zoner 20180907
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-05-22 18:58:46
Entry Point 0x00007355
Number of sections 6
PE sections
PE imports
StretchBlt
PathToRegion
ResetDCA
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
GetModuleFileNameW
GetConsoleCP
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetOEMCP
VirtualProtect
FlushFileBuffers
LoadLibraryA
FlushViewOfFile
RtlUnwind
GetModuleFileNameA
FreeLibrary
GetStdHandle
SetStdHandle
DeleteCriticalSection
WaitForSingleObjectEx
GetStartupInfoW
GetFileType
GetConsoleMode
GetStringTypeW
LocalAlloc
GetUserDefaultLCID
EnumSystemLocalesW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
SetCommMask
MultiByteToWideChar
SetFileShortNameA
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetLocaleInfoW
ExitProcess
WriteFile
GetTempPathA
RaiseException
WideCharToMultiByte
MapViewOfFile
TlsFree
GetEnvironmentStringsW
FindFirstFileExA
SetUnhandledExceptionFilter
LoadLibraryExW
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
SetThreadContext
SetConsoleCP
TerminateProcess
CreateEventW
ResetEvent
GetModuleHandleExW
IsValidCodePage
SetConsoleMode
GetDefaultCommConfigW
CreateFileW
FindClose
TlsGetValue
SetLastError
TlsSetValue
HeapAlloc
GetCurrentThreadId
GetProcessHeap
GetCurrentProcessId
WriteConsoleW
LeaveCriticalSection
TransparentBlt
Number of PE resources by type
RT_ICON 2
RT_STRING 2
HGTXMK 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
304640

ImageVersion
0.0

FileVersionNumber
2.0.4.0

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

LinkerVersion
14.0

EntryPoint
0x7355

MIMEType
application/octet-stream

TimeStamp
2018:05:22 19:58:46+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
121856

FileSubtype
0

ProductVersionNumber
2.0.4.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c14b855563053434562e59382f591063
SHA1 979330f8b13cd39394d68b60376effc591b0d9f4
SHA256 823cd0b80046d97114b70251a1c78cb83b80a692acb15ef1511379c722977102
ssdeep
6144:ylZYXkZs1YlVM0ufAOjMDnOazvAm6WqABTx:ylZYXkZnkfinOABTx

authentihash 3a173e36bf2fa7e0381045c79ec525cc1ce7aeed2f1ebb6443e099e880d55adb
imphash f8aae456092c82288d20681bf5d28722
File size 287.5 KB ( 294400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe

VirusTotal metadata
First submission 2018-05-23 04:27:08 UTC ( 12 months ago )
Last submission 2018-05-23 05:52:19 UTC ( 12 months ago )
File names 1aqkyfidydepiemfufuzy.exe
a.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs