× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 82be2cc5bd57ff2ddc2c0e9ea111db92e9e654769f50af420b703ae7b3b4b26f
File name: d323ba6cae9d15e4e631b83717fd9e2c.virus
Detection ratio: 38 / 68
Analysis date: 2017-12-18 13:23:59 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.269945 20171218
AhnLab-V3 Malware/Win32.Generic.C2299898 20171218
ALYac Gen:Variant.Zusy.269945 20171218
Arcabit Trojan.Zusy.D41E79 20171218
Avast Win32:Malware-gen 20171218
AVG Win32:Malware-gen 20171218
Avira (no cloud) TR/AD.Inject.ysgpt 20171218
AVware Trojan.Win32.Generic!BT 20171218
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9861 20171218
BitDefender Gen:Variant.Zusy.269945 20171218
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20171016
Cylance Unsafe 20171218
Cyren W32/Trojan.RJHW-4161 20171218
DrWeb Trojan.Trick.45216 20171218
Emsisoft Gen:Variant.Zusy.269945 (B) 20171218
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/GenKryptik.BIVA 20171218
F-Secure Gen:Variant.Zusy.269945 20171218
Fortinet W32/Kryptik.EDXJ!tr 20171218
GData Win32.Trojan-Spy.Trickbot.I 20171218
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 00520a6e1 ) 20171218
K7GW Trojan ( 00520a6e1 ) 20171218
Malwarebytes Trojan.Injector 20171218
MAX malware (ai score=85) 20171218
McAfee Artemis!D323BA6CAE9D 20171218
McAfee-GW-Edition BehavesLike.Win32.Dropper.gc 20171218
Microsoft Ransom:Win32/HydraCrypt.B 20171218
eScan Gen:Variant.Zusy.269945 20171218
Palo Alto Networks (Known Signatures) generic.ml 20171218
Qihoo-360 HEUR/QVM20.1.ED87.Malware.Gen 20171218
SentinelOne (Static ML) static engine - malicious 20171207
Sophos AV Mal/Generic-S 20171218
Symantec Trojan.Gen.2 20171218
TrendMicro-HouseCall TROJ_GEN.R032H0CLG17 20171218
VIPRE Trojan.Win32.Generic!BT 20171218
Webroot W32.Trojan.Gen 20171218
WhiteArmor Malware.HighConfidence 20171204
AegisLab 20171218
Alibaba 20171218
Antiy-AVL 20171218
Avast-Mobile 20171218
Bkav 20171218
CAT-QuickHeal 20171218
ClamAV 20171218
CMC 20171218
Comodo 20171218
Cybereason 20171103
eGambit 20171218
F-Prot 20171218
Ikarus 20171218
Jiangmin 20171218
Kaspersky 20171218
Kingsoft 20171218
NANO-Antivirus 20171218
nProtect 20171218
Panda 20171217
Rising 20171218
SUPERAntiSpyware 20171218
Symantec Mobile Insight 20171215
Tencent 20171218
TheHacker 20171210
TotalDefense 20171218
TrendMicro 20171218
Trustlook 20171218
VBA32 20171218
ViRobot 20171218
Yandex 20171216
Zillya 20171217
ZoneAlarm by Check Point 20171218
Zoner 20171218
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-01-09 20:46:22
Entry Point 0x0001CDD0
Number of sections 4
PE sections
PE imports
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
HeapAlloc
GetStartupInfoA
HeapFree
WideCharToMultiByte
UnmapViewOfFile
GetModuleHandleA
lstrcatA
GetLastError
GetCurrentDirectoryA
ExitProcess
CreateFileA
GetCommandLineA
SleepEx
GetProcessHeap
SetFocus
GetMessageA
TranslateAcceleratorA
UpdateWindow
GetScrollRange
BeginPaint
SetCaretPos
PostQuitMessage
DefWindowProcA
FindWindowA
LoadBitmapA
SetClipboardViewer
RemoveMenu
SendDlgItemMessageA
SetScrollRange
DispatchMessageA
EndPaint
SetCapture
MoveWindow
MessageBoxA
TranslateMessage
GetDC
RegisterClassExA
ReleaseDC
RemovePropA
LoadStringA
ShowWindow
IsWindowVisible
SendMessageA
GetClientRect
SetTimer
IsWindow
ScreenToClient
wsprintfA
CreateWindowExA
LoadCursorA
LoadIconA
FillRect
GetDesktopWindow
CallWindowProcA
GetClassNameA
ScrollWindow
SetCursor
DestroyWindow
Number of PE resources by type
RT_BITMAP 3
RT_STRING 2
RT_ACCELERATOR 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
FINNISH DEFAULT 5
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.0.2.18

LanguageCode
Spanish (Castilian)

FileFlagsMask
0x0000

FileDescription
WrapperExt4 1.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unknown (08E0)

InitializedDataSize
311296

EntryPoint
0x1cdd0

OriginalFileName
ext4.ex

MIMEType
application/octet-stream

LegalCopyright
NewGonzo Corporation. All rights reserv

FileVersion
3.1.2.11 (win7_rtm.031017-190)

TimeStamp
2017:01:09 21:46:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ext4

ProductVersion
3.0.2.18

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NewGonzo Corporation

CodeSize
163840

ProductName
NewGonzo OperatingN

ProductVersionNumber
3.0.2.18

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 d323ba6cae9d15e4e631b83717fd9e2c
SHA1 ebb71720fed24eba3e8503c4334af85519a12e0e
SHA256 82be2cc5bd57ff2ddc2c0e9ea111db92e9e654769f50af420b703ae7b3b4b26f
ssdeep
12288:zfIV7mNGWl9onM7pibkWib5PYWPZbv642hn:zfIVyND7AQyWb

authentihash 6b09b1bab07dd45bc42cfcd9ed5c600fdb7822b36b9df2d0063b62356cd12f7e
imphash bfb5bbec151624e8c514155597521e29
File size 468.0 KB ( 479232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-18 13:23:59 UTC ( 1 year, 3 months ago )
Last submission 2017-12-18 13:23:59 UTC ( 1 year, 3 months ago )
File names 1024-ebb71720fed24eba3e8503c4334af85519a12e0e
d323ba6cae9d15e4e631b83717fd9e2c.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Searched windows
Runtime DLLs
UDP communications